netstat output | Unix Linux Forums | IP Networking

  Go Back    


IP Networking Learn TCP/IP, Internet Protocol, Routing, Routers, Network protocols in this UNIX and Linux forum.

netstat output

IP Networking


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 03-01-2010
Ultrix Ultrix is offline
Registered User
 
Join Date: Feb 2010
Last Activity: 4 January 2012, 6:11 PM EST
Location: Nowhere
Posts: 41
Thanks: 1
Thanked 0 Times in 0 Posts
netstat output

I can't tell what the output of the netstat command means. Is there anywhere that has this information? I tried the man pages, but they weren't helpful.
Sponsored Links
    #2  
Old 03-01-2010
pludi's Avatar
pludi pludi is offline Forum Advisor  
Cat herder
 
Join Date: Dec 2008
Last Activity: 28 March 2014, 8:35 AM EDT
Location: Vienna, Austria, Earth
Posts: 5,522
Thanks: 38
Thanked 335 Times in 308 Posts
Which OS, and which command exactly? Because on those systems that I have access to netstat outputs nice headers that should be easy to understand if you know a bit about networking.
Sponsored Links
    #3  
Old 03-01-2010
Ultrix Ultrix is offline
Registered User
 
Join Date: Feb 2010
Last Activity: 4 January 2012, 6:11 PM EST
Location: Nowhere
Posts: 41
Thanks: 1
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by pludi View Post
Which OS, and which command exactly? Because on those systems that I have access to netstat outputs nice headers that should be easy to understand if you know a bit about networking.
I'm using Mac OS X Leopard. The output looks something like this (shortened for brevity's sake):


Code:
Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4      37      0  10.0.1.3.52023         textnews.news.ca.nntp  CLOSE_WAIT
udp4       0      0  10.20.1.118.ntp        *.*                    
udp4       0      0  *.58916                *.*                    
udp4       0      0  *.52844                *.*                    
udp4       0      0  *.58444                *.*                    
udp4       0      0  *.52618                *.*                    
udp4       0      0  *.55354                *.*                    
udp4       0      0  *.54759                *.*                    
udp4       0      0  *.*                    *.*                    
udp6       0      0  michael-gables-m.ntp   *.*                    
udp6       0      0  localhost.ntp          *.*                    
udp4       0      0  localhost.ntp          *.*                    
udp6       0      0  localhost.ntp          *.*                    
udp6       0      0  *.ntp                  *.*                    
udp4       0      0  *.ntp                  *.*                    
udp4   15489      0  *.ipp                  *.*                    
udp6       0      0  *.mdns                 *.*                    
udp4       0      0  *.mdns                 *.*                    
udp4       0      0  *.*                    *.*                    
udp4       0      0  *.*                    *.*                    
icm6       0      0  *.*                    *.*                    
Active LOCAL (UNIX) domain sockets
Address  Type   Recv-Q Send-Q    Inode     Conn     Refs  Nextref Addr
 430ecc0 stream      0      0        0  581fee0        0        0 /var/run/mDNSResponder
 581fee0 stream      0      0        0  430ecc0        0        0
 42ee110 stream      0      0        0  430eee0        0        0 /var/run/mDNSResponder
 430eee0 stream      0      0        0  42ee110        0        0
 42dab28 stream      0      0        0  411fb28        0        0 /var/run/mDNSResponder

I don't know what any of this means. I'm not much of a networking person, and I only know a little bit about TCP/IP (like what DNS and DHCP are), so this doesn't make much sense to me.
    #4  
Old 03-01-2010
pludi's Avatar
pludi pludi is offline Forum Advisor  
Cat herder
 
Join Date: Dec 2008
Last Activity: 28 March 2014, 8:35 AM EDT
Location: Vienna, Austria, Earth
Posts: 5,522
Thanks: 38
Thanked 335 Times in 308 Posts
Ok, lets take it one column at a time:
  • Proto is the protocol used. tcp and udp should be pretty self-explanatory. icm is short for ICMP, which is a network control protocol (pings use ICMP echo/reply messages). The number at the end specifies if it's IPv4 or IPv6
  • Recv-Q and Send-Q are the receiving and sending queues. If those aren't zero, you're either sending much faster than the other side can read, or you're not reading fast enough yourself.
  • Local Address is the local IP and port used, while Foreign Address is the remote site and port.
  • State is the state (duh) of the connection. LISTEN means there's a local server listening, ESTABLISHED ...well should be clear, CLOSE_WAIT means you're waiting for confirmation that the connection can be closed. For more details, read up on the TCP protocol.
The second part are UNIX domain sockets, which are a kind of IPC, acting like a network socket.
  • The Address is the memory address used
  • The queues mean pretty much the same as above
  • The Inode is just that. In keeping with "everything is a file", UNIX sockets can be addressed via the respective inode on the filesystem
  • Addr is the "address", the "file" used.

For a more in-depth explanation I'd have to read up on it again.
The Following User Says Thank You to pludi For This Useful Post:
rajeshz (07-18-2013)
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
interpreting netstat output akash_mahakode UNIX for Dummies Questions & Answers 1 10-22-2009 06:45 AM
Difference in netstat -a and -an output. ejdv HP-UX 4 08-05-2009 07:59 AM
netstat -an -- meaning of the output thepurple Solaris 3 01-12-2009 05:19 AM
filtering a range of ports out of a netstat output marcpascual Shell Programming and Scripting 1 09-30-2008 09:36 PM
output of NETSTAT samprax UNIX for Dummies Questions & Answers 1 08-02-2002 02:50 PM



All times are GMT -4. The time now is 10:36 AM.