Send Bristol mailing list submissions to
bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. What is using my ports! (Peter Hemmings)
2. Re: What is using my ports! (Jamie Lokier)
3. Re: What is using my ports! (Peter Hemmings)
4. Re: What is using my ports! (Tim-Philipp M?ller)
5. Re: What is using my ports! (Peter Hemmings)
6. Re: What is using my ports! (Alex Butcher)
7. Re: What is using my ports! (Alex Butcher)
----------------------------------------------------------------------
Message: 1
Date: Wed, 19 Aug 2015 17:18:50 +0100
From: Peter Hemmings <peter@hemmings.eclipse.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: [bristol] What is using my ports!
Message-ID: <55D4AC6A.8040309@hemmings.eclipse.co.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi,
I did a clean install of fc22 a few weeks ago and have not played with
any ports. I am now setting up local ssh and using this:
http://linuxconfig.org/how-to-install-start-and-connect-to-ssh-server-on-fedora-linux
When I have it running I get this as root user:
[root@study ~]# netstat -ant | grep 22
tcp 0 0 192.168.122.1:53 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp6 0 0 :::22 :::*
LISTEN
which is as I expect, but when doing it as user "peter" I get:
[peter@study ~]$ netstat -ant | grep 22
tcp 0 0 192.168.122.1:53 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp 0 0 192.168.0.2:22 192.168.0.2:36595
ESTABLISHED
tcp 0 0 192.168.0.2:36595 192.168.0.2:22
ESTABLISHED
tcp6 0 0 :::22 :::*
LISTEN
[peter@study ~]$
(where my local pc is on 192.168.0.2)
When I googled for port 36595 there is a mention of "speedtest" data!
How/why has it established this when I have not done anything!?
What is more important is to find what is using it and where it's
configured?
If you still have time, could somone point me to where the last 2 line
are explained!?
Thanks
Regards
--
Peter H
------------------------------
Message: 2
Date: Wed, 19 Aug 2015 19:05:26 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] What is using my ports!
Message-ID: <20150819180526.GG15567@jl-vm1.vm.bytemark.co.uk>
Content-Type: text/plain; charset=us-ascii
Peter Hemmings wrote:
> [root@study ~]# netstat -ant
> What is more important is to find what is using it and where it's
> configured?
Try 'netstat -antp' which shows the process name using the connection.
Best,
-- Jamie
------------------------------
Message: 3
Date: Wed, 19 Aug 2015 19:54:55 +0100
From: Peter Hemmings <peter@hemmings.eclipse.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] What is using my ports!
Message-ID: <55D4D0FF.7090602@hemmings.eclipse.co.uk>
Content-Type: text/plain; charset=windows-1252; format=flowed
On 19/08/15 19:05, Jamie Lokier wrote:
> Peter Hemmings wrote:
>> [root@study ~]# netstat -ant
>> What is more important is to find what is using it and where it's
>> configured?
>
> Try 'netstat -antp' which shows the process name using the connection.
Thanks, I should have RTFM or just guessed!
I can now see what is doing what, when I had thunderbird/firefox running
I could see them.
Strange thing is that I do not now have port 36595 in the list at all
(root or user):
[peter@study ~]$ sudo netstat -antp | grep 22
tcp 0 0 192.168.122.1:53 0.0.0.0:*
LISTEN 1378/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 3302/sshd
tcp6 0 0 :::22 :::*
LISTEN 3302/sshd
[peter@study ~]$
I did copy over my old home directory with hidden files so is it
possible that something leftover from "Speedtest" is opening a port?
I always thought that copying over a home directory could not affect
configuration of ports.
Anyway its not there now!
If I was clever, I assume I could write something to alert me to a port
3695 opening.
>
> Best,
> -- Jamie
>
> _______________________________________________
> Bristol mailing list
> Bristol@mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/bristol
>
Regards
--
Peter H
------------------------------
Message: 4
Date: Wed, 19 Aug 2015 21:09:34 +0100
From: Tim-Philipp M?ller <t.i.m@zen.co.uk>
To: bristol@mailman.lug.org.uk
Subject: Re: [bristol] What is using my ports!
Message-ID: <1440014974.2033.30.camel@zen.co.uk>
Content-Type: text/plain; charset="UTF-8"
On Wed, 2015-08-19 at 19:54 +0100, Peter Hemmings wrote:
Hi Peter,
> Strange thing is that I do not now have port 36595 in the list at all
> (root or user):
>
> [peter@study ~]$ sudo netstat -antp | grep 22
> tcp 0 0 192.168.122.1:53 0.0.0.0:*
> LISTEN 1378/dnsmasq
> tcp 0 0 0.0.0.0:22 0.0.0.0:*
> LISTEN 3302/sshd
> tcp6 0 0 :::22 :::*
> LISTEN 3302/sshd
> [peter@study ~]$
>
> I did copy over my old home directory with hidden files so is it
> possible that something leftover from "Speedtest" is opening a port?
>
> I always thought that copying over a home directory could not affect
> configuration of ports.
The "port 36595" thing most likely has nothing to do with "Speedtest". A
TCP connection usually has an origin address + port and a destination
address + port, and when an application says 'connect to xyz:22' the
origin port is usually chosen randomly by the network stack since it's
usually not important. So the number 36595 was most likely just a random
number, and next time you use ssh it will be a different number. You're
seeing it twice in your list because you've ssh-ed into your local
machine so it's in the list once for the client (ssh) and once for the
ssh server process.
Cheers
-Tim
------------------------------
Message: 5
Date: Wed, 19 Aug 2015 22:19:09 +0100
From: Peter Hemmings <peter@hemmings.eclipse.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] What is using my ports!
Message-ID: <55D4F2CD.5070002@hemmings.eclipse.co.uk>
Content-Type: text/plain; charset=windows-1252; format=flowed
On 19/08/15 21:09, Tim-Philipp M?ller wrote:
> On Wed, 2015-08-19 at 19:54 +0100, Peter Hemmings wrote:
>
> Hi Peter,
>
>> Strange thing is that I do not now have port 36595 in the list at all
>> (root or user):
>>
>> [peter@study ~]$ sudo netstat -antp | grep 22
>> tcp 0 0 192.168.122.1:53 0.0.0.0:*
>> LISTEN 1378/dnsmasq
>> tcp 0 0 0.0.0.0:22 0.0.0.0:*
>> LISTEN 3302/sshd
>> tcp6 0 0 :::22 :::*
>> LISTEN 3302/sshd
>> [peter@study ~]$
>>
>> I did copy over my old home directory with hidden files so is it
>> possible that something leftover from "Speedtest" is opening a port?
>>
>> I always thought that copying over a home directory could not affect
>> configuration of ports.
>
> The "port 36595" thing most likely has nothing to do with "Speedtest". A
> TCP connection usually has an origin address + port and a destination
> address + port, and when an application says 'connect to xyz:22' the
> origin port is usually chosen randomly by the network stack since it's
> usually not important. So the number 36595 was most likely just a random
> number, and next time you use ssh it will be a different number. You're
> seeing it twice in your list because you've ssh-ed into your local
> machine so it's in the list once for the client (ssh) and once for the
> ssh server process.
OK thanks.
I had not realized a port was chosen randomly and do not fully
understand how "stacks" work (at my age its a bit late!). but what is
the relationship between the random port and the default port 22, is
that just on the output from the box or more complex!?
>
> Cheers
> -Tim
>
>
>
> _______________________________________________
> Bristol mailing list
> Bristol@mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/bristol
>
Regards (no so worried)
--
Peter H
------------------------------
Message: 6
Date: Thu, 20 Aug 2015 10:11:04 +0100 (BST)
From: Alex Butcher <lug@assursys.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] What is using my ports!
Message-ID:
<alpine.LRH.2.11.1508200959560.12692@zlgugi.of5.nffheflf.cev>
Content-Type: text/plain; charset="iso-8859-15"; Format="flowed"
On Wed, 19 Aug 2015, Tim-Philipp M?ller wrote:
> On Wed, 2015-08-19 at 19:54 +0100, Peter Hemmings wrote:
>
> Hi Peter,
>
>> Strange thing is that I do not now have port 36595 in the list at all
>> (root or user):
>>
>> [peter@study ~]$ sudo netstat -antp | grep 22
>> tcp 0 0 192.168.122.1:53 0.0.0.0:*
>> LISTEN 1378/dnsmasq
>> tcp 0 0 0.0.0.0:22 0.0.0.0:*
>> LISTEN 3302/sshd
>> tcp6 0 0 :::22 :::*
>> LISTEN 3302/sshd
>> [peter@study ~]$
>>
>> I did copy over my old home directory with hidden files so is it
>> possible that something leftover from "Speedtest" is opening a port?
>>
>> I always thought that copying over a home directory could not affect
>> configuration of ports.
>
> The "port 36595" thing most likely has nothing to do with "Speedtest". A
> TCP connection usually has an origin address + port and a destination
> address + port
Tim has it. The technical term for this source port (which is the normal
term for what Tim's calling an 'origin [...] port') is an 'ephemeral port'
(<https://en.wikipedia.org/wiki/Ephemeral_port>) which is necessary for all
TCP, UDP and SCTP connections (not just TCP connections).
>, and when an application says 'connect to xyz:22' the
> origin port is usually chosen randomly by the network stack since it's
> usually not important. So the number 36595 was most likely just a random
> number, and next time you use ssh it will be a different number. You're
> seeing it twice in your list because you've ssh-ed into your local
> machine so it's in the list once for the client (ssh) and once for the
> ssh server process.
The ephemeral port number isn't always completely random (though it's not
necessarily monotonically incremental either) -
<https://www.cymru.com/jtk/misc/ephemeralports.html>. Also, different OSs
have different default ephemeral port ranges. Linux's NAT functionality
also has its own port range. Observant intermediaries can use this to
determine the likely client OS.
A former colleague's book on TCP/IP is available free online from
<https://web.archive.org/web/20030619152346/http://www.theinternetbook.net/>
> Cheers
> -Tim
Best Regards,
Alex
------------------------------
Message: 7
Date: Thu, 20 Aug 2015 12:23:51 +0100 (BST)
From: Alex Butcher <lug@assursys.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] What is using my ports!
Message-ID:
<alpine.LRH.2.11.1508201217561.12692@zlgugi.of5.nffheflf.cev>
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
On Wed, 19 Aug 2015, Peter Hemmings wrote:
> I had not realized a port was chosen randomly and do not fully understand how
> "stacks" work (at my age its a bit late!).
The term 'stack' has (at least) two uses in computing:
<https://en.wikipedia.org/wiki/Stack_%28abstract_data_type%29>
and, in this case, as a synonym for 'suite' in
<https://en.wikipedia.org/wiki/Internet_protocol_suite>. It refers to the
fact that there is a suite of components that make up IP: some in the
kernel, some in libraries, and some in applications that make calls of
components below them and give responses to components above them (hence
'stack').
> but what is the relationship
> between the random port and the default port 22, is that just on the output
> from the box or more complex!?
The line:
tcp 0 0 192.168.0.2:36595 192.168.0.2:22 ESTABLISHED
indicates that on 192.168.0.2, you've ssh'ed into itself - hence the source
address and port on the left hand side, and the destination address and port
on the right.
Best Regards,
Alex
------------------------------
Subject: Digest Footer
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
------------------------------
End of Bristol Digest, Vol 614, Issue 4
***************************************
Tidak ada komentar:
Posting Komentar