I am running netstat -an command in cmd. For some records I am getting [::]:port number in place of ip address. What does it mean ?
It means listening in all interfaces for those ports.
Related
i actually use a dbeaver client which executes a pg_dump command
on a remote server. The command starts exactly like that :
pg_dump --verbose --host=127.0.0.1 --port=47855 --username=user-accounet..
i dont't know how dbeaver creates ssh tunnel (it uses a bastion)
but, it is not the question.
the question is : when i excute the command below..
lsof -i -P -n | grep pg_dump
i get this :
pg_dump 14144 parcss-alexco 3u IPv4 397966 0t0 TCP 127.0.0.1:35978->127.0.0.1:47855 (ESTABLISHED)
what is this adress ip : 35978 ?
what kind of binding 35978 --> 47855 means ?
Does it concern a remote ip adresse ? local ?
i'd like to understand..
A TCP connection is between to sockets. A fully specified socket has an IP address and a port number.
pg_dump uses port 47855 on 127.0.0.1 for the remote socket for the connection, but what about the socket on the other end? The IP address is clear, but what is the port number? Since the socket is not explicitly bound to a certain port with bind(2), connect(2) will assign an “ephemeral port” number. This happens to be 35978 in your case.
Im doing a challenge (CTF style) and everyting we got is an IP.
Scanning that IP only one port is open.
If I connect to that IP and port using netcat, I got a kind of "dance" doing in CMD, with a message at the end that says "Check socket 12345".
I need to understand again what truly a socket is because im not getting anywhere trying to connect to that socket.
Its possible to connect to a socket from a specific port? or I only can make a connection from a open port and there the web servers redirect my connection automatically to a socket?
You can use netcat nc and its -p option to set the source port.
Netcat man page say:
-p port
local port number (port numbers can be individual or ranges: lo-hi [inclusive])
Try "nc -p 12345 dest_IP dest_port"
I used to be able to run docker-compose using 5432:5432 port mapping, but am recently getting this error:
Error starting userland proxy: listen tcp 0.0.0.0:5432: bind: address already in use
I've gone through all of the older posts relating to this issue but have yet to be able to solve this.
I've been driving myself mad with this error for the past week trying to figure out how to stop whatever process is running with no avail.
I've tried running
lsof -i tcp:5432
which returns no results (as long as my pgadmin/server is not running)
I've also seen other posts mention running
netstat -anp tcp | grep 5432
which does return two lines:
tcp4 0 0 *.5432 *.* LISTEN
tcp6 0 0 *.5432 *.* LISTEN
But I'm not entirely sure what to do with that output?
Run lsof -i tcp:5432 with sudo rights:
sudo lsof -i tcp:5432
A process (very likely PostgreSQL) is listening on port 5432, preventing another to listen on that port. Stop the process, e.g. with systemctl, then you will be able to start your docker PostgreSQL.
There is a possibility that this might be happening due to multiple instances of postgres running on your machine.
In my case, I had previously installed postgres which was always running on the machine because of which docker-based postgres was unable to start due to the above error. Uninstalling previously installed postgres helped to resolve the issue.
Why the following command (on my Debian 8.4 machine) doesn't output an error of type "Address already in use" when I execute it from two different terminals?
netcat -p 1234 -l
I wonder why it doesn't throw an error since it starts two processes listening on the same port.
Doesn't netcat use sockets? How is it possible?
On my system, running strace nc -l 1234 finishes with:
socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_REUSEPORT, [1], 4) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(1234), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
listen(3, 1) = 0
accept(3,
So the socket is setup with the options SO_REUSEADDR and SO_REUSEPORT, which allow multiple processes to bind to the same port and same listening address. See man 7 socket or this detailed answer. The goal of this option is to allow an easy form of load balancing: incoming connections to the port will be redirected to one of the processes (apparently at random).
The -p option specifies a source port, not a listening port.
The -l option puts netcat into listening mode.
In your example, 1234 is the input value for the -p option, not the -l option, which means there is no explicit listening port being specified. If netcat is not failing, then most likely netcat is binding to port 0 instead, which tells the listening socket to bind to a random available ephemeral port. As such, your two netcat instances would actually be listening on different ports. Use netstat to verify.
According to the Linux manpage for netcat:
-l' Used to specify that nc should listen for an incoming connection rather than initiate a connection to a remote host. It is an error to use this option in conjunction with the -p, -s, or -z options. Additionally, any timeouts specified with the -w option are ignored.
-p source_port
Specifies the source port nc should use, subject to privilege restrictions and availability. It is an error to use this option in conjunction with the -l option.
So technically, your example may not be valid to begin with.
However, on some systems, including some Debian installs, depending on which flavor of netcat you use (in particular, the traditional flavor), you actually may need to use -l and -p together, but you need to swap their order to specify a listening port correctly, eg:
nc -l -p 1234
I copied the following script and run it to have it listen on port 80. But netstat doesn't show port 80. Why does netstat not sow it, or the Perl script is not correct?
#!/usr/bin/perl -w
use Socket;
use IO::Handle;
$port=80;
$host='localhost';
$packhost=inet_aton($host);
$address=sockaddr_in($port,$packhost);
socket(SERVER,AF_INET,SOCK_STREAM,getprotobyname('tcp'));
bind(SERVER,$address);
listen(SERVER,10);
while( 1 ) {
next unless (accept(CLIENT,SERVER));
CLIENT->autoflush(1);
$msg_out="WHAT DO YOU WANT?\n";
send(CLIENT,$msg_out,0);
close CLIENT;
}
close SERVER;
exit 1;
What platform are you on? How are you invoking netstat?
On Windows XP, after running the script with admin privileges, netstat -a gives me:
TCP aardvarkvi:http aardvarkvi:0 LISTENING
Binding to ports below 1024 requires root privileges on *nix systems. Since you do not (or, shall I say, code you seem to have blindly copied does not) check the return values of various calls, you would not know if they failed.
In general, you should not have to use Socket.pm. Stick with IO::Socket and avoid blindly copying code without knowing what it does.
You might also want to look into HTTP::Daemon.
It's likely that netstat is replacing the numeric port number by the name from /etc/services. For example:
~, 503> netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:svn *:* LISTEN
One thing that you can do is grep netstat's output to find all sockets where it's listening:
netstat -a | grep LISTEN | grep tcp
You can also tell netstat to show numeric addresses rather than doing a hostname or services lookup (and there's another option where you can limit just port numbers; do man netstat):
netstat -an | grep LISTEN | grep tcp
Sorry, my fault, when I run netstat, I didn't put the option -a. When use netstat -a, it shows that port.