I install
atop on Debian 9. It runs as a monitoring daemon.
Why is it listening on a raw socket? Raw sockets are used to generate arbitrary IPv4 packets or capture all packets read all packets for a given IP sub-protocol! But I don't think my atop and its logs show any information from reading packets. I don't even use netatop - and that would require a kernel module, which is not included in Debian. And I would be extremely surprised if any of the atop features involve *sending* raw IP packets.
$ sudo netstat -l --raw -ep
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
raw 0 0 0.0.0.0:255 0.0.0.0:* 7 root 2427667 7353/atop
$ sudo ss -l --raw -p
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:ipproto-255 *:* users:(("atop",pid=7353,fd=4))
Asked by sourcejedi
(53232 rep)
Nov 13, 2018, 11:54 AM
Last activity: Nov 13, 2018, 08:31 PM
Last activity: Nov 13, 2018, 08:31 PM