10-01-2001
The ESTABLISHED sockets have a process at each end and they are communicating. Eventually the processes will invoke close(2) or shutdown(2) on the sockets and they will go away. You could also kill the processes and the exit(2) system call will close them.
When a socket completely closes, it will enter TIME_WAIT for awhile before it disappears. In your case you have two processes talking on the same host. Usually there would be two different hosts with a network connecting them. It is possible for packets to have been lost in transit. Such packets could arrive late, even after the socket has closed. If a packet arrives for a socket in TIME_WAIT, it is discarded. If you somehow discarded a socket in TIME_WAIT, you lose that protection. The socket could be reused and it will freak when any lost packets from the previous connection arrive. TIME_WAIT sockets should not last very long.
10 More Discussions You Might Find Interesting
1. IP Networking
Hi
what is the command to see the process name/application name
along with the port number, connection status ...
netstat is not giving process/application name
Is there any way to know which application is holding which port?
Thanks in advance (3 Replies)
Discussion started by: axes
3 Replies
2. UNIX for Advanced & Expert Users
Hi..,
Now, I am reading about the netstat command and its implementation. I have doubts in some options and its functionalities,
natstat - M (Which is described as display masqueraded connections), what it means?
What is Forwarding Information Base.?(--fib)
Thanks in advance,... (3 Replies)
Discussion started by: nagalenoj
3 Replies
3. BSD
For FreeBSD I use this command to determine what ports are listenning
netstat -an | grep LISTEN
is there another way, perhaps another command? (2 Replies)
Discussion started by: edgarvm
2 Replies
4. IP Networking
I can't tell what the output of the netstat command means. Is there anywhere that has this information? I tried the man pages, but they weren't helpful. (3 Replies)
Discussion started by: Ultrix
3 Replies
5. Solaris
Greetings to all,
Here is a line of output from my netstat command
cbp031.904 wdcprodhome.nfsd 98304 0 49640 0 ESTABLISHED
The only thing i recognize is the unix machine "cbp031" but what is .904 and all the other data telling me?
Thanks in advance. (3 Replies)
Discussion started by: Harleyrci
3 Replies
6. Shell Programming and Scripting
Hi,
In my project we use sftp with batch mode (password less) script in parallel for 14 sessions which connects to 2 different servers alternatively i.e. 7 connects to one server say server1 and the other 7 connects to say server 2.
Now the problem is that these 14 sessions are run in... (5 Replies)
Discussion started by: dips_ag
5 Replies
7. UNIX for Advanced & Expert Users
Hi,
I want to list the time for how long a secure connections last to my server/blade. i am using netstat command to get the same, but not sure how to get the time for how long connections is being ESTABLISHED.
netstat -na | grep 'ESTABLISHED' | grep :443 |awk '{print $4}' | cut -d: -f1 |... (1 Reply)
Discussion started by: Siddheshk
1 Replies
8. UNIX for Dummies Questions & Answers
Do I have this command correct to show all current connections/sessions my Solaris box has? It does not seem to do anything.
netstat -an | grep EST (6 Replies)
Discussion started by: SIFT3R
6 Replies
9. Red Hat
Hi
Can any body tell me about TIME_WAIT status meaning in the following command output.
# netstat -anp|grep 5000
tcp 0 0 127.0.0.1:50006 0.0.0.0:* LISTEN 5058/ccsd
tcp 0 0 0.0.0.0:50008 0.0.0.0:* ... (3 Replies)
Discussion started by: mastansaheb
3 Replies
10. OS X (Apple)
When running netstat -i from the Command Terminal,
It returns with 21 different connections..
The addresses all look like this:
::1
fe80:1::1
10:dd:b1:a5:c4:ba
with Network names like
Linke#2
fe80::8e2d
How can I delve deeper into this to clarify what is going on with my network?... (0 Replies)
Discussion started by: dwfiedler
0 Replies
LEARN ABOUT REDHAT
ng_socket
NG_SOCKET(4) BSD Kernel Interfaces Manual NG_SOCKET(4)
NAME
ng_socket -- netgraph socket node type
SYNOPSIS
#include <sys/types.h>
#include <netgraph/ng_socket.h>
DESCRIPTION
A socket node is both a BSD socket and a netgraph node. The ng_socket node type allows user-mode processes to participate in the kernel
netgraph(4) networking subsystem using the BSD socket interface. The process must have root privileges to be able to create netgraph sockets
however once created, any process that has one may use it.
A new ng_socket node is created by creating a new socket of type NG_CONTROL in the protocol family PF_NETGRAPH, using the socket(2) system
call. Any control messages received by the node and not having a cookie value of NGM_SOCKET_COOKIE are received by the process, using
recvfrom(2); the socket address argument is a struct sockaddr_ng containing the sender's netgraph address. Conversely, control messages can
be sent to any node by calling sendto(2), supplying the recipient's address in a struct sockaddr_ng. The bind(2) system call may be used to
assign a global netgraph name to the node.
To transmit and receive netgraph data packets, a NG_DATA socket must also be created using socket(2) and associated with a ng_socket node.
NG_DATA sockets do not automatically have nodes associated with them; they are bound to a specific node via the connect(2) system call. The
address argument is the netgraph address of the ng_socket node already created. Once a data socket is associated with a node, any data pack-
ets received by the node are read using recvfrom(2) and any packets to be sent out from the node are written using sendto(2). In the case of
data sockets, the struct sockaddr_ng contains the name of the hook on which the data was received or should be sent.
As a special case, to allow netgraph data sockets to be used as stdin or stdout on naive programs, a sendto(2) with a NULL sockaddr pointer,
a send(2) or a write(2) will succeed in the case where there is exactly ONE hook attached to the socket node, (and thus the path is unambigu-
ous).
There is a user library that simplifies using netgraph sockets; see netgraph(3).
HOOKS
This node type supports hooks with arbitrary names (as long as they are unique) and always accepts hook connection requests.
CONTROL MESSAGES
This node type supports the generic control messages, plus the following:
NGM_SOCK_CMD_NOLINGER
When the last hook is removed from this node, it will shut down as if it had received a NGM_SHUTDOWN message. Attempts to access the
sockets associated will return ENOTCONN.
NGM_SOCK_CMD_LINGER
This is the default mode. When the last hook is removed, the node will continue to exist, ready to accept new hooks until it is explic-
itly shut down.
All other messages with neither the NGM_SOCKET_COOKIE or NGM_GENERIC_COOKIE will be passed unaltered up the NG_CONTROL socket.
SHUTDOWN
This node type shuts down and disappears when both the associated NG_CONTROL and NG_DATA sockets have been closed, or a NGM_SHUTDOWN control
message is received. In the latter case, attempts to write to the still-open sockets will return ENOTCONN. If the NGM_SOCK_CMD_NOLINGER
message has been received, closure of the last hook will also initiate a shutdown of the node.
SEE ALSO
socket(2), netgraph(3), netgraph(4), ng_ksocket(4), ngctl(8)
HISTORY
The ng_socket node type was implemented in FreeBSD 4.0.
AUTHORS
Julian Elischer <julian@FreeBSD.org>
BUGS
It is not possible to reject the connection of a hook, though any data received on that hook can certainly be ignored.
The controlling process is not notified of all events that an in-kernel node would be notified of, e.g. a new hook, or hook removal. Some
node-initiated messages should be defined for this purpose (to be sent up the control socket).
BSD
January 19, 1999 BSD