Find the answer to your Linux question:
Results 1 to 3 of 3
Hi guys I got a little question about the output from netstat. I was looking through the man page when I came across the -e switch. I used it a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie the bassinvader's Avatar
    Join Date
    Jun 2006
    Location
    Europe
    Posts
    168

    netstat -e and root


    Hi guys

    I got a little question about the output from netstat. I was looking through the man page when I came across the -e switch. I used it a couple of times and then noticed something which I found a little weird. I doubt its a security problem but I'd still like it explained if somebody could. Basically sometimes I find root in the user column instead of my username. This is generally (but not always) for connections to Verisign or equivalents. Just wondered why really, seeing as I run firefox from the package downloaded from the mozilla site that runs from its own folder.

    Why are these connections there? Or more specifically, why are there any connections to root?

    Here's an example output:

    Code:
    Fatback@mepis1:~$ netstat -et
    Active Internet connections (w/o servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode
    tcp        0      0 233.Red-81-41-32.s:5650 74.125.4.38:www         ESTABLISHEDFatback    220669
    tcp        1      1 233.Red-81-41-32.s:1704 108.116.232.72.stat:www LAST_ACK   root       0
    tcp        0      1 233.Red-81-41-32.s:4461 www.grc.com:https       SYN_SENT   Fatback    221439
    tcp        1      0 233.Red-81-41-32.s:5650 74.125.4.38:www         CLOSE_WAIT Fatback    220669
    tcp        0      1 233.Red-81-41-32.s:4462 www.grc.com:https       SYN_SENT   Fatback    221441
    tcp        0      0 233.Red-81-41-32.s:4459 www.grc.com:https       ESTABLISHEDFatback    221437
    tcp        0      0 233.Red-81-41-32.s:1986 OCSP.NYC3.verisign.:www TIME_WAIT  root       0
    tcp        0      1 233.Red-81-41-32.s:4460 www.grc.com:https       SYN_SENT   Fatback    221438
    tcp        0      0 233.Red-81-41-32.s:1986 OCSP.NYC3.verisign.:www TIME_WAIT  root       0
    tcp        0    506 233.Red-81-41-32.s:4460 www.grc.com:https       ESTABLISHEDFatback    221438
    tcp        0    192 233.Red-81-41-32.s:4464 www.grc.com:https       ESTABLISHEDFatback    221510
    " I didn't know it was a picture of his wife! I thought it was a publicity shot form Planet Of the Apes."

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,664
    Some applications use system services that are only available to root, so they are chmod'd to be setuid root. When you run them, they are run under the root user account. These are major points of vulnerability and must be trusted programs as if they are compromised, then the system is at risk. Apparently, the public key and certificate of authority functions provided by Verisign require root privileges, so its applications are setuid root. So, even if you run them, they still appear to be run by root. Ok?
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Linux Newbie the bassinvader's Avatar
    Join Date
    Jun 2006
    Location
    Europe
    Posts
    168
    Thanks for the info Rubberman. Got it
    " I didn't know it was a picture of his wife! I thought it was a publicity shot form Planet Of the Apes."

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •