Date: Fri, 6 Oct 2000 21:28:15 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Drew Derbyshire <software@kew.com> Cc: security@FreeBSD.ORG Subject: Re: sockstat (was Re: cvs commit: src/etc inetd.conf) Message-ID: <20001006212815.P25121@149.211.6.64.reflexcom.com> In-Reply-To: <002101c02f99$a04b6010$94cba8c0@hh.kew.com>; from software@kew.com on Fri, Oct 06, 2000 at 09:30:43AM -0400 References: <39D93044.8B0C4E69@ursine.com> <Pine.BSF.4.21.0010030332190.15413-100000@surreal.nl> <20001006153343.B232@ringwraith.office1.bg> <002101c02f99$a04b6010$94cba8c0@hh.kew.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 06, 2000 at 09:30:43AM -0400, Drew Derbyshire wrote: > > And to paraphrase an earlier comment by DES, > > "Funny way to say sockstat | fgrep '*.*'" :) > > Urp! > > sockstat seems to truncate port numbers on the FOREIGN ADDRESS under 4.1 > release ... > > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > postfix smtpd 44199 4 tcp4 *.25 *.* > root sshd 44004 4 tcp4 192.168.203.135.22 192.168.203.148.13 > socks socks5 43989 5 tcp4 192.168.203.135.10 *.* > socks socks5 43989 6 tcp4 192.168.203.135.10 192.168.203.145.10 > socks socks5 43989 7 tcp4 24.218.227.234.311 205.188.6.205.5190 > > Looking at netstat for the ssh connection: > > tcp4 0 36 192.168.203.135.22 192.168.203.148.1302 > ESTABLISHED It's not really a sockstat(1) limitation. The field truncation happens in netstat(1), % netstat -Aan Active Internet connections (including servers) Socket Proto Recv-Q Send-Q Local Address Foreign Address (state) c7c662e0 tcp4 0 0 64.6.211.149.3082 207.126.101.100.11 ESTABLISHED [snip] That second number is actually port 119. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001006212815.P25121>