netstat output


 
Thread Tools Search this Thread
Special Forums IP Networking netstat output
# 1  
Old 03-01-2010
netstat output

I can't tell what the output of the netstat command means. Is there anywhere that has this information? I tried the man pages, but they weren't helpful.
# 2  
Old 03-01-2010
Which OS, and which command exactly? Because on those systems that I have access to netstat outputs nice headers that should be easy to understand if you know a bit about networking.
# 3  
Old 03-01-2010
Quote:
Originally Posted by pludi
Which OS, and which command exactly? Because on those systems that I have access to netstat outputs nice headers that should be easy to understand if you know a bit about networking.
I'm using Mac OS X Leopard. The output looks something like this (shortened for brevity's sake):

Code:
Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4      37      0  10.0.1.3.52023         textnews.news.ca.nntp  CLOSE_WAIT
udp4       0      0  10.20.1.118.ntp        *.*                    
udp4       0      0  *.58916                *.*                    
udp4       0      0  *.52844                *.*                    
udp4       0      0  *.58444                *.*                    
udp4       0      0  *.52618                *.*                    
udp4       0      0  *.55354                *.*                    
udp4       0      0  *.54759                *.*                    
udp4       0      0  *.*                    *.*                    
udp6       0      0  michael-gables-m.ntp   *.*                    
udp6       0      0  localhost.ntp          *.*                    
udp4       0      0  localhost.ntp          *.*                    
udp6       0      0  localhost.ntp          *.*                    
udp6       0      0  *.ntp                  *.*                    
udp4       0      0  *.ntp                  *.*                    
udp4   15489      0  *.ipp                  *.*                    
udp6       0      0  *.mdns                 *.*                    
udp4       0      0  *.mdns                 *.*                    
udp4       0      0  *.*                    *.*                    
udp4       0      0  *.*                    *.*                    
icm6       0      0  *.*                    *.*                    
Active LOCAL (UNIX) domain sockets
Address  Type   Recv-Q Send-Q    Inode     Conn     Refs  Nextref Addr
 430ecc0 stream      0      0        0  581fee0        0        0 /var/run/mDNSResponder
 581fee0 stream      0      0        0  430ecc0        0        0
 42ee110 stream      0      0        0  430eee0        0        0 /var/run/mDNSResponder
 430eee0 stream      0      0        0  42ee110        0        0
 42dab28 stream      0      0        0  411fb28        0        0 /var/run/mDNSResponder

I don't know what any of this means. I'm not much of a networking person, and I only know a little bit about TCP/IP (like what DNS and DHCP are), so this doesn't make much sense to me.
# 4  
Old 03-01-2010
Ok, lets take it one column at a time:
  • Proto is the protocol used. tcp and udp should be pretty self-explanatory. icm is short for ICMP, which is a network control protocol (pings use ICMP echo/reply messages). The number at the end specifies if it's IPv4 or IPv6
  • Recv-Q and Send-Q are the receiving and sending queues. If those aren't zero, you're either sending much faster than the other side can read, or you're not reading fast enough yourself.
  • Local Address is the local IP and port used, while Foreign Address is the remote site and port.
  • State is the state (duh) of the connection. LISTEN means there's a local server listening, ESTABLISHED ...well should be clear, CLOSE_WAIT means you're waiting for confirmation that the connection can be closed. For more details, read up on the TCP protocol.
The second part are UNIX domain sockets, which are a kind of IPC, acting like a network socket.
  • The Address is the memory address used
  • The queues mean pretty much the same as above
  • The Inode is just that. In keeping with "everything is a file", UNIX sockets can be addressed via the respective inode on the filesystem
  • Addr is the "address", the "file" used.

For a more in-depth explanation I'd have to read up on it again.
This User Gave Thanks to pludi For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Filtering netstat command output

Hi All, I am trying to collect the listen ports info from netstat command in centos 7 From that info i am trying to collect all the foreign address IP for those ports. I am using below script to do the same. netstat -an |grep -w "LISTEN" |grep -v "127.0.0.1" |awk '{print $4}' >... (3 Replies)
Discussion started by: sravani25
3 Replies

2. Shell Programming and Scripting

netstat output

Hi Team, Below is the output of netstat -an | grep 1533 tcp 0 0 17.18.18.12:583 10.3.2.0:1533 ESTABLISHED tcp 0 0 17.18.18.12:370 10.3.2.0:1533 ESTABLISHED Below is the o/p of netstat -a | grep server_name tcp 0 ... (4 Replies)
Discussion started by: Girish19
4 Replies

3. UNIX for Dummies Questions & Answers

netstat -an output, pls. explain..

Hi, I have old SCO O/S. System keeps crashing. I made lot of changes to kernel but so for nothing helped. I wrote a script which takes netstat -an output every one minute. I saw some thing right before the system crashed. Not sure if this means anything.. uname -a SCO_SV djx2 3.2... (2 Replies)
Discussion started by: samnyc
2 Replies

4. UNIX for Advanced & Expert Users

Amount of Network Traffic info from netstat output

Hi, I'm trying to figure out how much traffic has been generated and received from netstat -s output (using Linux). I can see the output shows packet counts and Octet values, how would I correctly calculate how much traffic in and how much out? My output below: Ip: 88847576 total... (1 Reply)
Discussion started by: wilsonee
1 Replies

5. IP Networking

Connections not shown in netstat output

I have a TCPIP server application (a Vendor package) which by default allows 10 connections. It provides a parameter to allow us to increase the maximum allowable connections in case it is needed. Intermittently this application is failing with maximum number of connections reached even when there... (1 Reply)
Discussion started by: AIX_user
1 Replies

6. UNIX for Dummies Questions & Answers

interpreting netstat output

hi all, when I run- wcars1j5#netstat -an | grep 8090 127.0.0.1.8090 *.* 0 0 49152 0 LISTEN wcars1j5# 1. does this mean that no one is connected to this port? Regards, akash (1 Reply)
Discussion started by: akash_mahakode
1 Replies

7. HP-UX

Difference in netstat -a and -an output.

Hi, Does anyone know why I get a different output when using "netstat -a" or "netstat -an" ?? # netstat -a | grep ts15r135 tcp 0 0 nbsol152.62736 ts15r135.23211 ESTABLISHED # netstat -an | grep 172.23.160.78 tcp 0 0 135.246.39.152.51954 ... (4 Replies)
Discussion started by: ejdv
4 Replies

8. Solaris

netstat -an -- meaning of the output

Dear Experts, I put below command- could you please describe the outputs column- let me describe some them- col_1: (10.131.60.48.55880) The IP address of the local computer and the port number being used for this particular connection appear in the Local Address column. col_2:... (3 Replies)
Discussion started by: thepurple
3 Replies

9. Shell Programming and Scripting

filtering a range of ports out of a netstat output

i'd like to grep a range of ports on a netstat -nt output, localaddress, say :1 to :1023. how do i do it via sed/awk/grep? Thanks, Marc (1 Reply)
Discussion started by: marcpascual
1 Replies

10. UNIX for Dummies Questions & Answers

output of NETSTAT

# netstat -in Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll net1 1500 192.168 192.168.0.11 24508 0 12212 112931 2795 lo0 8232 127 127.0.0.1 42 0 42 0 0 atl0* 8232 none none No Statistics... (1 Reply)
Discussion started by: samprax
1 Replies
Login or Register to Ask a Question