LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-16-2008, 02:03 AM   #1
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
Odd entry in netstat output involving ad.doubleclick (bluectrlproxy).


I was answering a post in another thread about filtering the output of netstat (Yes, I was fooled by a spambot). To test my my filter, I ran netstat -a --tcp . One of the entries seems very odd to me:

Code:
tcp        1      0 192.168.1:bluectrlproxy 209.62.187.18:www-http  CLOSE_WAIT
I think it may be due to having "127.0.0.1 ad.doubleclick.com" in /etc/hosts. So I added some iptables rules to /etc/sysconfig/scripts/SuSEfirewall2-custom instead.

I still have two questions however. Why are only three octats shown "192.168.1" and what is with the "bluectrlproxy" protocol?
 
Old 03-16-2008, 05:45 AM   #2
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
Netstat is telling you about a port number there. The only protocols is mainly cares about are things like TCP and UDP. Grep /etc/services for that name and you'll find out which port is being listened to, or you can just specify -n so that it will keep the numerics numeric.
 
Old 03-16-2008, 08:31 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Right, but unless I'm missing something, it shouldn't confuse the last octet of the IP for a port number - which is what I imagine it's doing. If you use "-n" as suggested by evilDagmar, does the last octet match the port number for bluectrlproxy in your /etc/services file? Just curious.
 
Old 03-17-2008, 09:34 AM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Original Poster
Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
The port number is 2277 so that is too large for an octet.

I just noticed something:
Code:
tcp        0      0 192.168.1.102:ssh       hpmedia.je:jmq-daemon-2 ESTABLISHED
If the port part or the program part is too long, the IP address before the colon is truncated to make space. So the output without being truncated would be:
Code:
tcp        1      0 192.168.1.102:bluectrlproxy 209.62.187.18:www-http  CLOSE_WAIT
That answers part of the mystery.
Code:
tcp        1      0 192.168:talarian-mcast1 www.linuxquest:www-http CLOSE_WAIT
I think what happened is that I had un-aliased ad.doublclick.net in /etc/hosts so that I could watch a jericho episode at www.cbs.com/jericho. It won't work otherwise. I guess I just noticed normal web traffic on a higher-numbered port that happened to be the port for "bt device control proxy".

This wasn't a total waste of time, because I got some practice using the iptables command.
 
Old 03-18-2008, 12:13 AM   #5
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
Quote:
Originally Posted by jschiwal
The port number is 2277 so that is too large for an octet.
Who cares if it's too large to be an octet? IP port numbers are 16 bit integers, dude.
 
Old 03-18-2008, 05:12 AM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Original Poster
Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
That was in response to
Quote:
it shouldn't confuse the last octet of the IP for a port number
It didn't. The last IP address was truncated in the display to make room for the port name.

Last edited by jschiwal; 03-18-2008 at 07:40 AM.
 
Old 03-18-2008, 11:25 AM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
I'm moving this to Software, as it's about netstat itself (and seemingly nothing nefarious is going on).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Domain Rename and Noticed Odd Log Entry thekillerbean General 3 03-01-2007 02:09 AM
Odd issue involving top.... Basslord1124 Slackware 5 01-09-2007 04:56 PM
odd entry in error_log Boss Hoss Linux - General 4 07-23-2006 03:12 PM
Alsa compiling issues involving odd Gentoo dependancies, please help MattJT Linux - Software 0 12-28-2004 06:22 PM
Odd Log Entry mikeyt_333 Linux - General 0 06-12-2002 05:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration