From owner-freebsd-security  Tue Sep  7 12:28: 2 1999
Delivered-To: freebsd-security@freebsd.org
Received: from metriclient-1.uoregon.edu (metriclient-1.uoregon.edu [128.223.172.1])
	by hub.freebsd.org (Postfix) with ESMTP id DCF84155FD
	for <freebsd-security@FreeBSD.ORG>; Tue,  7 Sep 1999 12:27:57 -0700 (PDT)
	(envelope-from gurney_j@efn.org)
Received: (from jmg@localhost)
          by metriclient-1.uoregon.edu (8.9.1/8.8.7) id MAA10951;
          Tue, 7 Sep 1999 12:26:21 -0700 (PDT)
Message-ID: <19990907122621.30662@hydrogen.fircrest.net>
Date: Tue, 7 Sep 1999 12:26:21 -0700
From: John-Mark Gurney <gurney_j@efn.org>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: sthaug@nethelp.no, madrapour@hotmail.com,
	freebsd-security@FreeBSD.ORG
Subject: Re: Tracing open ports on FreeBSD
References: <36622.936445305@verdi.nethelp.no> <28018.936617908@axl.noc.iafrica.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.69
In-Reply-To: <28018.936617908@axl.noc.iafrica.com>; from Sheldon Hearn on Mon, Sep 06, 1999 at 01:38:28PM +0200
Reply-To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>
Organization: Cu Networking
X-Operating-System: FreeBSD 3.0-RELEASE i386
X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31  96 7A 22 B3 D8 56 36 F4
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Sheldon Hearn scribbled this message on Sep 6:
> On Sat, 04 Sep 1999 13:41:45 +0200, sthaug@nethelp.no wrote:
> 
> > You're probably using ssh with X11 forwarding. If you use the
> > 'sockstat' program you'll find that sshd is listening to those ports.
> 
> This is the third time I've seen someone try to use netstat to figure
> out who's listening to what. Do you think an xref to sockstat would be
> completely inappropriate in the netstat(1) manpage?

no, but we should include a reference to fstat... you can track down
who had a udp socket open, but for some reason the addresses on my 3.0-R
box for tcp streams outputed by netstat don't agree w/ any of the
addresses that exist in the fstat output...

looks like I should extend the description of -A to include a blurb
about identifing processes which own a socket/stream...

-- 
  John-Mark Gurney				Voice: +1 541 684 8449
  Cu Networking					  P.O. Box 5693, 97405

  "The soul contains in itself the event that shall presently befall it.
  The event is only the actualizing of its thought." -- Ralph Waldo Emerson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message