You are not logged in.

#1 2004-12-22 03:02:34

sn0n
Member
From: Antioch, CA
Registered: 2004-08-31
Posts: 31
Website

netstat question...

can anyone explain what this means exactly

[root@frodo ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0    216 192.168.1.105:ssh       192.168.1.103:3459      ESTABLISHED
tcp        0      0 ::ffff:192.168.1.10:www ::ffff:192.168.1.1:2971 TIME_WAIT
tcp        0      0 ::ffff:192.168.1.10:www ::ffff:192.168.1.1:2961 TIME_WAIT
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ]         DGRAM                    1950   @udevd
unix  3      [ ]         STREAM     CONNECTED     5794   /dev/log
unix  3      [ ]         STREAM     CONNECTED     5793



mainly that pair of tcp connections.. they have me quite confused..

Offline

#2 2004-12-22 03:44:46

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: netstat question...

sn0n wrote:

can anyone explain what this means exactly

[root@frodo ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0    216 192.168.1.105:ssh       192.168.1.103:3459      ESTABLISHED
tcp        0      0 ::ffff:192.168.1.10:www ::ffff:192.168.1.1:2971 TIME_WAIT
tcp        0      0 ::ffff:192.168.1.10:www ::ffff:192.168.1.1:2961 TIME_WAIT
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ]         DGRAM                    1950   @udevd
unix  3      [ ]         STREAM     CONNECTED     5794   /dev/log
unix  3      [ ]         STREAM     CONNECTED     5793

First off, I prefer netstat -n
*shrug*

Anyway.
Netstat  prints network connections, routing tables, interface statis-tics, masquerade connections, and multicast memberships...

protocol == tcp
local address == 192.168.1.10:www  (this means web port 80)
Foreign Address == 192.168.1.1:2971 (likely a web request, that just looks funny because it is being NAT'ed...I assume 192.168.1.1 is your gateway machine or some router)
State == TIME_WAIT (The socket is waiting after close to handle packets still in the network)

To find more about the states that can be listed, man netstat is your friend.

ps..it looks like you are running a webserver on that box. Is this correct?
8)


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#3 2004-12-22 14:11:38

Winkie
Member
Registered: 2004-09-30
Posts: 59

Re: netstat question...

First off, I prefer lsof -i

no seriously, it's MUCH nicer.

[root@nec1 paul]# lsof -i|grep ssh
sshd       1998     root    3u  IPv4    6296       TCP *:ssh (LISTEN)
ssh        4984    paulw    3u  IPv4  812881       TCP nec1.isher:38639->term01.isher:ssh (ESTABLISHED)
ssh        7785    paulw    3u  IPv4 5502830       TCP nec1.isher:37360->term04.isher:ssh (ESTABLISHED)
ssh       15212    paulw    3u  IPv4 5673397       TCP nec1.isher:44938->chaplin.isher:ssh (ESTABLISHED)

Offline

#4 2004-12-22 16:13:27

sn0n
Member
From: Antioch, CA
Registered: 2004-08-31
Posts: 31
Website

Re: netstat question...

yeah its running a webserver.. but the fffff thing kinda threw me off.. i didnt know what it was exactly..

Offline

Board footer

Powered by FluxBB