netstat -an
About
Netstat (NETwork STATistics) is a command line tool that provides network information about your activity. If used on a local computer, netstat will display all activity for that one machine, however; if its a network server then netstat will display all activity for all machines connected onto the network.[1]
| Proto | Local Address | Foreign Address | State |
|---|---|---|---|
| TCP | localhost:48898 | bubba:0 | LISTENING |
| TCP | 127.0.0.1:4371 | bubba:0 | LISTENING |
| TCP | 127.0.0.1:4371 | bubba:6543 | SYN_SENT |
| TCP | 192.168.1.101:137 | bubba:0 | ESTABLISHED |
| TCP | 192.168.1.101:43706 | fk-in-f104.google.c:www | ESTABLISHED |
| TCP | 192.168.1.101:60255 | 23.253.64.131:http | LAST_ACK |
| UDP | 0.0.0.0:3825 | *:* | |
| UDP | [::]:134 | *:* |
- Protocol: whatever protocol is being used. Its either TCP which is connection oriented and once a connection is established, data can be sent bidirectional. UDP is a simpler, connection-less Internet protocol. Multiple messages are sent as packets in chunks using UDP.[2]
- Local Address: is the local host machine name or host IP and port number
- Foreign Address: is the remote machine name or remote IP and the port number
- State: either established (meaning currently transmitting data) or time_wait (meaning a connection was made but not currently transmitting)
Simply open a command shell and type netstat -an.
Socket States
The possible socket states are as follows:
- ESTABLISHED: The socket has an established connection.
- SYN_SENT: The socket is actively attempting to establish a connection.
- SYN_RECV: A connection request has been received from the network.
- FIN_WAIT1: The socket is closed, and the connection is shutting down.
- FIN_WAIT2: Connection is closed, and the socket is waiting for a shutdown from the remote end.
- TIME_WAIT: The socket is waiting after close to handle packets still in the network.
- CLOSED: The socket is not being used.
- CLOSE_WAIT: The remote end has shut down, and the socket is closed.
- LAST_ACK: Waiting for acknowledgement.
- LISTEN:The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.
- CLOSING: Both sockets are shut down but we still don't have all our data sent.
- UNKNOWN: The state of the socket is unknown.
References
- ↑ Openmaniak. Netstat. 21 Aug 2009. http://openmaniak.com/netstat.php
- ↑ Differn. TCP vs. UDP. http://www.diffen.com/difference/TCP_vs_UDP
