FANDOM


Netstat an

netstat -an

About

Netstat (NETwork STATistics) is a command line tool that provides network information about your activity. If used on a local computer, netstat will display all activity for that one machine, however; if its a network server then netstat will display all activity for all machines connected onto the network.[1]

Active Internet connections (servers and established)
Proto Local Address Foreign Address State
TCP localhost:48898 bubba:0 LISTENING
TCP 127.0.0.1:4371 bubba:0 LISTENING
TCP 127.0.0.1:4371 bubba:6543 SYN_SENT
TCP 192.168.1.101:137 bubba:0 ESTABLISHED
TCP 192.168.1.101:43706 fk-in-f104.google.c:www ESTABLISHED
TCP 192.168.1.101:60255 23.253.64.131:http LAST_ACK
UDP 0.0.0.0:3825 *:*
UDP [::]:134 *:*


  • Protocol: whatever protocol is being used. Its either TCP which is connection oriented and once a connection is established, data can be sent bidirectional. UDP is a simpler, connection-less Internet protocol. Multiple messages are sent as packets in chunks using UDP.[2]
  • Local Address: is the local host machine name or host IP and port number
  • Foreign Address: is the remote machine name or remote IP and the port number
  • State: either established (meaning currently transmitting data) or time_wait (meaning a connection was made but not currently transmitting)


Simply open a command shell and type netstat -an.

Socket States

The possible socket states are as follows:

  • ESTABLISHED: The socket has an established connection.
  • SYN_SENT: The socket is actively attempting to establish a connection.
  • SYN_RECV: A connection request has been received from the network.
  • FIN_WAIT1: The socket is closed, and the connection is shutting down.
  • FIN_WAIT2: Connection is closed, and the socket is waiting for a shutdown from the remote end.
  • TIME_WAIT: The socket is waiting after close to handle packets still in the network.
  • CLOSED: The socket is not being used.
  • CLOSE_WAIT: The remote end has shut down, and the socket is closed.
  • LAST_ACK: Waiting for acknowledgement.
  • LISTEN:The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.
  • CLOSING: Both sockets are shut down but we still don't have all our data sent.
  • UNKNOWN: The state of the socket is unknown.

References

  1. Openmaniak. Netstat. 21 Aug 2009. http://openmaniak.com/netstat.php
  2. Differn. TCP vs. UDP. http://www.diffen.com/difference/TCP_vs_UDP

Links

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.