Background: Know: Recognize: Prerequisites -  TCP states, ports




Netstat shows transport protocol stateEdit

Netstat (network statistics) is a command-line which can be used to display both incoming and outgoing network connections, routing tables, and a number of network interface statistics[1]. After typing "netstat" in the terminal, results are shown in six groups - Proto, Recv-Q, Send-Q, Local Address, Foreign Address and State. Proto displays the name of transport protocols(TCP or UDP); Recv-Q and Send-Q mean receiving queue and sending queue, These should be zero in most case; Local Address shows the IP address of the local computer and the port number being used; Foreign Address shows the IP address and port number of the remote computer to which the socket is connected; State indicates the state of a TCP connection, there are many possible states, for instance: CLOSE_WAIT, CLOSED, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTEN, SYN_RECEIVED, SYN_SEND, TIME_WAIT[2].Netstat

ESTABLISHED means the socket has an established connection.

TIME_WAIT means the socket is waiting for a enough time to make sure the foreign TCP has received the confirmation of the shutdown connection request.

LAST_ACK indicates the remote end has shut down, the socket is closed as well, just waiting for the acknowledgement.

In addition, there are several parameters can be used after netstat command with a hyphen.

-s makes the statistics shown for the IP, ICMP and TCP protocols. In addition.

-t option of netstat ensures that only TCP connections are displayed.

-n ensures that the IP addresses are displayed numerically.

-c indicates that the connection information will be displayed continuously

-p tells netstat to display the process id of the process associated with each connection.

Netstat shows the network statistics directly and clearly, It is often used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement[3].


1, 2, 3.