Understanding The Netstat Output

Understanding the netstat output

technet.microsoft.com says that:

Displays active TCP connections, ports on which the computer is
listening, Ethernet statistics, the IP routing table, IPv4 statistics
(for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for
the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used
without parameters, netstat displays active TCP connections.

So you can find which addresses and ports are used and listening. for example you want to run a Tomcat server on port 8080. but it used. so you can run:

netstat -ano | find "8080"

output will be something like:

 TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       1185
 TCP    [::]:8080              [::]:0                 LISTENING       1185

It says that process number 1185 is using this port. If it is necessary to use this port you can shutdown the app that use this port and run your server on it by this command:

taskkill /F /PID 1185

How do I interpret 'netstat -a' output

0.0.0.0 usually refers to stuff listening on all interfaces.
127.0.0.1 = localhost (only your local interface)
I'm not sure about [::]

TIME_WAIT means both sides have agreed to close and TCP
must now wait a prescribed time before taking the connection
down.

CLOSE_WAIT means the remote system has finished sending
and your system has yet to say it's finished.

Understanding of netstat -na command in linux

Consider this:

[root@stg openssl]# netstat -na| more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State

You can see the description of the columns at the beginning of the netstat output.

1st : Protocol name. In your case TCP

2nd : Recv-Q . Number of bytes of data that the application at Local Address is yet to pull from TCP buffer. In your case it is zero

3rd: Send-Q. Number of bytes of data that the application has given to TCP and which aren't ACK'ed by the peer TCP. It is this in your case is 182

Netstat output with boost::Asio

Does this mean that client has connected to port 3333 but the port from which it itself connects is 46675?

Basically. It describes the client endpoint. This is BSD/Posix sockets jargon.

What I do not understand is what does the the port 46675 mean in the address shown above? This definitely represents the client side, but from where was this port number allocated to the client?

It gets automatically chosen (by the TCP stack, usually in the kernel) from the local port range. E.g. on linux you can manipulate that range (if you have permission):

sudo sysctl -w net.ipv4.ip_local_port_range="60000 61000"

(Warning: don't do this unless you know what you're doing). See also https://en.wikipedia.org/wiki/Ephemeral_port


Related Topics

Git - Crlf Issue in Windows + Linux Dual Boot

How to Change File Extension in Linux Shell Script

Are Debug Symbols Loaded into Memory on Linux

How to Push a String to Stdin? Provide Input via Stdin on Startup, Then Read Stdin Input Interactively

Sending Snmp2 Trap Message from Linux Command Lne

Matching Third Field in a CSV with Pattern File in Gnu Linux (Awk/Sed/Grep)

How to Tell Linux to Keep a Page and Not Evict It

Print Bash Script Result Behind Prompt in The Next Line

How to Play an Audio File from Haskell Code, Cross-Platform

Qt Does Not Create Output Files in Debug/Release Folders in Linux

Find' (Command) Finds Nothing with -Wholename

Access Podman Rest API from Testcontainer

How to Use/Learn Video4Linux2 (On Screen Display) Output APIs

How to Force a Range of Virtual Addresses

Dreaming of Making My Own Os- What Should I Use? (Suggestions)

Starting Multiple Firefox Profiles with Batch File in Linux

Javafx: Tested/Confirmed Hardware (Gpu) Acceleration on Linux

How to Get a Hex Color Code from a Solid-Color Image for a Script


Leave a reply



Submit