Side effect of sshd-session

Fri Apr 11 19:39:35 AEST 2025

On 10.04.25 20:12, Hank Leininger wrote:
> So I created https://sourceforge.net/p/net-tools/bugs/50/ about either
> making the width subject to -W, or simply increasing the #define from 20
> to 30

Independent of the (non)success of your improvement request:

> # netstat -natp | grep -1 ':4317.*ESTA.*22277'
> tcp        0      0 10.241.2.52:22          10.240.3.12:49806       ESTABLISHED 18475/sshd: bongo [ 
> tcp        0      0 10.241.2.52:13278       10.224.2.18:4317        ESTABLISHED 22277/otelcol-contr 
> tcp        0      0 10.241.2.52:22          10.240.3.12:39690       ESTABLISHED 17512/sshd: bongo [ 
> --
> tcp        0      0 10.241.2.52:22          10.240.3.12:45840       ESTABLISHED 32642/sshd: bongo [ 
> tcp        0      0 10.241.2.52:16278       10.224.2.18:4317        ESTABLISHED 22277/otelcol-contr 
> tcp        0      0 10.241.2.52:22          10.240.3.12:43180       ESTABLISHED 828/sshd: bongo [pr

> # netstat-natp | grep -1 ':4317.*ESTA.*22277'
> tcp        0      0 10.241.2.52:22          10.240.3.12:49806       ESTABLISHED 18475/sshd: bongo [priv]   
> tcp        0      0 10.241.2.52:13278       10.224.2.18:4317        ESTABLISHED 22277//usr/bin/otelcol-contrib --config=/etc/otelcol-contrib/config.yaml 
> tcp        0      0 10.241.2.52:22          10.240.3.12:39690       ESTABLISHED 17512/sshd: bongo [priv]   
> --
> tcp        0      0 10.241.2.52:22          10.240.3.12:45840       ESTABLISHED 32642/sshd: bongo [priv]   
> tcp        0      0 10.241.2.52:16278       10.224.2.18:4317        ESTABLISHED 22277//usr/bin/otelcol-contrib --config=/etc/otelcol-contrib/config.yaml 
> tcp        0      0 10.241.2.52:22          10.240.3.12:43180       ESTABLISHED 828/sshd: bongo [priv]

# uuencode netstat-natp < bin/netstat-natp
begin 644 netstat-natp
M(R$O8FEN+W-H"B]B:6XO;F5T<W1A="`M;F%T<"!\(&=R97`@)ULP+3E=+R<@
M?"!S960 at +64@)W-\7"A;,2TY75LP+3E=*EPI+RXJ?%PQ+R(@.R!T<B`B7%PP
M(B`B("(@/"`O<')O8R]<,2]C;61L:6YE(#L at 96-H;WPG("UE("=S+UXO96-H
.;R`M;B`B+R<@?"!S:`H`
`
end

(I suppose the script *could* be improved so as to reproduce output 
lines that *lack* a PID+cmdline, too, like these:

> tcp        0      0 127.0.0.1:31039         127.0.0.1:56858         TIME_WAIT   -                   
> tcp        0      0 10.241.2.52:13006       178.15.145.183:22       TIME_WAIT   -

but I guess that that's not your focus *here*.)

Kind regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4336 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250411/fa743c70/attachment.p7s>