Sponsored Content
Full Discussion: Netstat
Special Forums IP Networking Netstat Post 7763 by loadc on Monday 1st of October 2001 10:22:22 PM
Old 10-01-2001
Lessee here....

You asked what the connections are:

the first poster answered that as well as I could, they are the connections to and fromyour box, the last column is the state of the "socket" (connection). these are FASCINATING things, and it always pays to know about them, Sys Admin did an excellent article this last year on socket states, look it up at their site, www.sysadminmag.com, I think

You also asked about knowing what the ports are doing:

again, the other posters covered this extremely well, lsof and ps are your friends here, as well as teh iptraf command, do a man on any or all of them and if you don't have lsof, I suggest getting it, it is very useful. You could also turn on promiscuous (?) mode on your interface with tcpdump/etherpeek/snoop/any other packet dumper, and look to see what is coming in, that is an education in networking in itself. Do a man on tcpdump, and you can learn more about ip traffic than you thought existed.

You also asked if closing the ports will do any harm:

That depends, are you connected on the port via telnet to your remote machine? If so, it would kill that session, you could also kill mail, and many other helpful connections to your machine, not to mention any servers listening on ports (these will be in a state of LISTEN).

Now, some also mentioned that you have to wait for a length of time before you can see the port be released and may reuse it again. this is true, but it is also usually a kernel parm taht is settable and can be cranked down to 5 seconds (or less on some platforms), be CAREFUL with this, it is dangerous to set your timeouts so low.....
Noe there is also an interactive way to kill these ports and NOT wait, WITHOUT the kernel parm; Dugsong put out a tool a while back called dsniff, it is a suite of some really wicked tools he used to figure out some networking things on his own system. There are some amazing things in there. One of the tools is tcpkill, it allows you to kill a socket on the localhost and NOT timeout the port, it just goes AWAY... very good programming...
He has made this available in the *BSD ports and packages, as well as at his site, which is quite interesting (when he isn't censoring it due to the DMCA...
www.monkey.org/~dugsong/dsniff.html ought to get you there. I will warn you, this tool is very dangerous in the wrong hands, it was intended for learning and should be used with the respect due to it and it's author. Using it illegally would endanger eveyone else's access to it, not only your own, so think of others and use it wisely and respectfully... please.


Ciao


loadc
 

10 More Discussions You Might Find Interesting

1. IP Networking

netstat

Hi what is the command to see the process name/application name along with the port number, connection status ... netstat is not giving process/application name Is there any way to know which application is holding which port? Thanks in advance (3 Replies)
Discussion started by: axes
3 Replies

2. UNIX for Advanced & Expert Users

Netstat command

Hi.., Now, I am reading about the netstat command and its implementation. I have doubts in some options and its functionalities, natstat - M (Which is described as display masqueraded connections), what it means? What is Forwarding Information Base.?(--fib) Thanks in advance,... (3 Replies)
Discussion started by: nagalenoj
3 Replies

3. BSD

question about netstat

For FreeBSD I use this command to determine what ports are listenning netstat -an | grep LISTEN is there another way, perhaps another command? (2 Replies)
Discussion started by: edgarvm
2 Replies

4. IP Networking

netstat output

I can't tell what the output of the netstat command means. Is there anywhere that has this information? I tried the man pages, but they weren't helpful. (3 Replies)
Discussion started by: Ultrix
3 Replies

5. Solaris

netstat -- what am i looking at?

Greetings to all, Here is a line of output from my netstat command cbp031.904 wdcprodhome.nfsd 98304 0 49640 0 ESTABLISHED The only thing i recognize is the unix machine "cbp031" but what is .904 and all the other data telling me? Thanks in advance. (3 Replies)
Discussion started by: Harleyrci
3 Replies

6. Shell Programming and Scripting

netstat command

Hi, In my project we use sftp with batch mode (password less) script in parallel for 14 sessions which connects to 2 different servers alternatively i.e. 7 connects to one server say server1 and the other 7 connects to say server 2. Now the problem is that these 14 sessions are run in... (5 Replies)
Discussion started by: dips_ag
5 Replies

7. UNIX for Advanced & Expert Users

Help with netstat

Hi, I want to list the time for how long a secure connections last to my server/blade. i am using netstat command to get the same, but not sure how to get the time for how long connections is being ESTABLISHED. netstat -na | grep 'ESTABLISHED' | grep :443 |awk '{print $4}' | cut -d: -f1 |... (1 Reply)
Discussion started by: Siddheshk
1 Replies

8. UNIX for Dummies Questions & Answers

Need help with a netstat command

Do I have this command correct to show all current connections/sessions my Solaris box has? It does not seem to do anything. netstat -an | grep EST (6 Replies)
Discussion started by: SIFT3R
6 Replies

9. Red Hat

netstat

Hi Can any body tell me about TIME_WAIT status meaning in the following command output. # netstat -anp|grep 5000 tcp 0 0 127.0.0.1:50006 0.0.0.0:* LISTEN 5058/ccsd tcp 0 0 0.0.0.0:50008 0.0.0.0:* ... (3 Replies)
Discussion started by: mastansaheb
3 Replies

10. OS X (Apple)

netstat

When running netstat -i from the Command Terminal, It returns with 21 different connections.. The addresses all look like this: ::1 fe80:1::1 10:dd:b1:a5:c4:ba with Network names like Linke#2 fe80::8e2d How can I delve deeper into this to clarify what is going on with my network?... (0 Replies)
Discussion started by: dwfiedler
0 Replies
NC(1)							    BSD General Commands Manual 						     NC(1)

NAME
nc -- arbitrary TCP and UDP connections and listens SYNOPSIS
nc [-e command] [-g intermediates] [-G hopcount] [-i interval] [-lnrtuvz] [-o filename] [-p source port] [-s ip address] [-w timeout] [hostname] [port[s...]] DESCRIPTION
The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP. It can open TCP connections, send UDP pack- ets, listen on arbitrary TCP and UDP ports, do port scanning, and source routing. Unlike telnet(1), nc scripts nicely, and separates error messages onto standard error instead of sending them to standard output, as telnet(1) does with some. Destination ports can be single integers, names as listed in services(5), or ranges. Ranges are in the form nn-mm, and several separate ports and/or ranges may be specified on the command line. Common uses include: o simple TCP proxies o shell-script based HTTP clients and servers o network daemon testing o source routing based connectivity testing o and much, much more The options are as follows: -e command Execute the specified command, using data from the network for stdin, and sending stdout and stderr to the network. This option is only present if nc was compiled with the GAPING_SECURITY_HOLE compile time option, since it allows users to make arbitrary programs available to anyone on the network. -g intermediate-host Specifies a hop along a loose source routed path. Can be used more than once to build a chain of hop points. -G pointer Positions the "hop counter" within the list of machines in the path of a source routed packet. Must be a multiple of 4. -i seconds Specifies a delay time interval between lines of text sent and received. Also causes a delay time between connections to multiple ports. -l Is used to specify that nc should listen for an incoming connection, rather than initiate a connection to a remote host. Any host- name/IP address and port arguments restrict the source of inbound connections to only that address and source port. -n Do not do DNS lookups on any of the specified addresses or hostnames, or names of port numbers from /etc/services. -o filename Create a hexadecimal log of data transferred in the specified file. Each line begins with ``<'' or ``>''. ``<'' means "from the net" and ``>'' means "to the net". -p port Specifies the source port nc should use, subject to privilege restrictions and availability. -r Specifies that source and/or destination ports should be chosen semi-randomly instead of sequentially within a range or in the order that the system assigns. -s hostname/ip-address Specifies the IP of the interface which is used to send the packets. On some platforms, this can be used for UDP spoofing by using ifconfig(8) to bring up a dummy interface with the desired source IP address. -t Causes nc to send RFC854 DON'T and WON'T responses to RFC854 DO and WILL requests. This makes it possible to use nc to script telnet sessions. The presence of this option can be enabled or disabled as a compile-time option. -u Use UDP instead of TCP. On most platforms, nc will behave as if a connection is established until it receives an ICMP packet indi- cating that there is no program listening to what it sends. -v Verbose. Cause nc to display connection information. Using -v more than once will cause nc to become even more verbose. -w timeout Specifies the number of seconds nc should wait before deciding that an attempt to establish a connection is hopeless. Also used to specify how long to wait for more network data after standard input closes. -z Specifies that nc should just scan for listening daemons, without sending any data to them. Diagnostic messages about refused con- nections will not be displayed unless -v is specified twice. EXAMPLES
nc Wait for the user to type what would normally be command-line arguments in at stdin. nc example.host 42 Open a TCP connection to port 42 of example.host. If the connection fails, do not display any error messages, but simply exit. nc -p 31337 example.host 42 Open a TCP connection to port 42 of example.host, and use port 31337 as the source port. nc -w 5 example.host 42 Open a TCP connection to port 42 of example.host, and time out after five seconds while attempting to connect. nc -u example.host 53 Send any data from stdin to UDP port 53 of example.host, and display any data returned. nc -s 10.1.2.3 example.host 42 Open a TCP connection to port 42 of example.host using 10.1.2.3 as the IP for the local end of the connection. nc -v example.host 42 Open a TCP connection to port 42 of example.host, displaying some diagnostic messages on stderr. nc -v -v example.host 42 Open a TCP connection to port 42 of example.host, displaying all diagnostic messages on stderr. nc -v -z example.host 20-30 Attempt to open TCP connections to ports 20 through 30 of example.host, and report which ones nc was able to connect to. nc -v -u -z -w 3 example.host 20-30 Send UDP packets to ports 20-30 of example.host, and report which ones did not respond with an ICMP packet after three seconds. nc -l -p 3000 Listen on TCP port 3000, and once there is a connection, send stdin to the remote host, and send data from the remote host to stdout. echo foobar | nc example.host 1000 Connect to port 1000 of example.host, send the string "foobar" followed by a newline, and move data from port 1000 of example.host to std- out until example.host closes the connection. SEE ALSO
cat(1), telnet(1) The netcat README. AUTHOR
*Hobbit* [hobbit@avian.org] BSD
August 1, 1996 BSD
All times are GMT -4. The time now is 05:32 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy