On Tue, Mar 20, 2001, mike ray wrote about "netstat":
> in netstat -a i can see two open ports 1 & 6 which belong to raw, ??
Like in Jeopardy, I would ask you to "please rephrase that in the form of
a question" :)
But anyway, raw sockets do not have ports, they have protocols (see the
raw(7) manual). These are IPv4 protocols, where protocol 1 is ICMP and
protocol 6 is TCP (see /etc/protocols for a long list, but the only other
protocol you're likely to encounter is 17, UDP).
I don't know why you have raw sockets opened for ICMP and TCP - I guess that
perhaps the kernel or some common daemon opens them for its own purposes,
because I see such lines on my 'netstat' output too.
Perhaps someone else on the list can explain what part of the kernel opens
these sockets and why. A quick "lsof" gave me no clue, and I'm too lazy to
look at kernel sources right now. My guess is that an ICMP raw socket is
opened to answer ping (ICMP Echo Request) packets and handle other special
ICMP messages in the kernel. But what does opening a TCP raw socket achieve?
Or maybe this is simply a socket that 'netstat' itself needs to open in order
to query network information, much like a "ps" process appears when running
"ps"? Again, a look at netstat sources can answer this question but I'm too
lazy to do it now...
--
Nadav Har'El | Tuesday, Mar 20 2001, 25 Adar 5761
[EMAIL PROTECTED] |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |I have an open mind - it's just closed
http://nadav.harel.org.il |for repairs.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
