confused about open ports from jreed_at_appliedtheory.com on 2001-06-28 (tru64-unix-managers)

From: <jreed_at_appliedtheory.com>
Date: Wed, 27 Jun 2001 08:14:43 -0400

G'day, managers.
We have a gs140 running t64v4.0f. It runs "squid" as a proxy
server for another gs140 behind it running apache. Recently
we turned off the squid server, so there is nothing listening
on port 80. After doing this, tcpdump was still showing conn.
to and from this host's port 80, so I bounced the interface.
Connections went away briefly, but a bit later they were
back.

"netstat -a" does not show port 80 as either open or listening.
I've appended output below. tcpdump still showed connections,
example is also appended below. tcpdump output is from at least
1.5 hours after we shut down squid and bounced the interface.
Can someone please enlighten me as to why/how a host answers
on a port where nothing is listening?

Thanks!
Judith Reed
jreed_at_appliedtheory.com

09:27:59.335059 oursite-pvt.aaa.com.80 > uhgatt10.uhc.com.1718: R 0:0(0) ack
3255234 win 0
09:27:59.881934 uhgatt10.uhc.com.1718 > oursite-pvt.aaa.com.80: S
559404818:559404818(0) win 16384 <mss 1460,nop,[|tcp]> (DF)

oursite# netstat -a
printing 1 hashtable with 512 buckets
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 oursite-pvt.22 bigip0-pvt.1022 ESTABLISHED
tcp 0 0 oursite-pvt.22 wukon.1009 ESTABLISHED
tcp 0 0 oursite-pvt.22 munch.3063 ESTABLISHED
tcp 0 0 *.6011 *.* LISTEN
tcp 0 0 *.6012 *.* LISTEN
tcp 0 0 *.7937 *.* LISTEN
tcp 0 0 *.22 *.* LISTEN
tcp 0 0 *.1025 *.* LISTEN
tcp 0 0 *.7938 *.* LISTEN
tcp 0 0 *.printer *.* LISTEN
tcp 0 0 *.eklogin *.* LISTEN
tcp 0 0 *.klogin *.* LISTEN
tcp 0 0 *.kshell *.* LISTEN
tcp 0 0 *.telnet *.* LISTEN
tcp 0 0 *.ftp *.* LISTEN
tcp 0 0 *.2301 *.* LISTEN
tcp 0 0 *.AdvFS *.* LISTEN
udp 0 0 *.177 *.*
udp 0 0 *.7938 *.*
udp 0 0 *.1061 *.*
udp 0 0 *.1060 *.*
udp 0 0 *.advfsd-s *.*
udp 0 0 *.* *.*
udp 0 0 *.* *.*
udp 0 0 *.* *.*
udp 0 0 *.snmp *.*
udp 0 0 localhost.ntp *.*
udp 0 0 oursite-bkup.ntp *.*
udp 0 0 oursite.ntp *.*
udp 0 0 oursite-pvt.ntp *.*
udp 0 0 oursite-dev.ntp *.*
udp 0 0 *.ntp *.*
udp 0 0 *.* *.*
udp 0 0 *.syslog *.*
Received on Wed Jun 27 2001 - 12:15:38 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:42 NZDT