Netstat Command

Free Articles

The NETSTAT utility The NETSTAT utility is a command available on most platforms that enables a user to list the sockets in use on a system. The information returned by the command is only for the local host, and there is no provision for monitoring remote hosts using this utility. The most common uses for NETSTAT are: _ Determining how many sockets are currently open on a system _ Determining what application owns a particular socket _ Diagnosing TCP/IP problems _ Diagnosing routing problems The NETSTAT command can be issued with or without parameters.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Without parameters, the output generated by the command typically lists all of the active UDP and TCP connections in the system’s connection table. Options can be added to filter the output, or to request additional information. Because NETSTAT is not RFC defined, the specific options employed by different implementations vary. However, there is a common set of options that remain constant among most NETSTAT implementations. Common NETSTAT options Common NETSTAT options include: -r / -route Displays the routing table currently used by the TCP/IP application. i / -interface Displays a list of interfaces, and their states. -l / -listening Displays only sockets on which an application is listening. -a / -all Displays all connections (typically, this is the default). -s / -statistics Displays the statistics for each protocol. -t / -timer Displays timer information. -v / -verbose Displays the output in verbose mode. -f / -family Displays the address family of the connections Sample NETSTAT report output Following is a sample of a NETSTAT -all command and illustrates what is usually output by the default implementation of the utility.

Example 1 NETSTAT -all command output :> NETSTAT -a TCPIP Name: TCPIP 13:11:51 User Id Conn Local Socket Foreign Socket State ——- —- ———— ————– —– FTPD1 00064A00 10. 44. 36. 163.. 21 10. 76. 141. 227.. 1780 Establsh FTPD1 00000039 0. 0. 0. 0.. 21 0. 0. 0. 0.. 0 Listen PSF06A 00064B75 10. 44. 36. 163.. 1384 10. 27. 172. 17.. 9100 SynSent SMTP 00000037 0. 0. 0. 0.. 25 0. 0. 0. 0.. 0 Listen SNMPD 00000031 0. 0. 0. 0.. 1026 0. 0. 0. 0.. 0 Listen TCPIP 0006421F 10. 44. 36. 163.. 23 10. 27. 204. 195.. 055 Establsh SMTP 00000038 0. 0. 0. 0.. 1028 *.. * UDP SNMPD 00000030 0. 0. 0. 0.. 161 *.. * UDP The columns of the output, as well as in most implementations, are defined as follows: User Id The application or user that is using the socket. Conn The connection identification number. 650 TCP/IP Tutorial and Technical Overview Local Socket The local IP address and port over which the connection is active. Foreign Socket The remote IP address and port over which the connection is active. State The state of the connection.

Most implementations use some form of the following values for state: • CloseWait • Closed • Established • FinWait_1 • FinWait_2 • LastAck • Listen • SynReceived • SynSent • TimeWait • UDP (Because UDP is a connectionless protocol, they cannot be listed in a particular state. As such, NETSTAT simply indicates that they are UDP sockets. ) Additional information about these states can be found in RFC 0793. Additionally, Example2 is a sample routing table generated by NETSTAT. Example 2 Sample routing table :> NETSTAT -r TCPIP Name: TCPIP 13:25:04

Destination Gateway Flags Refcnt Interface ———– ——- —– —— ——— Default 10. 44. 36. 129 UGS 001504 INTRF1 Default 10. 44. 36. 129 UGS 000006 INTRF2 10. 44. 36. 128 0. 0. 0. 0 US 000003 INTRF1 10. 44. 36. 128 0. 0. 0. 0 US 000000 INTRF2 10. 44. 36. 129 0. 0. 0. 0 UHS 000000 INTRF1 10. 44. 36. 129 0. 0. 0. 0 UHS 000000 INTRF2 10. 44. 36. 163 0. 0. 0. 0 UH 000000 VIPAL1 10. 44. 36. 164 0. 0. 0. 0 UH 000000 INTRF1 10. 44. 36. 165 0. 0. 0. 0 UH 000000 INTRF2 127. 0. 0. 1 0. 0. 0. 0 UH 000002 LOOPBACK Again, the columns above are defined as follows:

Destination The route described by the report. Gateway The gateway (if any) used to reach this route. Flags Attributes of the route. Possible values include: • G: The route uses a gateway. • U: The interface over which the route travels is up. • H: Only a single host can be reached through this route. • D: The route was dynamically created. • M: The route’s table entry was modified by an ICMP redirect message. • ! : The route is a reject route; datagrams will be dropped. Refcnt The number of connections using this route. Interface The interface used by the route.

Post a Comment

Your email address will not be published. Required fields are marked *

*

x

Hi!
I'm Katy

Would you like to get such a paper? How about receiving a customized one?

Check it out