Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

netstat output question
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
Stalione
Guru
Guru


Joined: 21 Apr 2002
Posts: 335
PostPosted: Wed Jul 16, 2003 4:29 pm    Post subject: netstat output question Reply with quote
Hi,
I am trying to figure out how netstat command figures out what daemon is listening on a particular port. Initially I thought it was refrencing the /etc/service file but that does not seems to be the case. here is a sample output from my systems netstat command
Code:

rooster root # netstat -alnp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address         Foreign Address       State       PID/Program name
tcp      0      0 0.0.0.0:901         0.0.0.0:*            LISTEN      1085/xinetd
tcp      0      0 0.0.0.0:3306      0.0.0.0:*            LISTEN      750/
tcp      0      0 0.0.0.0:139         0.0.0.0:*            LISTEN      998/smbd
tcp      0      0 0.0.0.0:8080      0.0.0.0:*            LISTEN      854/
tcp      0      0 0.0.0.0:80         0.0.0.0:*            LISTEN      755/apache2
tcp      0      0 0.0.0.0:8081      0.0.0.0:*            LISTEN      817/
tcp      0      0 0.0.0.0:21         0.0.0.0:*            LISTEN      967/
tcp      0      0 0.0.0.0:22         0.0.0.0:*            LISTEN      1031/sshd
tcp      0      0 0.0.0.0:443         0.0.0.0:*            LISTEN      755/apache2


I am trying to figure out how does it figure out the PID/Program part of the output. Actually what Im really trying to figure out is why doesn't it list mysql, proftpd etc as PID/Program for ports 3306 and 21 respectively. Any ideas??
Back to top
View user's profile Send private message
Stalione
Guru
Guru


Joined: 21 Apr 2002
Posts: 335
PostPosted: Wed Jul 16, 2003 7:03 pm    Post subject: Reply with quote
Does anyone know where can I find the source code to netstat? I know in Gentoo its part of some other package, is it bind-tools?
Back to top
View user's profile Send private message
paranode
l33t
l33t


Joined: 06 Mar 2003
Posts: 679
Location: Texas
PostPosted: Wed Jul 16, 2003 7:45 pm    Post subject: Reply with quote
Not sure of the answer to your original question, but netstat is part of sys-apps/net-tools.
_________________
Meh.
Back to top
View user's profile Send private message
devon
l33t
l33t


Joined: 23 Jun 2003
Posts: 943
PostPosted: Wed Jul 16, 2003 10:23 pm    Post subject: Reply with quote
I believe it is because a child process of the main program made the inet socket... Just a theory though. :)
Code:
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      26681/
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      16489/httpd
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      26321/xinetd
tcp        0      0 0.0.0.0:13782           0.0.0.0:*               LISTEN      26321/xinetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      462/sshd
tcp        0      0 0.0.0.0:13783           0.0.0.0:*               LISTEN      26321/xinetd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      547/
tcp        0      0 0.0.0.0:13722           0.0.0.0:*               LISTEN      26321/xinetd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      16489/httpd
tcp        0      0 0.0.0.0:13724           0.0.0.0:*               LISTEN      26321/xinetd


Code:
# pstree -p
init(1)-+-atd(625)
        |-bdflush(5)
        |-crond(26377)
        |-httpd(16489)-+-httpd(20828)
        |              |-httpd(22546)
        |              |-httpd(22579)
        |              |-httpd(22584)
        |              |-httpd(22589)
        |              |-httpd(28462)
        |              |-httpd(30898)
        |              `-httpd(31697)
        |-keventd(2)
        |-khubd(68)
        |-kjournald(16)
        |-kjournald(161)
        |-klogd(441)
        |-ksoftirqd_CPU0(3)
        |-kswapd(4)
        |-kupdated(6)
        |-mdrecoveryd(7)
        |-mingetty(675)
        |-mingetty(676)
        |-mingetty(677)
        |-mingetty(678)
        |-mingetty(679)
        |-mingetty(680)
        |-ntpd(488)
        |-safe_mysqld(26624)---mysqld(26681)---mysqld(26683)---mysqld(26684)
        |-scsi_eh_0(13)
        |-sendmail(547)
        |-sendmail(557)
        |-sshd(462)-+-sshd(18947)---bash(18951)
        |           `-sshd(27660)---sshd(27664)---bash(27665)---su(1449)---bash(1450)---pstree(1639)
        |-syslogd(437)
        |-xfs(607)
        `-xinetd(26321)
Back to top
View user's profile Send private message
Stalione
Guru
Guru


Joined: 21 Apr 2002
Posts: 335
PostPosted: Thu Jul 17, 2003 5:25 pm    Post subject: Reply with quote
Looks like you are starting ftp and some other services using xinetd. So that makes sense for netstat to display xinetd under PID/Program name for those services. But mysql is started directly and not via xinetd... I have a feeling my answer lies in the source code.
Back to top
View user's profile Send private message
nerdbert
l33t
l33t


Joined: 09 Feb 2003
Posts: 981
Location: Berlin
PostPosted: Thu Jul 17, 2003 6:53 pm    Post subject: Reply with quote
have you tried
Code:

lsof | grep netstat


while running netstat? Maybe this gives some relevant hints.
Back to top
View user's profile Send private message
Stalione
Guru
Guru


Joined: 21 Apr 2002
Posts: 335
PostPosted: Fri Dec 19, 2003 5:09 pm    Post subject: Reply with quote
Although I still have not found an answer to my original question (i never got around to looking at the source code) but I came across something that I think is handy. Currently I am running gnump3d on port 8080 and elogd on port 8081. Doing a netstat -al tells me that on those ports I have (only relevant section showed):
Code:

tcp        0      0 *:webcache               *:*                     LISTEN
tcp        0      0 *:tproxy                 *:*                     LISTEN


This is a bit misleading since I am not running those services. Turns out that this info is pulled from /etc/services file. I simply edited the relevant section:
Code:

#webcache       8080/tcp                       # WWW caching service
gnump3d         8080/tcp                       
gnump3d         8080/udp                     
#webcache       8080/udp                      # WWW caching service
#tproxy         8081/tcp                       # Transparent Proxy
elogd           8081/tcp                       
#proxy          8081/udp                      # Transparent Proxy
elogd           8081/udp                     


after saving the changes the output of netstat -al is :
Code:

tcp        0      0 *:gnump3d               *:*                     LISTEN
tcp        0      0 *:elogd                 *:*                     LISTEN


Nothing major...just makes for a nicer and more accurate output.
Also check out the IANA port listing for ports not listed in /etc/services
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy