Table of Contentsnetstat - Display active network connections netstat [[-a | [-t | -u | -w]] [-n | -o] | -x] [-c] netstat -i [-a] [-c]
netstat -r [-c] [-n]
netstat -v
Netstat displays the status of network connections on either TCP, UDP, RAW or UNIX sockets to the system. By default, netstat only displays status on active sockets which are not in the LISTEN state (i.e. connections to active processes). To obtain information about the kernel routing table, netstat may be invoked with the option -r Netstat's display includes the following information for each socket:
The protocol (either TCP or UDP) used by the socket.
The count of bytes not copied by the user program connected to this socket.
The count of bytes not acknoledged by the remote host.
The local address (local hostname) and port number of the socket. Unless the -n switch is given, the socket address is resolved to its canonical hostname, and the port number is translated into the corresponding service name.
The remote address (remote hostname) and port number of he socket. As with the local address:port, the -n switch turns off hostname and service name resolution.
The state of the socket. Since there are no states in RAW and usually no states used in UDP, this row may be left blank. Normally this can be one of several values: - ESTABLISHED
- The socket has an established connection.
- SYN_SENT
- The socket is actively attempting to establish a connection.
- SYN_RECV
- The connection is being initialized.
- FIN_WAIT1
- The socket is closed, and the connection is shutting down.
- FIN_WAIT2
- Connection is closed, and the socket is waiting for a shutdown from the remote end.
- TIME_WAIT
- The socket is waiting after close for remote shutdown retransmission.
- CLOSED
- The socket is not being used.
- CLOSE_WAIT
- The remote end has shut down, waiting for the socket to close.
- LAST_ACK
- The remote end shut down, and the socket is closed. Waiting for acknowledgement.
- LISTEN
- The socket is listening for incoming connections.
- CLOSING
- Both sockets are shut down but we still don't have all our data sent.
- UNKNOWN
- The state of the socket is unknown.
If netstat is invoked with the option -o , additional information will be displayed behind the state info. These informations are shown like this: "rx-retransmission byte count" "tx-retransmission byte count" "timer state" "(time/backoff)". Timer state may now be either on or off. The time (in seconds) being displayed is how long it will take the timer to expire. All these options are subject to be removed in later releases of the NET software.
Being invoked with the option -x , netstat displys a list of all active UNIX internal communication sockets.
Netstat's display includes the following information for each socket:
The protocol (usually unix) used by the socket.
The reference count (i.e. attached processes via this socket).
The only displayed flag is SO_ACCEPTON (displayed as ACC) otherwise left blank. SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request. The other flags are not of normal interest and not displayed.
There are several types of socket access: - SOCK_DGRAM
- The socket is used in Datagram (connectionless) mode.
- SOCK_STREAM
- This is a stream (connection) socket.
- SOCK_RAW
- The socket is used as a raw socket.
- SOCK_RDM
- This one serves reliably-delivered messages.
- SOCK_SEQPACKET
- This is a sequential packet socket.
- SOCK_PACKET
- RAW interface access socket.
- UNKNOWN
- Who ever knows, what the future will bring us - just fill in here :-)
This field will contain one of the following Keywords: - FREE
- The socket is not allocated
- LISTENING
- The socket is listening for a connection request.
- UNCONNECTED
- The socket is not connected to another one.
- CONNECTING
- The socket is about to establish a connection.
- CONNECTED
- The socket is connected.
- DISCONNECTING
- The socket is disconnecting.
- UNKNOWN
- This state should never happen.
This displays the path name as which the corresponding processes attached to the socket. The network routing table (invoked with netstat -r ) shows up the following information:
The destination adress of a resolved host or hand-entered network is displayed. Unless the option -n is given, the hosts or nets are resolved. An entry named "default" shows up the default route for the kernel. If there is no Asterisk ('*') displayed - any data will be routed to the dedicated gateway. Possible routeing flags are: - U
- This route is useable
- G
- Destination is a gateway
- H
- Destination is a Host entry
- R
- Route will be reinstated after time-out
- D
- This one is created dynamically (by redirection)
- M
- This one is modified dynamically (by redirection)
Reference count for this route How many times this route was used yet This is the name of the Interface, where this route belongs to The device statistics table (invoked with netstat -i ) displays information about the interfaces:
The name this interface. Maximum size for transmission on this interface. This should be the size of data transferred on this interface without interface specific headers. error free received packets for this interface. buggy received packets. dropped received packets (due to memory lack ?). packets that we were unable to receive that fast way. error free transmitted packets for this interface. buggy transmitted packets. dropped transmitteded packets. packets that we were unable to transmit. The following flags may occur on the given interfaces: - A
- This interface will receive all Multicast adresses.
- B
- Broadcasts are ok here.
- D
- Debugging is turned on..
- L
- Interface is a loopback device.
- M
- all packets are received (Promisc-Mode).
- N
- Trailers are avoided.
- O
- No Addres Resolution Protocol on this Interface.
- P
- Interface is a Point-to-Point connection.
- R
- Interface is running.
- U
- Interface is up.
- -a
- Display information about all internet sockets, i.e. TCP, UDP, RAW and UNIX including those sockets that are listening only.
- -i
- Show network devices statistics.
- -c
- Generate a continuous listing of network status: network status is displayed every second until the program is interrupted.
- -n
- Causes netstat not to resolve hostnames and service names when displaying remote and local address and port information.
- -o
- Display timer states, expiration times and backoff state.
- -r
- Display kernel routing table.
- -t
- Display information about TCP sockets only, including those that are listening.
- -u
- Display information about UDP sockets only.
- -v
- Print version information.
- -w
- Display information about raw sockets.
- -x
- Display information about UNIX domain sockets.
/etc/services -- The services translation file
/proc/net/socket -- devices information
/proc/net/raw -- RAW socket information
/proc/net/route -- Kernel routing information
/proc/net/tcp -- TCP socket information
/proc/net/udp -- UDP socket information
/proc/net/unix -- Unix domain socket information
Occasionally strange information may appear if a socket changes as it is viewed. This is unlikely to occur. The netstat user interface was written by Fred Baumgarten <dc6iq@insu1.etec.uni-karlsruhe.de> the man page basically by Matt Welsh <mdw@tc.cornell.edu>. It was updated by Alan Cox <Alan.Cox@linux.org> but could do with a bit more work.
Table of Contents
www.fiveanddime.net