I made some minor changes to my nginx server using a Linux VPS running FreeBSD 10.3 with TLS, ciphers and then file caches. Except for the file caching, I had done these changes before without issue. I went away for the weekend and, when I came back, netstat -i showed Idrop as being 48665. The web sites on this server don't exhibit any problems that I can see.
I reverted all my changes back to their original but I still see the same value for Idrop and it never changes from day to day or throughout the day. All the other values change accordingly.
Notice that there are two web sites shown, both on different IPs. However, there are two other web sites on this same server with the same IP as website2 but they aren't listed. What's with that?
I have to say that, while I love networking, I never get to deal with it and this server has been around for several years, running without issues, so I'm at a loss as to how to troubleshoot this.
Moderator's Comments:
Please use CODE tags as required by forum rules!
Last edited by RudiC; 08-05-2016 at 01:35 PM..
Reason: Changed ICODE to CODE tags.
Hi
what is the command to see the process name/application name
along with the port number, connection status ...
netstat is not giving process/application name
Is there any way to know which application is holding which port?
Thanks in advance (3 Replies)
Hello,
One of the solaris machine in our network is giving an error when the netstat command is executed.
soloman:/home/db2admin->netstat
ip open: Permission denied
can't open mib stream: Bad file number
But it works with root. I couldnt' get any useful info during my search in google.
... (2 Replies)
Hi..,
Now, I am reading about the netstat command and its implementation. I have doubts in some options and its functionalities,
natstat - M (Which is described as display masqueraded connections), what it means?
What is Forwarding Information Base.?(--fib)
Thanks in advance,... (3 Replies)
Greetings to all,
Here is a line of output from my netstat command
cbp031.904 wdcprodhome.nfsd 98304 0 49640 0 ESTABLISHED
The only thing i recognize is the unix machine "cbp031" but what is .904 and all the other data telling me?
Thanks in advance. (3 Replies)
Hi,
In my project we use sftp with batch mode (password less) script in parallel for 14 sessions which connects to 2 different servers alternatively i.e. 7 connects to one server say server1 and the other 7 connects to say server 2.
Now the problem is that these 14 sessions are run in... (5 Replies)
Hi,
I want to list the time for how long a secure connections last to my server/blade. i am using netstat command to get the same, but not sure how to get the time for how long connections is being ESTABLISHED.
netstat -na | grep 'ESTABLISHED' | grep :443 |awk '{print $4}' | cut -d: -f1 |... (1 Reply)
Hi
Can any body tell me about TIME_WAIT status meaning in the following command output.
# netstat -anp|grep 5000
tcp 0 0 127.0.0.1:50006 0.0.0.0:* LISTEN 5058/ccsd
tcp 0 0 0.0.0.0:50008 0.0.0.0:* ... (3 Replies)
When running netstat -i from the Command Terminal,
It returns with 21 different connections..
The addresses all look like this:
::1
fe80:1::1
10:dd:b1:a5:c4:ba
with Network names like
Linke#2
fe80::8e2d
How can I delve deeper into this to clarify what is going on with my network?... (0 Replies)
Hi Team,
Below is the output of netstat -an | grep 1533
tcp 0 0 17.18.18.12:583 10.3.2.0:1533 ESTABLISHED
tcp 0 0 17.18.18.12:370 10.3.2.0:1533 ESTABLISHED
Below is the o/p of netstat -a | grep server_name
tcp 0 ... (4 Replies)
Discussion started by: Girish19
4 Replies
LEARN ABOUT DEBIAN
stud
STUD(8) BSD System Manager's Manual STUD(8)NAME
stud -- The Scalable TLS Unwrapping Daemon
SYNOPSIS
stud [--tls] [--ssl] [-c ciphers] [-b host,port] [-f host,port] [-n cores] [-r path] [-u username] [--write-ip] [--write-proxy]
certificate.pem
DESCRIPTION
stud is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle
10s of thousands of connections efficiently on multicore machines.
stud has very few features -- it's designed to be paired with an intelligent backend like haproxy or nginx. It maintains a strict 1:1 con-
nection pattern with this backend handler so that the backend can dictate throttling behavior, maxmium connection behavior, availability of
service, etc.
The only required argument is a path to a PEM file that contains the certificate (or a chain of certificates) and private key. It should also
contain DH parameter if you wish to use Diffie-Hellman cipher suites.
The options are as follows:
--tls Use TLSv1 (default).
--ssl Use only SSLv3 and no TLSv1.
-c ciphers
Set allowed ciphers using the same format as openssl ciphers. For example, you can use RSA:!COMPLEMENTOFALL.
-b host,port
Define backend. Default is 127.0.0.1,8000. Incoming connections will be unwrapped and sent to this IP and port.
-f host,port
Define frontend. Default is *,8443. Incoming connections will be accepted to this IP and port and will be sent to the backend
defined above.
-n cores
Use cores worker processes. Default is 1.
-r path
Chroot to the given path. By default, no chroot is done.
-u username
Set GID/UID after binding the socket. By default, no privilege is dropped.
--write-ip
Write 1 octet with the IP family followed by the IP address in 4 (IPv4) or 16 (IPv6) octets little-endian to backend before the
actual data.
--write-proxy
Write HaProxy's PROXY (IPv4 or IPv6) protocol line before actual data.
SEE ALSO ciphers(1SSL), dhparam(1SSL), haproxy(1)AUTHORS
stud was originally written by Jamie Turner (@jamwt) and is maintained by the Bump server team. It currently provides server-side TLS termi-
nation for over 40 million Bump users.
BSD September 23, 2011 BSD