[lug] Netstat (newbie)

David Morris boru at frii.com
Tue Aug 1 17:22:25 MDT 2000 

The ports 137-139 are used by netbios.  Netbios is a windows protical
used for file sharing/communication between computers in the windows
world.  The IP address should be one of the network addresses for your
computer.  Most likely, this is the IP address given to you by your
ISP.

Please correct me if I am wrong here, but I believe that the source
address *must* be one of the local machine's IP addresses.  If it is
not your internal network addresses and it is not the address your ISP
gave you, than you have an extra IP address floating around.

The meaning behind all of this?  Not for me to answer if you do have
an extra IP address floating around.

Check out the ifconfig command for information on your network
interfaces and the IP addresses they are using...should be very
enlightening.  Also, look at the file /etc/services for a listing of
the services and the port number each service uses.

--David


On Tue, 1 Aug 2000, Michael Deck wrote:

> At 03:42 PM 8/1/00 -0700, Jeffrey B. Siegal wrote (in another context):
> 
> 
> >Actually, it is pretty easy to turn off all the services with most
> >distributions.  A firewall doesn't need sendmail, etc. and they should be
> >disabled.  If you do a "netstat -an" and don't see any listeners, there almost
> >no chance of a remote exploit. (I can't remember the last time there was a
> >remote exploit in the kernel itself.)
> 
> Every once in a while, following these flame-wars teaches me something. I went right in and did a netstat -an and there is a listener whose IP address I don't recognize. What does this mean? There are several relevant entries:
> 
> bash$ netstat -an
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State      
> tcp        0      0 172.16.101.1:139        0.0.0.0:*               LISTEN      
> udp        0      0 172.16.101.1:138        0.0.0.0:*                           
> udp        0      0 172.16.101.1:137        0.0.0.0:*                           
> 
> Any thoughts?
> 
> -Mike
> 
> Michael Deck
> Cleanroom Software Engineering, Inc.   
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
>

More information about the LUG mailing list