Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Netstat
Special Forums IP Networking Netstat Post 7763 by loadc on Monday 1st of October 2001 10:22:22 PM
Old 10-01-2001
Lessee here....
You asked what the connections are:

the first poster answered that as well as I could, they are the connections to and fromyour box, the last column is the state of the "socket" (connection). these are FASCINATING things, and it always pays to know about them, Sys Admin did an excellent article this last year on socket states, look it up at their site, www.sysadminmag.com, I think

You also asked about knowing what the ports are doing:

again, the other posters covered this extremely well, lsof and ps are your friends here, as well as teh iptraf command, do a man on any or all of them and if you don't have lsof, I suggest getting it, it is very useful. You could also turn on promiscuous (?) mode on your interface with tcpdump/etherpeek/snoop/any other packet dumper, and look to see what is coming in, that is an education in networking in itself. Do a man on tcpdump, and you can learn more about ip traffic than you thought existed.

You also asked if closing the ports will do any harm:

That depends, are you connected on the port via telnet to your remote machine? If so, it would kill that session, you could also kill mail, and many other helpful connections to your machine, not to mention any servers listening on ports (these will be in a state of LISTEN).

Now, some also mentioned that you have to wait for a length of time before you can see the port be released and may reuse it again. this is true, but it is also usually a kernel parm taht is settable and can be cranked down to 5 seconds (or less on some platforms), be CAREFUL with this, it is dangerous to set your timeouts so low.....
Noe there is also an interactive way to kill these ports and NOT wait, WITHOUT the kernel parm; Dugsong put out a tool a while back called dsniff, it is a suite of some really wicked tools he used to figure out some networking things on his own system. There are some amazing things in there. One of the tools is tcpkill, it allows you to kill a socket on the localhost and NOT timeout the port, it just goes AWAY... very good programming...
He has made this available in the *BSD ports and packages, as well as at his site, which is quite interesting (when he isn't censoring it due to the DMCA...
www.monkey.org/~dugsong/dsniff.html ought to get you there. I will warn you, this tool is very dangerous in the wrong hands, it was intended for learning and should be used with the respect due to it and it's author. Using it illegally would endanger eveyone else's access to it, not only your own, so think of others and use it wisely and respectfully... please.


Ciao


loadc
 

10 More Discussions You Might Find Interesting

1. IP Networking

netstat

Hi what is the command to see the process name/application name along with the port number, connection status ... netstat is not giving process/application name Is there any way to know which application is holding which port? Thanks in advance (3 Replies)
Discussion started by: axes
3 Replies

2. UNIX for Advanced & Expert Users

Netstat command

Hi.., Now, I am reading about the netstat command and its implementation. I have doubts in some options and its functionalities, natstat - M (Which is described as display masqueraded connections), what it means? What is Forwarding Information Base.?(--fib) Thanks in advance,... (3 Replies)
Discussion started by: nagalenoj
3 Replies

3. BSD

question about netstat

For FreeBSD I use this command to determine what ports are listenning netstat -an | grep LISTEN is there another way, perhaps another command? (2 Replies)
Discussion started by: edgarvm
2 Replies

4. IP Networking

netstat output

I can't tell what the output of the netstat command means. Is there anywhere that has this information? I tried the man pages, but they weren't helpful. (3 Replies)
Discussion started by: Ultrix
3 Replies

5. Solaris

netstat -- what am i looking at?

Greetings to all, Here is a line of output from my netstat command cbp031.904 wdcprodhome.nfsd 98304 0 49640 0 ESTABLISHED The only thing i recognize is the unix machine "cbp031" but what is .904 and all the other data telling me? Thanks in advance. (3 Replies)
Discussion started by: Harleyrci
3 Replies

6. Shell Programming and Scripting

netstat command

Hi, In my project we use sftp with batch mode (password less) script in parallel for 14 sessions which connects to 2 different servers alternatively i.e. 7 connects to one server say server1 and the other 7 connects to say server 2. Now the problem is that these 14 sessions are run in... (5 Replies)
Discussion started by: dips_ag
5 Replies

7. UNIX for Advanced & Expert Users

Help with netstat

Hi, I want to list the time for how long a secure connections last to my server/blade. i am using netstat command to get the same, but not sure how to get the time for how long connections is being ESTABLISHED. netstat -na | grep 'ESTABLISHED' | grep :443 |awk '{print $4}' | cut -d: -f1 |... (1 Reply)
Discussion started by: Siddheshk
1 Replies

8. UNIX for Dummies Questions & Answers

Need help with a netstat command

Do I have this command correct to show all current connections/sessions my Solaris box has? It does not seem to do anything. netstat -an | grep EST (6 Replies)
Discussion started by: SIFT3R
6 Replies

9. Red Hat

netstat

Hi Can any body tell me about TIME_WAIT status meaning in the following command output. # netstat -anp|grep 5000 tcp 0 0 127.0.0.1:50006 0.0.0.0:* LISTEN 5058/ccsd tcp 0 0 0.0.0.0:50008 0.0.0.0:* ... (3 Replies)
Discussion started by: mastansaheb
3 Replies

10. OS X (Apple)

netstat

When running netstat -i from the Command Terminal, It returns with 21 different connections.. The addresses all look like this: ::1 fe80:1::1 10:dd:b1:a5:c4:ba with Network names like Linke#2 fe80::8e2d How can I delve deeper into this to clarify what is going on with my network?... (0 Replies)
Discussion started by: dwfiedler
0 Replies

LEARN ABOUT DEBIAN

ovs-benchmark

ovs-benchmark(1)						Open vSwitch Manual						  ovs-benchmark(1)

NAME

       ovs-benchmark - flow setup benchmark utility for Open vSwitch

SYNOPSIS

       ovs-benchmark latency --remote ip[:ports] [--sockets nsocks] [--batches nbatches] [--local [ip][:ports]]

       ovs-benchmark rate --remote ip[:ports] [--max-rate rate] [--timeout maxsecs] [--sockets nsocks] [--batches nbatches] [--local [ip][:ports]]

       ovs-benchmark listen [--local [ip]:ports]

       ovs-benchmark help

DESCRIPTION

       ovs-benchmark  tests  the performance of Open vSwitch flow setup by setting up a number of TCP connections and measuring the time required.
       It can also be used with the Linux bridge or without any bridging software, which allows one to measure the bandwidth and latency  cost	of
       bridging.

       Each ovs-benchmark command is described separately below.

The ``latency'' command
       This  command  initiates  nsocks  TCP  connections (by default, 100) as quickly as possible, waits for each one to complete with success or
       failure, and prints a bar chart of completion times on standard output, followed by a summary line.  Each line in the  bar  chart  lists  a
       time  to  connection  completion in milliseconds followed by a number of . or ! symbols, one for each TCP connection that completed in that
       many milliseconds.  A successful connection prints a ., and an unsuccessful connection (e.g. to a port on which no  process  is	listening)
       prints a !.

       If nbatches is given, the entire procedure is repeated the specified number of times.  Only a single summary line is printed at the end.

       Results vary widely based on the number of sockets and whether the remote host is listening for connections on the specified ports.  With a
       small number of sockets, all connection times typically remain within a handful of milliseconds.  As the number of sockets  increases,  the
       distribution of connection times clusters around the sending TCP stack's SYN retransmission interval.  (This pattern occurs with or without
       Open vSwitch on the network path.)

The ``rate'' command
       This command initiates nsocks TCP connections (by default, 100) as quickly as possible (limited by maxrate, if  --max-rate  is  specified).
       Each  time a connection completes with success or failure, it closes that connection and initiates a new one.  It continues to do so either
       forever or, if --timeout is specified, until maxsecs seconds have elapsed.  During the test, it prints statistics about time elapsed,  suc-
       cessful and unsuccessful connections, and the average number of completed (succeeded or failed) connections per second over the run.

       Without	--max-rate, the rate command measures the maximum sustained flow setup rate for an Open vSwitch instance.  This naturally tends to
       drive ovs-vswitchd CPU usage to 100% on the host receiving the traffic.

       When --max-rate is specified with a value below the maximum rate that an Open vSwitch instance can handle, then rate can also  be  used	to
       measure the kernel and userspace CPU cost of flow setups at specific flow rates.

       Results	tend  to  fluctuate  greatly  for  the first few seconds of a run, then settle down.  The displayed average is calculated over the
       entire run and so tends to converge asymptotically on the ``correct'' value.  To converge more quickly, try running for 5  to  10  seconds,
       then killing and restarting the run.

The ``listen'' command
       This  command  listens  on  one or more TCP ports for incoming connections.  It accepts connections and immediately closes them.  It can be
       paired with the rate or latency commands for observing effects of successful vs. unsuccessful TCP connections.

       It is easier to reproduce and interpret ovs-benchmark results when there is no listener (see NOTES below).

The ``help'' command
       Prints a usage message and exits successfully.

OPTIONS

       -r ip[:ports]
       --remote ip[:ports]
	      This option, required on latency and rate commands, minimally specifies the remote host to connect to (as an IP address or DNS name)
	      as ip.

	      A TCP port or range of ports (separated by -) may also be specified.  If a range is specified then each port in the range is used in
	      round-robin order.  The default port is 6630 if none is specified.

       -l [ip][:ports]
       --local [ip][:ports]
	      On the latency and rate, without this option, outgoing connections will not bind a specific TCP port.  The local TCP stack will pick
	      a  local	TCP  port  to bind.  When this option is specified, the specified port or range of ports will be used in turn.	(If a port
	      range is specified on both --local and --remote, then each local port in its range will be used before the  remote  port	is  incre-
	      mented to the next port in its range.)

	      On  the  listen  command, this option specifies the local port or ports and IP addresses on which to listen.  If it is omitted, port
	      6630 on any IP address is used.

       -s nsocks
       --sockets nsocks
	      For latency, sets the number of connections to initiate per batch.  For rate, sets the number of outstanding connections attempts to
	      maintain at any given time.  The default is 100.

       -b nbatches
       --batches nbatches
	      For latency, sets the number of times to initiate and wait for all of the connections to complete.  The default is 1.

       -c maxrate
       --max-rate maxrate
	      For  rate,  caps	the maximum rate at which connections will be attempted to maxrate connections per second.  By default there is no
	      limit.

       -T maxsecs
       --timeout maxsecs
	      For rate, stops the benchmark after maxsecs seconds have elapsed.  By default, the benchmark continues until interrupted by  a  sig-
	      nal.

NOTES

       ovs-benchmark uses standard POSIX socket calls for network access, so it shares the strengths and limitations of TCP/IP and its implementa-
       tions in the local and remote TCP/IP stacks.  Particularly, TCP and its implementations limit the number of successfully completed and then
       closed  TCP  connections.  This means that ovs-benchmark tests tend to slow down if run for long intervals or with large numbers of sockets
       or batches, if the remote system is listening on the port or ports being contacted.  The problem does not occur when the remote	system	is
       not  listening.	 ovs-benchmark results are therefore much more reliable and repeatable when the remote system is not listening on the port
       or ports being contacted.  Even a single listening socket (e.g. range of ports 8000 to 9000 with one listener on port 8080) can cause anom-
       alies in results.

       Be  sure  that  the remote TCP/IP stack's firewall allows the benchmark's traffic to be processed.  For Open vSwitch benchmarking purposes,
       you might want to disable the firewall with, e.g., iptables -F.

       ovs-benchmark is single-threaded.  A multithreaded process might be able to initiate connections more quickly.

       A TCP connection consists of two flows (one in each direction), so multiply the TCP connection statistics that ovs-benchmark reports  by  2
       to get flow statistics.

Open vSwitch							     July 2011							  ovs-benchmark(1)
All times are GMT -4. The time now is 08:51 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy