Without resorting to a flame, the "p" option stands for the following:
-p, --programs display PID/Program name for sockets So, it's the program that is bound to the socket. -scm On Mon, 21 Jan 2002, leon wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > That is not true. P stands for proto not port. > > - -p proto Shows connections for the protocol specified by proto; > proto > may be any of: TCP, UDP, TCPv6, or UDPv6. If used with > the -s > option to display per-protocol statistics, proto may be > any of: > IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6. > > It has nothing to do with ports. Please DO NOT GIVE ADVICE ON THE > LIST IF YOU ARE NOT SURE OF WHAT YOU ARE SAYING. > > Cheers, > > Leon > > - -----Original Message----- > From: shawn merdinger [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 18, 2002 8:45 PM > Cc: Craig Van Tassle; secuirty-basics > Subject: Re: loopback device > > Also, try the following: > > netstat -anp > > The p option displays the program bound to that socket/port. > > >From the looks of your snort log, it did not *appear* to be a > >loopback > address. > > - -scm > > > > On 15-Jan-2002 Craig Van Tassle wrote: > > > My loop back is supposed to be 127.0.0.1.. at least that is what > > > my ifconfig shows me.. and i have no idea what program is > > > running on that port. Do you think that i could have a possible > > > intrusin? > > > > > > Thanks > > > Craig > > > > > > On Tue, Jan 15, 2002 at 10:44:48AM -0800, Glenn Pitcher wrote: > > >> No, you can't bypass the firewall using the loopback interface. > > >> Whats interesting though is the IP address they're using... > > >> usually loopback is 127.0.0.1 and the port number, 5460 isn't > > >> assigned to anyone so what program is running? > > >> > > >> -----Original Message----- > > >> From: Craig Van Tassle [mailto:[EMAIL PROTECTED]] > > >> Sent: Monday, January 14, 2002 8:48 AM > > >> To: secuirty-basics > > >> Subject: loopback device > > >> > > >> > > >> Is it possible for someone over a network to use my loopback to > > >> by pass my firewall? If so what can i do to mitigate the > > >> problem and how damageing can it be? > > >> > > >> The reason im asking is my Snort sytem is showing badd loopback > > >> traffic.. thanks > > >> > > >> here is a snipit from my snort logs. > > >> > > >> [**] [1:528:2] BAD TRAFFIC loopback traffic [**] > > >> [Classification: Potentially Bad Traffic] [Priority: 2] > > >> 01/12-14:10:11.568007 45.253.14.97:49847 -> 127.167.228.85:5460 > > >> TCP TTL:64 TOS:0x0 ID:37583 IpLen:20 DgmLen:40 > > >> ******S* Seq: 0x3F4BB00A Ack: 0x0 Win: 0x200 TcpLen: 20 > > >> > > >> Thanks > > >> Craig > > >> > > >> > > > > - -- > > Phillip O'Donnell > > Software Engineer, Esphion Limited > > [EMAIL PROTECTED] > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP 6.5.1i > > > > iQA/AwUBPEXd7nbXtTBvmfCfEQKNyQCfd08qxIx1+JqoOl47TH/pm74eSRcAoO7g > > Ky+CD/KuL2KCESveLJw30Gb1 > > =VjXg > > -----END PGP SIGNATURE----- > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPExZDdqAgf0xoaEuEQK/AwCgrV/Qlvx1IWJAZTd3Nj8GZv1naOgAnREV > KVGYnYIsKnsMNF+zyt4M76cB > =jg5K > -----END PGP SIGNATURE----- >
