# Netstat is being ran by firefox?!

## linuxinit

Okay, I use conky. I have a process monitor that shows the 3 most cpu intensive processes, and the 3 most memory intensive processes. Anyways. A few weeks ago I started noticing netstat keep popping up. It comes and goes, which makes sense since it's not a very cpu/memory intensive program. Anyways. The first time I saw it I freaked out and killed sshd, gaim, teamspeak2_server, brought down eth0 and unplugged the network cable. Yea that's excessive I know but I was freaking out. I went back through my firewall logs on my Slackware box and found nothing unusual. Just the regular subnet scans, rpc expoit attempts, and all that crap that seems to plague my ISP.

Anyways... After finding nothing, I went back through and checked my cronjobs and found nothing. So I decided maybe it was just some legit thing. Then just now, it happened again, and it stayed running, long enough for me to pstree it and see what it was running from.

I'm in shock, to find out that it's running under firefox-bin. I'm on amd64 so yea...  I have to run -bin for flash, which is proving pointless since everyone is switching to flash8. :(

Anyways, here's a dump of pstree before I killed firefox:

```
init-+-5*[agetty]

     |-conky

     |-cron

     |-2*[dbus-daemon]

     |-dbus-launch

     |-events/0

     |-gaim

     |-gpm

     |-khelper

     |-khpsbpkt

     |-2*[kjournald]

     |-ksoftirqd/0

     |-kswapd0

     |-kthread-+-aio/0

     |         |-ata/0

     |         |-kacpid

     |         |-kblockd/0

     |         |-khubd

     |         |-kpsmoused

     |         |-kseriod

     |         |-2*[pdflush]

     |         |-scsi_eh_0

     |         `-scsi_eh_1

     |-login---bash---xinit-+-X

     |                      `-sh-+-sh---xscreensaver

     |                           `-xfce4-session

     |-migration/0

     |-mozilla-launche---firefox-bin-+-netstat

     |                               `-2*[{firefox-bin}]

     |-ssh-agent

     |-sshd

     |-syslog-ng

     |-terminal---bash---pstree

     |-udevd

     |-watchdog/0

     |-xfce-mcs-manage

     |-xfce4-panel-+-xfce4-menu-plug

     |             `-xfce4-mixer-plu

     |-xfdesktop

     `-xfwm4

```

I wasn't doing much else at the time... No SSH logins, etc... I'm on my own subnet from the rest of the computers in my house. So it's definitly strange to me. Call me paranoid, I don't care. ;) ;)

So yea... to the point:

Does anybody have any clue why firefox would be running netstat? It doesn't always do it, or at least I don't notice if it does. I might setup a clear;pstree loop to keep a watch on it. I did a quick search with Google and with the forums and found nothing.

Anyone have a clue what's going on?

----------

## TheRAt

could this be caused by a firefox extension you have installed ?

maybe try to diable all your extension and re-run firefox to see if this is the case ?

----------

## linuxinit

 *TheRAt wrote:*   

> could this be caused by a firefox extension you have installed ?
> 
> maybe try to diable all your extension and re-run firefox to see if this is the case ?

 

Well it does it so rarely... But I'll run firefox with --safe-mode and see if it does it. Then I'll just keep grepping pstree for netstat and make it log it to a file or something. :)

----------

## bunder

thunderbird does this too.  i've always wondered why.  if anyone knows, please speak up   :Laughing: 

----------

## TheRAt

 *linuxinit wrote:*   

> Well it does it so rarely... But I'll run firefox with --safe-mode and see if it does it. Then I'll just keep grepping pstree for netstat and make it log it to a file or something. 

 

be very interested in your results...

----------

## linuxinit

```
     |-mozilla-launche---thunderbird-bin-+-netstat

     |                                   `-2*[{thunderbird-bin}]
```

Explain that eh? :S Anyone know a way to dig deeper than with pstree? I use no plugins in Thunderbird except GnuPGP. :S

----------

## bunder

 *linuxinit wrote:*   

> 
> 
> ```
>      |-mozilla-launche---thunderbird-bin-+-netstat
> 
> ...

 

i use none.  not even one.   :Confused: 

----------

## ScriptBlue

You guys should download the firefox source code and grep for any occurences of netstat.

EDIT:

Yep, there it is. File ./mozilla/security/nss/lib/freebl/unix_rand.c Line 883 (Latest release).

Apparently all it does is that it uses its output to mix up the random seed.

----------

## bunder

 *ScriptBlue wrote:*   

> You guys should download the firefox source code and grep for any occurences of netstat.
> 
> EDIT:
> 
> Yep, there it is. File ./mozilla/security/nss/lib/freebl/unix_rand.c Line 883 (Latest release).
> ...

 

it should use /dev/urandom then... running netstat for entropy is stupid.   :Confused: 

----------

## Aries-Belgium

There is actually a bugreport on it since 2002 and this is the comment of one of the developers:

```
I see no bug here.  The code is presently working as intended.  

The code works, and produces correct results, whether the OS has a 

well-implemented /dev/urandom or not.

There are ***x OSes that have no /dev/urandom.  It has been reported that

there are ***x OSes that have a bad implementation of /dev/urandom.
```

----------

## bunder

then those ones can use /dev/random instead.     :Razz: 

----------

## linuxinit

Well... Sad to say I'm not using Gentoo anymore. :( AMD64+Portage was a nightmare. I'm back to Slack for now. :) But yea... I was going to download the source from portage once I get this box working.

Guess what. That damn Nvidia bug I had is happening here too. So I'm gonna have to freaking hack the driver again to force 4x. :(

----------

