## /proc/net/tcp

### /proc/net/tcp

Ok I understand converting the port but I am still stuck on the ip
address part, any help will be appreciated..

Could somebody explain the conversion of the output of this file?
Like O'Reilly's example
then they reverse the ordering of the bytes in the IP address part.
7F000001:0017

Then they seperate the bytes of the address
7F 00 00 01 : 0017

127 0 0 1 : 23

--
A little experience often upsets a lot of theory.

### /proc/net/tcp

Could somebody explain the conversion of the output of this file?
Like O'Reilly's example
then they reverse the ordering of the bytes in the IP address part.
7F000001:0017

Then they seperate the bytes of the address
7F 00 00 01 : 0017

127 0 0 1 : 23

--
A little experience often upsets a lot of theory.

### /proc/net/tcp

> Ok I understand converting the port but I am still stuck on the ip
> address part, any help will be appreciated..

honestly, i'm stuck trying to see where you're stuck. yo useem to
understand hex -> decimal conversions. is it the ordering of the network

### /proc/net/tcp

It appears to me that you don't understand the part "reverse ordering
of the bytes".  Using your example:

0100007F:0017

So the IP address is 0100007F .  Remember that each two hexadecimal
digits represent one byte.  So a better way of illustrating how they
reverse it would be to first break the address into bytes:

01 00 00 7F

So when you reverse it, you get:

7F 00 00 01

Remember the reversal is happening on each entire byte, which is
comprised of two hexadecimal digits.  I bet you were expecting the
reversal to be exact, like F7000010.  I hope that this clears it up
for you.

Eric Schultz
Defunct Company.com

### /proc/net/tcp

> It appears to me that you don't understand the part "reverse ordering
> of the bytes".  Using your example:

> 0100007F:0017

> So the IP address is 0100007F .  Remember that each two hexadecimal
> digits represent one byte.  So a better way of illustrating how they
> reverse it would be to first break the address into bytes:

> 01 00 00 7F

> So when you reverse it, you get:

> 7F 00 00 01

> Remember the reversal is happening on each entire byte, which is
> comprised of two hexadecimal digits.  I bet you were expecting the
> reversal to be exact, like F7000010.  I hope that this clears it up
> for you.

> Eric Schultz
> Defunct Company.com

-- http://www.oreillynet.com/lpt/a/461 - Exploirng /proc/net
A little experience often upsets a lot of theory.

I'm trying to figure out how to debug these files outputs. I have already
made my own tripwire ids component, I would like to now make a program that
makes certain the kernel isn't patched (i.e.: lkm root kit) and make sure I
can see my program listening on a port from netstat, and this file, I will
also send/recv data but thats not really related to /proc heh. I was just
wondering does someone know where the por is? I get each connection is a
line... and it has a number... but like almost everything is in hex I think
and "man proc" isn't very helpful in telling you what the information in
the files mean. Any help will be appreciated.