Re: differences between iptstate and netstat

To: debian-security@lists.debian.org
Subject: Re: differences between iptstate and netstat
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Wed, 18 Sep 2002 14:31:36 -0300
Message-id: <[🔎] 20020918173136.GC8702@llama.nslug.ns.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20020918141733.GB19650@vnl.com>
References: <[🔎] 20020918141733.GB19650@vnl.com>

On Wed, Sep 18, 2002 at 03:17:33PM +0100, Dale Amon wrote:
> I'm watching a server right now and find that I really
> can't make much of a correspondence between what iptstate
> shows and what a netstat -anp does.
> 
> The problem is the iptstate shows many, many more connections
> to port 80 than the netstat. Large numbers are showing as
> ESTABLISHED on the iptstate. Only a handful show on the
> netstat.
> 
> Any idea why?

 Are you running a firewall with iptables connection tracking?  Are the
extra connections (that don't show up in netstat) from internal addresses to
external addresses?  (i.e. neither end of the connection is your firewall's
IP addr?)

 If so, then that's normal.  netstat only shows connections from the local
machine.  iptstate reports the state of the netfilter connection tracking
stuff.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC

Reply to:

Follow-Ups:
- Re: differences between iptstate and netstat
  - From: Dale Amon <amon@vnl.com>

References:
- differences between iptstate and netstat
  - From: Dale Amon <amon@vnl.com>

Prev by Date: Re: sendmail
Next by Date: Re: differences between iptstate and netstat
Previous by thread: differences between iptstate and netstat
Next by thread: Re: differences between iptstate and netstat
Index(es):
- Date
- Thread