/proc/net/tcp

/proc/net/tcp

Post by Jeremia d » Wed, 14 Feb 2001 06:33:58



Ok I understand converting the port but I am still stuck on the ip
address part, any help will be appreciated..

Could somebody explain the conversion of the output of this file?
Like O'Reilly's example
0100007F:0017 = rem_address
then they reverse the ordering of the bytes in the IP address part.
7F000001:0017

Then they seperate the bytes of the address
7F 00 00 01 : 0017

Then hexadecimal-to-decimal conversion on each:

127 0 0 1 : 23

--
A little experience often upsets a lot of theory.

 
 
 

/proc/net/tcp

Post by Jeremia d » Wed, 14 Feb 2001 06:21:01


Could somebody explain the conversion of the output of this file?
Like O'Reilly's example
0100007F:0017 = rem_address
then they reverse the ordering of the bytes in the IP address part.
7F000001:0017

Then they seperate the bytes of the address
7F 00 00 01 : 0017

Then hexadecimal-to-decimal conversion on each:

127 0 0 1 : 23

--
A little experience often upsets a lot of theory.

 
 
 

/proc/net/tcp

Post by jose nazari » Thu, 15 Feb 2001 01:24:35



> Ok I understand converting the port but I am still stuck on the ip
> address part, any help will be appreciated..

honestly, i'm stuck trying to see where you're stuck. yo useem to
understand hex -> decimal conversions. is it the ordering of the network
address that's confusing you?


 
 
 

/proc/net/tcp

Post by Eric Schult » Mon, 26 Feb 2001 09:33:47


It appears to me that you don't understand the part "reverse ordering
of the bytes".  Using your example:

0100007F:0017

So the IP address is 0100007F .  Remember that each two hexadecimal
digits represent one byte.  So a better way of illustrating how they
reverse it would be to first break the address into bytes:

01 00 00 7F

So when you reverse it, you get:

7F 00 00 01

Remember the reversal is happening on each entire byte, which is
comprised of two hexadecimal digits.  I bet you were expecting the
reversal to be exact, like F7000010.  I hope that this clears it up
for you.

Eric Schultz
System Administrator
Defunct Company.com

 
 
 

/proc/net/tcp

Post by Jeremia d » Tue, 27 Feb 2001 00:17:58



> It appears to me that you don't understand the part "reverse ordering
> of the bytes".  Using your example:

> 0100007F:0017

> So the IP address is 0100007F .  Remember that each two hexadecimal
> digits represent one byte.  So a better way of illustrating how they
> reverse it would be to first break the address into bytes:

> 01 00 00 7F

> So when you reverse it, you get:

> 7F 00 00 01

> Remember the reversal is happening on each entire byte, which is
> comprised of two hexadecimal digits.  I bet you were expecting the
> reversal to be exact, like F7000010.  I hope that this clears it up
> for you.

> Eric Schultz
> System Administrator
> Defunct Company.com

-- http://www.oreillynet.com/lpt/a/461 - Exploirng /proc/net
A little experience often upsets a lot of theory.
 
 
 

1. /proc/net/tcp and /proc/net/udp

I'm trying to figure out how to debug these files outputs. I have already
made my own tripwire ids component, I would like to now make a program that
makes certain the kernel isn't patched (i.e.: lkm root kit) and make sure I
can see my program listening on a port from netstat, and this file, I will
also send/recv data but thats not really related to /proc heh. I was just
wondering does someone know where the por is? I get each connection is a
line... and it has a number... but like almost everything is in hex I think
and "man proc" isn't very helpful in telling you what the information in
the files mean. Any help will be appreciated.

2. xterm question

3. Socket Status in /proc/net/tcp

4. Quotas and problems copying large(ish) files

5. Q: uid in /proc/net/tcp

6. help: w/disk usage per user

7. HELP: C structure of /proc/net/tcp

8. Newbie question about Serial Ports

9. "/proc/net/tcp|udp"

10. 2.2 -> 2.4: /proc/net/tcp 10x slower ?

11. Socket Status of /proc/net/tcp directory

12. /proc/net/tcp + ipv6 hang

13. /proc/net/tcp