Use netstat command to view active TCP connections on Machine.
Determining Network Connections
The netstat command examines many of the kernel's tables that deal with network connections. One of its most useful applications is to list active network connections involving your machine. The netstat command will list active TCP connections and show active “UNIX domain” connections. UNIX domain connections are internal to one machine; they are a form of interprocess communication. For the purposes of this course, we will concentrate on TCP connections. View the diagram below to see an example of using netstat to view active TCP connections.
Number of Bytes
Number of bytes in the receive queues for connections listed. This number is usually small (zero, for example), unless the connection is blocked for some reason
Number of bytes in the send queues for connections listed. This number is usually small (zero, for example), unless the connection is blocked for some reason.
Local address (in the form address:port)
Foreign address (in the form address:port)
This column shows the state of the TCP finite-state automaton for the connection listed. The most common outputs are ESTABLISHED, CLOSE_WAIT, FIN_WAIT, and FIN_WAIT2
CLOSE_WAIT means that the TCP connection was recently closed and the port is in a mandatory “rest period
This line describes a connection between the telnet port on mymachine and port 60786 on the machine acme.com.
ESTABLISHED means this is an ongoing TCP connection.
FIN_WAIT (and FIN_WAIT2) is an intermediate TCP state that indicates a connection in the process of shutting down.
Report on TCP connections using netstat -P tcp command
The command `netstat -P tcp` is generally used to view TCP connections on Solaris systems. Here's how it works:
Breakdown of the Command
netstat: The core network statistics utility present in many Unix-like operating systems, including Solaris.
-P tcp: Flags instructing `netstat` to:
-P: Display information for a particular protocol (in this case, TCP).
tcp: Focus on the TCP protocol specifically.
Typical Output
The output of `netstat -P tcp` includes columns like:
Local Address: Your local machine's IP address and port number.
Foreign Address: The remote IP address and port number the connection is established with.
State: The current state of the TCP connection (e.g., ESTABLISHED, TIME_WAIT, CLOSE_WAIT).
Additional Notes on Solaris
More detailed information: On Solaris, you might need to use the `-a` and `-n` flags to get the most useful output. Try this as well:
netstat -an -P tcp
User and Process ID: You can use `netstat -u` to display the user and process ID associated with each network endpoint
Output of Netstat Command
The following diagram contanis an example of using netstat to view active TCP connections.
Output of netstat command
host$ netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 mymachine:8284 www.yourmachine.com:www CLOSE_WAIT
tcp 0 0 mymachine:telnet acme.com:6786 ESTABLISHED
tcp 0 0 mymachine:telnet ftp.acme.com:32832 FIN_WAIT_2
Number of bytes in the receive queues for connections listed. This number is usually small (zero, for example), unless the connection is blocked for some reason.
Number of bytes in the send queues for connections listed. This number is usually small (zero, for example), unless the connection is blocked for some reason.
Local address (in the form address:port)
Foreign address (in the form address:port)
This column shows the state of the TCP finite-state automaton for the connection listed. The most common outputs are ESTABLISHED, CLOSE_WAIT, FIN_WAIT, and FIN_WAIT2
CLOSE_WAIT means that the TCP connection was recently closed and the port is in a mandatory “rest period.”
This line describes a connection between the telnet port on mymachine and port 60786 on the machine acme.com.
ESTABLISHED means this is an ongoing TCP connection.
FIN_WAIT (and FIN_WAIT2) is an intermediate TCP state that indicates a connection in the process of shutting down.
