anyone interpret this line from netstat? - Security

This is a discussion on anyone interpret this line from netstat? - Security ; raw 65008 0 0.0.0.0:1 0.0.0.0:* 7 what protocol is raw? why so many bytes? where they coming from? nothing should listen on port 1, yes? what state is "7"? this kind of stuff bothers me man netstat shows no entry ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: anyone interpret this line from netstat?

  1. anyone interpret this line from netstat?

    raw 65008 0 0.0.0.0:1 0.0.0.0:* 7

    what protocol is raw?
    why so many bytes?
    where they coming from?
    nothing should listen on port 1, yes?
    what state is "7"?

    this kind of stuff bothers me
    man netstat shows no entry for state "7"

  2. Re: anyone interpret this line from netstat?

    "prodigal1" wrote in message
    news:120op7pjllnav6d@news.supernews.com

    > raw 65008 0 0.0.0.0:1 0.0.0.0:* 7
    >
    > what protocol is raw?
    > why so many bytes?
    > where they coming from?


    Why play guessing games? Add the -p option to identify the PID and see what
    is causing the socket.


  3. Re: anyone interpret this line from netstat?

    On Mon, 06 Mar 2006 12:27:28 -0800, ynotssor wrote:
    > Why play guessing games?

    cuz I'm still learning?
    > Add the -p option to identify the PID and see
    > what is causing the socket.

    thanks for the tip
    A service called "lisa" appears to listen for tcp on one port, udp on
    another and is listening for "raw" on port 1. I still don't know what
    state "7" is though.

  4. Re: anyone interpret this line from netstat?

    In comp.os.linux.security prodigal1 :
    > On Mon, 06 Mar 2006 12:27:28 -0800, ynotssor wrote:


    [ raw 65008 0 0.0.0.0:1 0.0.0.0:* 7 ]

    >> Add the -p option to identify the PID and see
    >> what is causing the socket.


    > thanks for the tip


    You could ease things up for people trying to answer if you
    include the full command with your initial question, not only the
    output.

    > A service called "lisa" appears to listen for tcp on one port, udp on
    > another and is listening for "raw" on port 1. I still don't know what
    > state "7" is though.


    A state of 7 isn't defined by the fine manual 'man netstat',
    probably as there are no states in raw mode at all.

    See netstat source and/or debug if still curious about the "7".

    Hint:
    man 7 raw

    Good luck

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 84: Someone is standing on the ethernet cable,
    causing a kink in the cable

  5. Re: anyone interpret this line from netstat?

    Michael Heiming wrote:

    > You could ease things up for people trying to answer if you
    > include the full command with your initial question, not only the
    > output.


    fair enough, it was netstat -an

    > A state of 7 isn't defined by the fine manual 'man netstat',
    > probably as there are no states in raw mode at all.


    which intriques me further
    why would netstat produce output of any kind for state if there is no
    state in raw mode at all?

    > See netstat source and/or debug if still curious about the "7".
    >
    > Hint:
    > man 7 raw

    produces no entry,
    but man raw was interesting reading!
    thanks for the response

  6. Re: anyone interpret this line from netstat?

    In comp.os.linux.security prodigal1 :
    > Michael Heiming wrote:

    [..]

    >> A state of 7 isn't defined by the fine manual 'man netstat',
    >> probably as there are no states in raw mode at all.


    > which intriques me further
    > why would netstat produce output of any kind for state if there is no
    > state in raw mode at all?


    [x] read source code.

    You just can't expect someone to know any line of any code
    written for Linux.

    >> See netstat source and/or debug if still curious about the "7".
    >>
    >> Hint:
    >> man 7 raw


    > produces no entry,
    > but man raw was interesting reading!
    > thanks for the response


    Glad to hear you could open the man page even if it doesn't seem
    to be in man7 on your box.

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 231: We had to turn off that service to comply
    with the CDA Bill.

  7. Re: anyone interpret this line from netstat?


    or look in any good TCP programming book - state 7 TCP_CLOSE

    Michael Heiming wrote:
    > In comp.os.linux.security prodigal1 :
    > > Michael Heiming wrote:

    > [..]
    >
    > >> A state of 7 isn't defined by the fine manual 'man netstat',
    > >> probably as there are no states in raw mode at all.

    >
    > > which intriques me further
    > > why would netstat produce output of any kind for state if there is no
    > > state in raw mode at all?

    >
    > [x] read source code.
    >
    > You just can't expect someone to know any line of any code
    > written for Linux.
    >
    > >> See netstat source and/or debug if still curious about the "7".
    > >>
    > >> Hint:
    > >> man 7 raw

    >
    > > produces no entry,
    > > but man raw was interesting reading!
    > > thanks for the response

    >
    > Glad to hear you could open the man page even if it doesn't seem
    > to be in man7 on your box.
    >
    > --
    > Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    > mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    > #bofh excuse 231: We had to turn off that service to comply
    > with the CDA Bill.



  8. Re: anyone interpret this line from netstat?

    smarkham01@comcast.net wrote:
    >
    > or look in any good TCP programming book - state 7 TCP_CLOSE


    ....except the protocol was "RAW" not TCP. Did you even read the thread?
    BTW *DON'T* top post!

    James
    --
    What on earth would a man do with himself if something did not stand in his
    way?
    -- H.G. Wells


  9. Re: anyone interpret this line from netstat?

    Yes, I read the thread - you didn't read the book. It discusses RAW.
    Like nature, I let mine fall on the top. If it bothere you, read
    elsewhere..


  10. Re: anyone interpret this line from netstat?

    Why haven't you read the book? Let's see -

    RAW, a way of directly accessing ip sockets;
    State - RAW has no state;
    UDP - seldom has a state (imagine that!);
    TCP - has a STATE!!!
    Now guess what state 7 is, better yet read the book and worry less
    about where the post is.


  11. Re: anyone interpret this line from netstat?

    Why haven't you read the book? Let's see -

    RAW, a way of directly accessing ip sockets;
    State - RAW has no state;
    UDP - seldom has a state (imagine that!);
    TCP - has a STATE!!!
    Now guess what state 7 is, better yet read the book and worry less
    about where the post is.

    smarkha...@comcast.net wrote:

    > or look in any good TCP programming book - state 7 TCP_CLOSE


    ....except the protocol was "RAW" not TCP. Did you even read the
    thread?
    BTW *DON'T* top post!

    James
    --
    What on earth would a man do with himself if something did not stand in
    his
    way?
    -- H.G. Wells


+ Reply to Thread