Netstat output

Raafi · 05-24-2005, 08:40 PM

Code:

$ netstat -pantu
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:32768               0.0.0.0:*                   LISTEN      -
tcp        0      0 127.0.0.1:783               0.0.0.0:*                   LISTEN      -
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      -
tcp        0      0 0.0.0.0:10000               0.0.0.0:*                   LISTEN      -
tcp        0      0 0.0.0.0:113                 0.0.0.0:*                   LISTEN      -
tcp        0      0 192.168.1.102:53            0.0.0.0:*                   LISTEN      -
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      -
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      -
tcp        0      0 127.0.0.1:5335              0.0.0.0:*                   LISTEN      -
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      -
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      -
tcp        0      0 192.168.1.102:58567         64.12.28.92:5190            ESTABLISHED 5068/gaim
tcp        0      0 192.168.1.102:53184         208.21.175.137:110          CLOSE_WAIT  7310/esd
tcp        0      0 192.168.1.102:53183         208.21.175.137:110          CLOSE_WAIT  7310/esd
tcp        0      0 192.168.1.102:53182         208.21.175.137:110          CLOSE_WAIT  7310/esd
tcp        0      0 192.168.1.102:55564         205.234.150.178:143         ESTABLISHED 7297/thunderbird-bi
tcp        0      0 192.168.1.102:40860         198.65.158.245:110          CLOSE_WAIT  7310/esd
tcp        0      0 192.168.1.102:43540         216.148.227.80:110          TIME_WAIT   -
tcp        0      0 192.168.1.102:55320         216.155.193.132:5050        ESTABLISHED 5068/gaim
tcp        0      0 192.168.1.102:41891         64.12.165.76:5190           ESTABLISHED 5068/gaim
tcp        0      0 192.168.1.102:42013         64.233.161.99:80            ESTABLISHED 8664/firefox-bin
tcp        0      0 192.168.1.102:41993         64.233.161.99:80            ESTABLISHED 8664/firefox-bin
tcp        0      0 192.168.1.102:40237         207.46.107.100:1863         ESTABLISHED 5068/gaim
tcp        0      0 192.168.1.102:36205         195.172.126.100:110         CLOSE_WAIT  7310/esd
tcp        0      0 192.168.1.102:53932         216.136.173.10:110          CLOSE_WAIT  7310/esd
tcp        0      0 :::22                       :::*                        LISTEN      -
udp        0      0 0.0.0.0:32768               0.0.0.0:*                               -
udp        0      0 0.0.0.0:32770               0.0.0.0:*                               -
udp        0      0 0.0.0.0:10000               0.0.0.0:*                               -
udp        0      0 192.168.1.102:53            0.0.0.0:*                               -
udp        0      0 127.0.0.1:53                0.0.0.0:*                               -
udp        0      0 0.0.0.0:828                 0.0.0.0:*                               -
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               -
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               -
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               -
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               -
udp        0      0 192.168.1.102:123           0.0.0.0:*                               -
udp        0      0 127.0.0.1:123               0.0.0.0:*                               -
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               -
udp        0      0 :::32769                    :::*                                    -
udp        0      0 :::123                      :::*                                    -

this is my read-out, I dont know what i am looking at, can anyone tell me if i have any problems?

Capt_Caveman · 05-24-2005, 09:33 PM

Quote:

Originally posted by Raafi

this is my read-out, I dont know what i am looking at, can anyone tell me if i have any problems?

You have entirely too many services running. Turn off any that you aren't using, like portmap, nfs, and nfslock. Also try running the netstat -pantu command as root so that you can see what services are running on all the ports (if you look at the top of the output, there is a warning that not all services could be identified cause you're not root). From there, turn off services using the 'chkconfig' and 'service' commands like this:

chkconfig <service_name> off
service <service_name> stop

So to turn off portmap you'd do:
chkconfig portmap off
service portmap stop

To display the list of services that are set to start running at boot use:
chkconfig --list | grep on

Capt_Caveman · 05-24-2005, 09:34 PM

//Moderator note: I'm splitting your question off into it's own thread, as it's not really related to the original thread topic.

craigevil · 05-24-2005, 09:45 PM

Since we are posting netstat listing how does mine look? Just curious, I really have no idea what most of this info means. I am behind a NAT router that passes as Stealth at grc.com, running Guarddog Firewall with only the things I absolutlely have to have open. Plus I ran Bastille and had it turn a few things off.

root@moses:/home/craig# netstat -pantu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:20012 0.0.0.0:* LISTEN 4651/inetd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 4651/inetd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 4293/dnsmasq
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 4538/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5315/smail
tcp 0 0 192.168.1.101:5160 64.179.4.149:80 TIME_WAIT
tcp 0 0 192.168.1.101:5157 64.233.167.99:80 ESTABLISHED8195/firefox-bin
udp 0 0 0.0.0.0:53 0.0.0.0:* 4293/dnsmasq
udp 0 0 0.0.0.0:68 0.0.0.0:* 2990/dhclient
udp 0 0 0.0.0.0:631 0.0.0.0:* 4538/cupsd

Capt_Caveman · 05-24-2005, 10:14 PM

Quote:

Originally posted by craigevil
Since we are posting netstat listing how does mine look? Just curious, I really have no idea what most of this info means.

It really depends on what you need running. You definitely have less services running overall (which is a good thing), but do you need local DNS (dnsmasq) or whatever inetd is running on port 20012? If not then turn them off. In most cases I'd recommend configuring sendmail to listen only for local traffic unless you are running a mail server. However, being behind a packet filtering router helps too, so I think you're in reasonable shape.