How to interpret NETSTAT command?
How do we actually interpret netstat command.
For eg:consider the below result for a port 'abc' on the server xxx.
netstat -a | grep abc
tcp 0 0 xxx.abc yyy.1 ESTABLISHED
tcp 0 0 xxx.abc yyy.2 ESTABLISHED
tcp 0 0 *.abc *.* LISTEN
tcp 0 0 xxx.abc yyy.3 CLOSE_WAIT
Ah! I understand its a tcp connection and abc are listening ports trying to listen to the 'established' connection from the ports 1,2,3 from a client machine yyy.
Outgoing packets and incoming packets are 0 currently and since a TCP connection from yyy.3 can be 'closed' to abc port of xxx only after yyy receives a ack from xxx.
I feel I am missing upon other stuff here, any other deductions?
For eg:consider the below result for a port 'abc' on the server xxx.
netstat -a | grep abc
tcp 0 0 xxx.abc yyy.1 ESTABLISHED
tcp 0 0 xxx.abc yyy.2 ESTABLISHED
tcp 0 0 *.abc *.* LISTEN
tcp 0 0 xxx.abc yyy.3 CLOSE_WAIT
Ah! I understand its a tcp connection and abc are listening ports trying to listen to the 'established' connection from the ports 1,2,3 from a client machine yyy.
Outgoing packets and incoming packets are 0 currently and since a TCP connection from yyy.3 can be 'closed' to abc port of xxx only after yyy receives a ack from xxx.
I feel I am missing upon other stuff here, any other deductions?
0