Hello All I ran $netstat -a on one of my machines and got the following
******************* output of netstat -a ********************************* Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:auth *:* LISTEN tcp 0 0 *:smtp *:* LISTEN raw 0 0 *:icmp *:* 7 raw 0 0 *:tcp *:* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 0 [ ACC ] STREAM LISTENING 11142 /dev/log unix 0 [ ACC ] STREAM LISTENING 65 /dev/gpmctl unix 1 [ ] STREAM CONNECTED 52 @00000001 unix 1 [ ] STREAM CONNECTED 79 @00000003 unix 1 [ ] STREAM CONNECTED 80 /dev/log unix 1 [ ] STREAM CONNECTED 53 /dev/log ************************************************************************** I was interested if anyone knew what the lines raw 0 0 *:icmp *:* 7 raw 0 0 *:tcp *:* 7 mean. I have read that it means that a program such as portsentry, ippl or iplogger is running on the system. In other words there is some program listening for raw ICMP (protocol 1) and TCP (proto 6) packets coming from any remote address to any local address. I have no such programs. The closest I have to any of these is tcpdump. But I seen other systems with tcpdump and netstat -a doesn't give this output. Can anyone explain say how I would find out which program is listening for raw icmp/tcp packets. TIA. t.irvine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
