auditd reports port number '0' for connect() system call
Kangkook Jee
aixer77 at gmail.com
Thu Mar 31 11:33:18 UTC 2016
Dear Steve,
Thanks a lot for your quick response.
Would you tell me from what saddr fields that you get the port number value ‘779’?
This might indicate my code to extract the field might be wrong. Would you also inform me what is the correct way to decode saddr string?
Thanks again!
Regards, Kangkook
> On Mar 30, 2016, at 7:29 PM, Steve Grubb <sgrubb at redhat.com> wrote:
>
> On Tuesday, March 29, 2016 11:19:24 PM Kangkook Jee wrote:
>> If I understood correctly, connect() should return error when sin_port field
>> is set with '0'. Would anyone explain this to me or help me with fix this
>> problem?
>
> I get 779 as the port from your event.
>
> -Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160331/5ccc071f/attachment.htm>
More information about the Linux-audit
mailing list