Re: [expert] Simple question about netstat - not in man pages.
Thanks to everyone who has answered this. You've cleared up things a great deal for me. Jim C. Vox wrote: This time Jim C <[EMAIL PROTECTED]> becomes daring and writes: The -l just lists ports that are in the act of listening, whereas active connections are listed separately. For instance, if you have another computer on your home network (B), ssh from B to A. Then on A, list all the TCP connections with a netstat -at. The listening ports (including ssh) will show a foreign address of as above, and listed separately below in the active connections you'll see your ssh connection from B to A. OK, but a potential connection (i.e. listenting) from Local address 0.0.0.0:[arbitrary port number] to foreign address 0.0.0.0:[arbitrary port number] represents a possible connection between what IP's? So far, I have to assume that it is either any IP or no IP. 0.0.0.0 = any On TCP/IP networking, 0 as any octet of an IP is, for all purposes, a universal globing. That's why I hate people who set their LANs to use 192.168.0.x as their IPs...it drives me crazy, even if it's valid :) Vox Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Simple question about netstat - not in man pages.
On Tue, 2003-03-11 at 09:58, Pierre Fortin wrote: > Get over it... your statement is factually incorrect what you are > probably referring to is the old-style [sub]net broadcast address > > Classfull: > 192.0.0.0: old-style broadcast -- last 0 only (Class C) > 162.198.0.0: old-style broadcast (Class B) > 192.0.0.[1-254]: your statement is wrong (Class C) > 168.0.0.0: old style broadcast -- last two 0s only(Class B) > 12.12.12.12/255.240.0.0: why not complain about this? >^^ ^^^ : subnet = 0 (Class A w/4-bit subnet) > > Classless(no subnetting): > 192.168.1.0/16: valid non-zero host part > 12.0.1.0/23: valid non-zero host part > 129.0.0.0/7: valid non-zero host part > > Not to mention this is IP part only; not TCP/IP... In other words, what has to be non zero is the part of the IP that is not masked. You can always think of the IP as composed by two parts: The network bits and the host bits. IP = networkbits.hostbits For a host, hostbits can not be all 0 (network id) or all 1 (broadcast). -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //celular: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager : [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Simple question about netstat - not in man pages.
On Tue, 11 Mar 2003 01:50:52 -0600 Vox <[EMAIL PROTECTED]> wrote: > On TCP/IP networking, 0 as any octet of an IP is, for all purposes, > a universal globing. That's why I hate people who set their LANs to > use 192.168.0.x as their IPs...it drives me crazy, even if it's > valid :) Get over it... your statement is factually incorrect what you are probably referring to is the old-style [sub]net broadcast address Classfull: 192.0.0.0: old-style broadcast -- last 0 only (Class C) 162.198.0.0: old-style broadcast (Class B) 192.0.0.[1-254]: your statement is wrong (Class C) 168.0.0.0: old style broadcast -- last two 0s only(Class B) 12.12.12.12/255.240.0.0: why not complain about this? ^^ ^^^ : subnet = 0 (Class A w/4-bit subnet) Classless(no subnetting): 192.168.1.0/16: valid non-zero host part 12.0.1.0/23: valid non-zero host part 129.0.0.0/7: valid non-zero host part Not to mention this is IP part only; not TCP/IP... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Simple question about netstat - not in man pages.
This time Adolfo Bello <[EMAIL PROTECTED]> becomes daring and writes: > On Tue, 2003-03-11 at 03:50, Vox wrote: > >> 0.0.0.0 = any >> >> On TCP/IP networking, 0 as any octet of an IP is, for all purposes, >> a universal globing. That's why I hate people who set their LANs to >> use 192.168.0.x as their IPs...it drives me crazy, even if it's >> valid :) >> >> Vox > Hi Vox: > > I don't know if I understood what you meant by universal globing and why > you hate 0 in IPs. > > As long as 0 is not the ending octet, it has no special meaning in IP > addresses. The same applies to 255, or to any power of 2 number. I know a non-ending 0 octet loses its special meaning...it's just that I've always seen a 0 octet much as a * and it takes me a few seconds to stop seeing it like that when I'm reading IPs on logs or stuff like that. Let's call it a quirk-from-bad-habit :) Vox -- Think of the Linux community as a niche economy isolated by its beliefs. Kind of like the Amish, except that our religion requires us to use _higher_ technology than everyone else. -- Donald B. Marti Jr. pgp0.pgp Description: PGP signature
Re: [expert] Simple question about netstat - not in man pages.
On Tue, 2003-03-11 at 07:58, Adolfo Bello wrote: > Hi Vox: > > I don't know if I understood what you meant by universal globing and why > you hate 0 in IPs. > > As long as 0 is not the ending octet, it has no special meaning in IP > addresses. The same applies to 255, or to any power of 2 number. or to any power of 2 octet minus 1 -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //celular: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager : [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Simple question about netstat - not in man pages.
On Tuesday 11 March 2003 06:58 am, Adolfo Bello wrote: > On Tue, 2003-03-11 at 03:50, Vox wrote: > > 0.0.0.0 = any > > > > On TCP/IP networking, 0 as any octet of an IP is, for all purposes, > > a universal globing. That's why I hate people who set their LANs to > > use 192.168.0.x as their IPs...it drives me crazy, even if it's > > valid :) > > > > Vox > > Hi Vox: > > I don't know if I understood what you meant by universal globing and why > you hate 0 in IPs. > > As long as 0 is not the ending octet, it has no special meaning in IP > addresses. The same applies to 255, or to any power of 2 number. > > Am I wrong or missing something? > > Saludos I don't think it was the ")" that bottered him, I thought it was the "x" ET Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Simple question about netstat - not in man pages.
On Tue, 2003-03-11 at 03:50, Vox wrote: > 0.0.0.0 = any > > On TCP/IP networking, 0 as any octet of an IP is, for all purposes, > a universal globing. That's why I hate people who set their LANs to > use 192.168.0.x as their IPs...it drives me crazy, even if it's > valid :) > > Vox Hi Vox: I don't know if I understood what you meant by universal globing and why you hate 0 in IPs. As long as 0 is not the ending octet, it has no special meaning in IP addresses. The same applies to 255, or to any power of 2 number. Am I wrong or missing something? Saludos -- __ / \\ @ __ __@ Adolfo Bello <[EMAIL PROTECTED]> / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / //celular: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax: +58 212 952-6797 www.bisapi.com //pager : [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Simple question about netstat - not in man pages.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > 0.0.0.0 = any Further to this, if you see a service listening on 0.0.0.0, it actually means the service is listening on all available (and future) interfaces. tcp0 0 0.0.0.0:631 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:5432 0.0.0.0:* LISTEN Here, I have something listening on port 631 (cups) on all interfaces, and something listening only on localhost (postgres) Since both services are listening and have no connection, neither of them have a foreign address listed (hence the 0.0.0.0 in the second address field). tcp0 0 128.98.x.x:34445 128.98.z.z:22 ESTABLISHED tcp1 0 128.98.x.x:35738 128.98.y.y:3125CLOSE_WAIT Here, I have an established connection made to a server on port 22 (ssh) and another waiting for a timeout. - -- Mark Watts Systems Engineer QinetiQ TIM St Andrews Road, Malvern GPG Public Key available on request. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+bbO4Bn4EFUVUIO0RAunEAJ4lxofflMzR3LzgP0a6Pw/E40XimQCg0nXJ jURQr3gCoZAJJvuTbiPVCR8= =0fF7 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Simple question about netstat - not in man pages.
This time Jim C <[EMAIL PROTECTED]> becomes daring and writes: >> The -l just lists ports that are in the act of listening, whereas active >> connections are listed separately. For instance, if you have another >> computer on your home network (B), ssh from B to A. Then on A, list all the >> TCP connections with a netstat -at. The listening ports (including ssh) >> will show a foreign address of as above, and listed separately below in >> the active connections you'll see your ssh connection from B to A. > > OK, but a potential connection (i.e. listenting) from Local address > 0.0.0.0:[arbitrary port number] to foreign address 0.0.0.0:[arbitrary > port number] represents a possible connection between what IP's? > So far, I have to assume that it is either any IP or no IP. 0.0.0.0 = any On TCP/IP networking, 0 as any octet of an IP is, for all purposes, a universal globing. That's why I hate people who set their LANs to use 192.168.0.x as their IPs...it drives me crazy, even if it's valid :) Vox -- Think of the Linux community as a niche economy isolated by its beliefs. Kind of like the Amish, except that our religion requires us to use _higher_ technology than everyone else. -- Donald B. Marti Jr. pgp0.pgp Description: PGP signature
Re: [expert] Simple question about netstat - not in man pages.
The -l just lists ports that are in the act of listening, whereas active connections are listed separately. For instance, if you have another computer on your home network (B), ssh from B to A. Then on A, list all the TCP connections with a netstat -at. The listening ports (including ssh) will show a foreign address of as above, and listed separately below in the active connections you'll see your ssh connection from B to A. OK, but a potential connection (i.e. listenting) from Local address 0.0.0.0:[arbitrary port number] to foreign address 0.0.0.0:[arbitrary port number] represents a possible connection between what IP's? So far, I have to assume that it is either any IP or no IP. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Simple question about netstat - not in man pages.
On Mon, 10 Mar 2003 15:00:59 -0800 Jim C <[EMAIL PROTECTED]> wrote: > Take the following line for example which resulted from netstat -ntupl: > > > Proto Recv-Q Send-Q Local Address Foreign Address State > > PID/Program name > > tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN > > 3495/sshd > > Drop the 'n' and one gest a * instead of '0.0.0.0': > > > Proto Recv-Q Send-Q Local Address Foreign Address State > > PID/Program name > > tcp0 0 *:ssh *:* LISTEN > > 3495/sshd > > Now a 0 in an IP address is a referece to a network but what does it > mean when netstat returns something like this? Is it listening in > general to anyone or is it just reffering to the local machine? Another > possibility I can think of is that it is listening but can't hear anything. The -l just lists ports that are in the act of listening, whereas active connections are listed separately. For instance, if you have another computer on your home network (B), ssh from B to A. Then on A, list all the TCP connections with a netstat -at. The listening ports (including ssh) will show a foreign address of as above, and listed separately below in the active connections you'll see your ssh connection from B to A. Miark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
