Board index Linux General Stuffs

Moderator: chandranjoy

Netstat - Explained

Postby chandranjoy » Fri Sep 17, 2010 6:46 pm

NETSTAT:

netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics. It is available on Unix, Unix-like, and Windows NT-based operating systems.

It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.
Also, netstat command displays information regarding traffic on the configured network interfaces, such as the following:

* The address of any protocol control blocks associated with the sockets and the state of all sockets
* The number of packets received, transmitted, and dropped in the communications subsystem
* Cumulative statistics per interface
* Routes and their status

Netstat provides:

Netstat provides statistics for the following:

* Proto - The name of the protocol (TCP or UDP).

* Local Address - The IP address of the local computer and the port number being used. The name of the local computer that corresponds to the IP address and the name of the port is shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).

* Foreign Address - The IP address and port number of the remote computer to which the socket is connected. The names that corresponds to the IP address and the port are shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).

* State - Indicates the state of a TCP connection. The possible states are as follows: CLOSE_WAIT, CLOSED, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTEN, SYN_RECEIVED, SYN_SEND, and TIME_WAIT.

Explanation of STATE:
CLOSE_WAIT: The socket connection has been closed by the remote peer, and the system is waiting for the local application to close its half of the connection.

CLOSED: The socket is not in use.

ESTABLISHED: The socket has an established connection between a local application and a remote peer.

FIN_WAIT_1: The socket connection has been closed by the local application, the remote peer has not yet acknowledged the close, and the system is waiting for it to close its half of the connection.

FIN_WAIT_2: The socket connection has been closed by the local application, the remote peer has acknowledged the close, and the system is waiting for it to close its half of the connection.

LAST_ACK: The socket connection has been closed by the remote peer, the local application has closed its half of the connection, and the system is waiting for the remote peer to acknowledge the close.

LISTEN: The socket is listening for incoming connections. Unconnected listening sockets like these are only displayed when using the -a option.

SYN_RECEIVED:
The socket has passively received a connection request from a remote peer.

SYN_SEND: The socket is actively trying to establish a connection to a Remote peer.

TIMED_WAIT:
The socket connection has been closed by the local Application, the remote peer has closed its half of the connection, and the system is waiting to be sure that the remote peer received the last Acknowledgement.

UNKNOWN:
The state of the socket is unknown

Ex:
jai@server# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN 16099/cpsrvd - wait
tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN 16099/cpsrvd - wait
tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 16099/cpsrvd - wait
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 5139/exim
tcp 0 0 173.201.39.198:53 0.0.0.0:* LISTEN 4004/named
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 27334/pure-ftpd (SE
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5139/exim
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 17738/httpd
tcp 0 0 0.0.0.0:2077 0.0.0.0:* LISTEN 16039/cpdavd - acce
tcp 0 0 0.0.0.0:2078 0.0.0.0:* LISTEN 16039/cpdavd - acce
tcp 0 0 173.201.39.220:443 146.23.212.22:2786 TIME_WAIT -
tcp 0 0 173.201.39.220:443 146.23.212.22:5100 ESTABLISHED 19048/httpd
tcp 0 0 173.201.39.220:443 146.23.212.22:4599 TIME_WAIT -


Cheers :)
chandranjoy
Site Admin
 
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to General Stuffs

Who is online

Users browsing this forum: No registered users and 1 guest


cron