Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: pabs on February 25, 2005, 04:16:30 PM
-
Hi all,
could someone please let me know if i should be concerned --- when i check netstat this is what i see
tcp 0 0 localhost:32772 localhost:32771 ESTABLISHED
tcp 0 0 localhost:32771 localhost:32772 ESTABLISHED
tcp 0 0 localhost:32774 localhost:32773 ESTABLISHED
tcp 0 0 localhost:32773 localhost:32774 ESTABLISHED
tcp 0 0 localhost:32776 localhost:32775 ESTABLISHED
tcp 0 0 localhost:32775 localhost:32776 ESTABLISHED
tcp 0 0 localhost:32778 localhost:32777 ESTABLISHED
tcp 0 0 localhost:32777 localhost:32778 ESTABLISHED
tcp 0 0 localhost:32780 localhost:32779 ESTABLISHED
tcp 0 0 localhost:32779 localhost:32780 ESTABLISHED
tcp 0 0 localhost:32782 localhost:32781 ESTABLISHED
tcp 0 0 localhost:32781 localhost:32782 ESTABLISHED
It's been like this for awhile now, this doesn't look normal to me.
Any thoughts?
Thanks for the Help :-)
-
Do a 'netstat -an' to see if your system is actually listening on that port, or use nmap from an outside box.
Also:
'fuser -n tcp 32772'
then check the 'ps' listing for the pid that is returned.
I believe this is a xinetd port.
-
Thanks for the reply
sorry for the long paste here but this is what i get when i "netstat -an"
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:548 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:980 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32771 127.0.0.1:32772 ESTABLISHED
tcp 0 0 127.0.0.1:32774 127.0.0.1:32773 ESTABLISHED
tcp 0 0 127.0.0.1:32773 127.0.0.1:32774 ESTABLISHED
tcp 0 0 127.0.0.1:32776 127.0.0.1:32775 ESTABLISHED
tcp 0 0 127.0.0.1:32775 127.0.0.1:32776 ESTABLISHED
tcp 0 0 127.0.0.1:32778 127.0.0.1:32777 ESTABLISHED
tcp 0 0 127.0.0.1:32777 127.0.0.1:32778 ESTABLISHED
tcp 0 0 127.0.0.1:32780 127.0.0.1:32779 ESTABLISHED
tcp 0 0 127.0.0.1:32779 127.0.0.1:32780 ESTABLISHED
tcp 0 0 127.0.0.1:32782 127.0.0.1:32781 ESTABLISHED
tcp 0 0 127.0.0.1:32781 127.0.0.1:32782 ESTABLISHED
udp 0 0 0.0.0.0:32771 0.0.0.0:*
udp 0 0 192.168.1.1:137 0.0.0.0:*
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 192.168.1.1:138 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
udp 0 0 192.168.1.1:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:3130 0.0.0.0:*
udp 0 0 0.0.0.0:67 0.0.0.0:*
udp 5472 0 0.0.0.0:68 0.0.0.0:*
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 5186 /var/run/lprng
unix 2 [ ACC ] STREAM LISTENING 6039 /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 742 /var/lib/cvm/cvm-unix-local.socket
unix 2 [ ACC ] STREAM LISTENING 6182 /var/lib/clamav/clamd.sock
unix 14 [ ] DGRAM 893 /dev/log
unix 2 [ ] DGRAM 55051
unix 2 [ ] DGRAM 6370
unix 2 [ ] DGRAM 6369
unix 2 [ ] DGRAM 6002
unix 2 [ ] DGRAM 5991
unix 2 [ ] DGRAM 5536
unix 2 [ ] DGRAM 5293
unix 2 [ ] DGRAM 2205
unix 2 [ ] DGRAM 1983
unix 2 [ ] DGRAM 1928
unix 2 [ ] DGRAM 1118
unix 2 [ ] DGRAM 914
fuser -n tcp 32772 gives the following output:
32772/tcp: 2856
Then i "ps 2856"
PID TTY STAT TIME COMMAND
2856 ? S 0:13 (squid) -D
I'm not really familiar with all of these outputs, what should this be telling me?
Thanks Again
-
No worries, you're not listening on the outside and squid (The Proxy/Cache application) is the responsible for the connections.