Re: Mapping of ports to processes - Networking

This is a discussion on Re: Mapping of ports to processes - Networking ; Bit Twister writes: > On Mon, 21 May 2007 23:12:21 -0400, Randy Yates wrote: >> >> How do I find out who handles http://localhost:631 ? > > Maybe this would help > # netstat -anp | grep 631 > tcp ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Re: Mapping of ports to processes

  1. Re: Mapping of ports to processes

    Bit Twister writes:

    > On Mon, 21 May 2007 23:12:21 -0400, Randy Yates wrote:
    >>
    >> How do I find out who handles http://localhost:631 ?

    >
    > Maybe this would help
    > # netstat -anp | grep 631
    > tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 3211/cupsd
    > tcp 0 0 :::631 :::* LISTEN 3211/cupsd
    > udp 0 0 0.0.0.0:631 0.0.0.0:* 3211/cupsd


    Thanks for that! But as so often happens, the answer to this question
    brings up more questions.

    I'm trying to parse the following output and I have a few questions. I'm
    sure they're basic, so if this is in a FAQ somewhere I'd gladly receive
    a pointer. Also note that I've cross-posted to comp.os.linux.networking.

    [root@localhost yates]# netstat -utapnv
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2636/hpiod
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2370/portmap
    tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2705/sendmail: acce
    tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 2641/python
    tcp 0 0 :::3690 :::* LISTEN 3028/svnserve
    tcp 0 0 :::80 :::* LISTEN 2066/httpd
    tcp 0 0 ::1:631 :::* LISTEN 4660/cupsd
    tcp 0 0 :::443 :::* LISTEN 2066/httpd
    tcp 0 0 :::44444 :::* LISTEN 2671/sshd
    tcp 0 0 ::1:631 ::1:56969 ESTABLISHED 4660/cupsd
    tcp 0 0 ::1:56969 ::1:631 ESTABLISHED 3321/eggcups
    udp 0 0 0.0.0.0:32768 0.0.0.0:* 2838/avahi-daemon:
    udp 0 0 0.0.0.0:68 0.0.0.0:* 2240/dhclient
    udp 0 0 0.0.0.0:5353 0.0.0.0:* 2838/avahi-daemon:
    udp 0 0 0.0.0.0:111 0.0.0.0:* 2370/portmap
    udp 0 0 0.0.0.0:631 0.0.0.0:* 4660/cupsd
    udp 0 0 172.16.65.1:123 0.0.0.0:* 2685/ntpd
    udp 0 0 172.16.64.1:123 0.0.0.0:* 2685/ntpd
    udp 0 0 192.168.1.104:123 0.0.0.0:* 2685/ntpd
    udp 0 0 127.0.0.1:123 0.0.0.0:* 2685/ntpd
    udp 0 0 0.0.0.0:123 0.0.0.0:* 2685/ntpd
    udp 0 0 :::32769 :::* 2838/avahi-daemon:
    udp 0 0 :::5353 :::* 2838/avahi-daemon:
    udp 0 0 fe80::250:56ff:fec0:1:123 :::* 2685/ntpd
    udp 0 0 fe80::250:56ff:fec0:8:123 :::* 2685/ntpd
    udp 0 0 fe80::211:5bff:fe43:123 :::* 2685/ntpd
    udp 0 0 ::1:123 :::* 2685/ntpd
    udp 0 0 :::123 :::* 2685/ntpd

    This output and the netstat manpage evoke the following questions (which I
    couldn't find answered in the manpage):

    1. What does the syntax "::1:631" denote? Is this an IP address to
    port 631?

    2. What does the :::* syntax denote? I think it may mean that there is
    no connection at the other end. Similarly for 0.0.0.0:*

    3. What does the syntax "0.0.0.0:32768" denote? I presume 0.0.0.0 is
    an IP address, but what is the significance of this address?

    4. How can the local address be 172.16.65.1:123??? This is neither a
    local subnet (192.168.1.255) nor the address of my router. How can
    the "local address" be an address somewhere else???

    5. What's the difference between a port and a socket?

    If anyone could provide precise answers to these questions, I believe
    my understanding would grow considerably, and I would be thankful.
    --
    % Randy Yates % "Rollin' and riding and slippin' and
    %% Fuquay-Varina, NC % sliding, it's magic."
    %%% 919-577-9882 %
    %%%% % 'Living' Thing', *A New World Record*, ELO
    http://home.earthlink.net/~yatescr

  2. Re: Mapping of ports to processes

    I demand that Randy Yates may or may not have written...

    [snip]
    > This output and the netstat manpage evoke the following questions (which I
    > couldn't find answered in the manpage):


    > 1. What does the syntax "::1:631" denote? Is this an IP address to
    > port 631?


    "::1" is the IPv6 address corresponding to localhost.

    > 2. What does the :::* syntax denote? I think it may mean that there is
    > no connection at the other end. Similarly for 0.0.0.0:*


    No. Listening on all interfaces.

    [snip]
    > 4. How can the local address be 172.16.65.1:123??? This is neither a
    > local subnet (192.168.1.255) nor the address of my router. How can
    > the "local address" be an address somewhere else???


    Presumably, you have another local network interface on that machine.

    > 5. What's the difference between a port and a socket?


    Well... sockets use ports, but can use other things (named pipes, for one)
    instead...

    --
    | Darren Salt | linux or ds at | nr. Ashington, | Toon
    | RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
    | + Buy local produce. Try to walk or cycle. TRANSPORT CAUSES GLOBAL WARMING.

    Check again to make sure it's not loaded.

  3. Re: Mapping of ports to processes

    Darren Salt writes:

    > I demand that Randy Yates may or may not have written...
    >
    > [snip]
    >> This output and the netstat manpage evoke the following questions (which I
    >> couldn't find answered in the manpage):

    >
    >> 1. What does the syntax "::1:631" denote? Is this an IP address to
    >> port 631?

    >
    > "::1" is the IPv6 address corresponding to localhost.


    So what is the difference between the ::: syntax and standard dotted quad?
    They must means something different since they're both used in netstat
    output.

    >> 4. How can the local address be 172.16.65.1:123??? This is neither a
    >> local subnet (192.168.1.255) nor the address of my router. How can
    >> the "local address" be an address somewhere else???

    >
    > Presumably, you have another local network interface on that machine.


    You know, I think this may be the virtual network interface that VMWare
    created for my virtual machine. So I was wrong - it IS a local subnet.

    >> 5. What's the difference between a port and a socket?

    >
    > Well... sockets use ports, but can use other things (named pipes, for one)
    > instead...


    So a socket is a generic system interface between two customers (client/server,
    typically) that can utilize TCP or UDP ports in specific instantiations?

    Thanks for the answers, Darren.
    --
    % Randy Yates % "Remember the good old 1980's, when
    %% Fuquay-Varina, NC % things were so uncomplicated?"
    %%% 919-577-9882 % 'Ticket To The Moon'
    %%%% % *Time*, Electric Light Orchestra
    http://home.earthlink.net/~yatescr

  4. Re: Mapping of ports to processes

    Randy Yates did eloquently scribble:
    > Darren Salt writes:


    >> I demand that Randy Yates may or may not have written...
    >>
    >> [snip]
    >>> This output and the netstat manpage evoke the following questions (which I
    >>> couldn't find answered in the manpage):

    >>
    >>> 1. What does the syntax "::1:631" denote? Is this an IP address to
    >>> port 631?

    >>
    >> "::1" is the IPv6 address corresponding to localhost.


    > So what is the difference between the ::: syntax and standard dotted quad?
    > They must means something different since they're both used in netstat
    > output.


    dotted quad is ipv4, 32 bits long
    maximum number of variations: . 4294967296
    (many of which are invalid addresses or reserved for local networks)

    colon seperated hex (up to 8, 4 digit hexadecimal numbers) is 128 bits long.
    maximum number... more than anyone is ever likely to need, unless we spread
    across the universe .

    >>> 4. How can the local address be 172.16.65.1:123??? This is neither a
    >>> local subnet (192.168.1.255) nor the address of my router. How can
    >>> the "local address" be an address somewhere else???

    >>
    >> Presumably, you have another local network interface on that machine.


    > You know, I think this may be the virtual network interface that VMWare
    > created for my virtual machine. So I was wrong - it IS a local subnet.


    there are 3 IP ranges in ipv4 reserved for private networks.
    192.168.x.x, 10.x.x.x and 172.16.x.x

    --
    | |What to do if you find yourself stuck in a crack|
    | spike1@freenet.co.uk |in the ground beneath a giant boulder, which you|
    | |can't move, with no hope of rescue. |
    |Andrew Halliwell BSc(hons)|Consider how lucky you are that life has been |
    | in |good to you so far... |
    | Computer Science | -The BOOK, Hitch-hiker's guide to the galaxy.|

  5. Re: Mapping of ports to processes

    Randy Yates wrote:

    >
    > So a socket is a generic system interface between two customers (client/server,
    > typically) that can utilize TCP or UDP ports in specific instantiations?
    >


    Sockets are/were a software abstraction..to allow programs to access
    network facilities via normal read() and write() functions.

    The port as such is part of the IP addressing space 4 bytes defines a
    machine, and further 2 byte number the port within it.

    > Thanks for the answers, Darren.


  6. Re: Mapping of ports to processes

    The Natural Philosopher writes:

    > Randy Yates wrote:
    >
    >> So a socket is a generic system interface between two customers
    >> (client/server,
    >> typically) that can utilize TCP or UDP ports in specific instantiations?
    >>

    >
    > Sockets are/were a software abstraction..to allow programs to access
    > network facilities via normal read() and write() functions.


    Apparently they're not just for network interfacing, are they?
    Otherwise why would you be able to bind them to named pipes? I'm
    assuming "named pipes" are a file-system-based communication
    interface, presumably between difference processes on the same
    system (so they don't have to use up network ports?). Am I thinking
    right?
    --
    % Randy Yates % "I met someone who looks alot like you,
    %% Fuquay-Varina, NC % she does the things you do,
    %%% 919-577-9882 % but she is an IBM."
    %%%% % 'Yours Truly, 2095', *Time*, ELO
    http://home.earthlink.net/~yatescr

  7. Re: Mapping of ports to processes

    I demand that Randy Yates may or may not have written...

    > Darren Salt writes:
    >> I demand that Randy Yates may or may not have written...
    >> [snip]
    >>> This output and the netstat manpage evoke the following questions
    >>> (which I couldn't find answered in the manpage):
    >>> 1. What does the syntax "::1:631" denote? Is this an IP address to
    >>> port 631?

    >> "::1" is the IPv6 address corresponding to localhost.


    > So what is the difference between the ::: syntax and standard dotted quad?
    > They must means something different since they're both used in netstat
    > output.


    One's used for IPv4, the other's used for IPv6. A direct equivalent of dotted
    quad for IPv6 would be a bit unwieldy...

    http://en.wikipedia.org/wiki/IPv6 (for example) has more information.

    [snip]
    >>> 5. What's the difference between a port and a socket?

    >> Well... sockets use ports, but can use other things (named pipes, for
    >> one) instead...


    > So a socket is a generic system interface between two customers
    > (client/server, typically) that can utilize TCP or UDP ports in specific
    > instantiations?


    That looks right to me.

    --
    | Darren Salt | linux or ds at | nr. Ashington, | Toon
    | RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
    | + Output *more* particulate pollutants. BUFFER AGAINST GLOBAL WARMING.

    File not found. I'll load something that *I* think is interesting.

  8. Re: Mapping of ports to processes

    Randy Yates wrote:
    > The Natural Philosopher writes:
    >
    >> Randy Yates wrote:
    >>
    >>> So a socket is a generic system interface between two customers
    >>> (client/server,
    >>> typically) that can utilize TCP or UDP ports in specific instantiations?
    >>>

    >> Sockets are/were a software abstraction..to allow programs to access
    >> network facilities via normal read() and write() functions.

    >
    > Apparently they're not just for network interfacing, are they?
    > Otherwise why would you be able to bind them to named pipes? I'm
    > assuming "named pipes" are a file-system-based communication
    > interface, presumably between difference processes on the same
    > system (so they don't have to use up network ports?). Am I thinking
    > right?


    My knowledge is rusty..the original berkeley sockets were very much a
    dreadful kludge hacked into the C library to more or less enable
    networking to work within the overall C style..IIRC system 5 setups did
    things differently..

    no doubt someone with better knowledge will pipe up with harder
    info..but sockets were a programmers INTERFACE to the network.

    Maybe named pipes are just a way of mimeing a 'network interface' so
    that you can 'network connect' to processes on the same machine and use
    the extant networking layers, rather than write inter-process comms in
    another way.



+ Reply to Thread