Re: differences between iptstate and netstat

To: debian-security@lists.debian.org
Subject: Re: differences between iptstate and netstat
From: Dale Amon <amon@vnl.com>
Date: Wed, 18 Sep 2002 19:52:27 +0100
Message-id: <[🔎] 20020918185226.GD19650@vnl.com>
In-reply-to: <[🔎] 20020918173136.GC8702@llama.nslug.ns.ca>
References: <[🔎] 20020918141733.GB19650@vnl.com> <[🔎] 20020918173136.GC8702@llama.nslug.ns.ca>

On Wed, Sep 18, 2002 at 02:31:36PM -0300, Peter Cordes wrote:
>  Are you running a firewall with iptables connection tracking?  

Well, yes. I didn't know iptstate would work otherwise.

> Are the
> extra connections (that don't show up in netstat) from internal addresses to
> external addresses?  (i.e. neither end of the connection is your firewall's
> IP addr?)

No. They are all external connections to port 80. Nothing about them looks
particularly invalid, but I can't correlate them. Not entirely anyway.

>  If so, then that's normal.  netstat only shows connections from the local
> machine.  iptstate reports the state of the netfilter connection tracking
> stuff.

Yes, one of the things I am wondering is if it remembers connections for a 
longer time for some reason. Still doesn't figure because I have them
sitting in ESTABLISHED when there is no corresponding one on the netstat.

Reply to:

Follow-Ups:
- Re: differences between iptstate and netstat
  - From: Steve Mickeler <steve@neptune.ca>

References:
- differences between iptstate and netstat
  - From: Dale Amon <amon@vnl.com>
- Re: differences between iptstate and netstat
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

Prev by Date: Re: differences between iptstate and netstat
Next by Date: Re: differences between iptstate and netstat
Previous by thread: Re: differences between iptstate and netstat
Next by thread: Re: differences between iptstate and netstat
Index(es):
- Date
- Thread