title: My directory server doesn't show up in netstat! link: https://onemoretech.wordpress.com/2014/03/14/my-directory-server-doesnt-show-up-in-netstat/ author: phil2nc description: post_id: 7129 created: 2014/03/14 17:32:22 created_gmt: 2014/03/14 21:32:22 comment_status: closed post_name: my-directory-server-doesnt-show-up-in-netstat status: publish post_type: post

My directory server doesn't show up in netstat!

Yes it does. You're just looking in the wrong place. More below. This is one of those "I knew that but forgot about it" department things. I stumbled across it after rebooting the home backup server and casually doing a netstat. Being an LDAP guy, I noticed right away that my OpenDJ directory server's ports didn't show up on a "netstat -an | grep -i listen". Well, they were there, just further down among the ipv6 connections.

tcp6  0  0 :::1389    :::*       LISTEN
tcp6  0  0 :::1636    :::*       LISTEN

If I'd looked more closely, I would have noticed that this was also true of my Apache server:

tcp6  0  0 :::80      :::*       LISTEN
tcp6  0  0 :::443     :::*       LISTEN

But I can still reach both OpenDJ and Apache using the server's ipv4 address! What gives? What gives is something called ipv4 mapped ipv6 addressing, which was designed to allow ipv4 hosts to communicate with services running on an ipv6 host in dual stack mode (for the technical details, see RFC 4038, section 4.2). Red Hat Linux continues to support this mode by default, while Debian Linux and the BSD's do not (support requires that the IPV6_V6ONLY socket option be turned off, an option that is completely omitted from OpenBSD on security grounds). It appears that some Windows versions (not Windows XP) support ipv4 mapped ipv6 addresses as well.

Copyright 2004-2019 Phil Lembo