# Understanding netstat output



## luketomes (Jun 27, 2002)

I ran netstat the other day after installing my firewall and was surprised to find some active ports that I didn't know about. Heres the output of netstat-

[localhost:~] luke% netstat

Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0  210-55-241-119.d.49153 64.212.171.241.6660    ESTABLISHED
tcp        0      0  localhost.1033         localhost.883          ESTABLISHED
tcp        0      0  localhost.883          localhost.1033         ESTABLISHED
tcp        0     60  localhost.1033         localhost.820          ESTABLISHED
tcp        0      0  localhost.820          localhost.1033         ESTABLISHED
tcp        0      0  localhost.1033         *.*                    LISTEN
udp        0      0  localhost.49153        localhost.853         
udp        0      0  localhost.49152        localhost.853         
udp        0      0  localhost.1033         *.*  


Now I know the first port is IRC,

What are all the other ports for? (1033,883 etc)
Why are the active?

If I run nmap they dont show on the scan as listening, so I was assuming they were internal ports used by applications, but as they say "to ASSUME is to make an ASS out of U and ME".

Any commments would be appreciated.

Luke Tomes.


----------

