Highest Voted 'netstat' Questions - Server Fault Stack Exchange

1

vote

1 answer

Too many TIME_WAIT connections on mysql from an outside host

My netstat is showing over 2,000 mysql connections with the state of TIME_WAIT that seems to be stuck and won't go away. It's been like that for several hours and many of the connections are coming from an IP address that doesn't have privilege to…

asked Feb 23 '17 at 08:29

user3186337

85
1
3
10

1

vote

1 answer

How can destination addresses 132.148.77.28 and 132.148.77.28/32 be use different network interfaces for routing?

The output of netstat -rn on my FreeBSD virtual machine shows that: Internet: Destination Gateway Flags Netif Expire default 10.195.51.254 UGS vtnet0 10.195.48.0/22 link#1 U …

routing freebsd netstat ip-routing cidr

asked Feb 11 '17 at 18:25

papiro

159
1
8

1

vote

1 answer

Server 2012 R2 ephemeral ports all slowly being bound

One of our remote desktop session host servers has started to refuse connection every few days, and upon investigation, it seems it is exhausting available ephemeral ports. This was identified by event ID 4231, which has error text of: A request to…

networking windows-server-2012-r2 tcp netstat

asked Oct 24 '16 at 16:05

James Edmonds

1,733
10
37
59

1

vote

1 answer

Netstat flags on OS/2

On an OS/2 box, what do the flags UGDP mean in the output of netstat -r. Google seems to point to them meaning Up, Gateway (i.e. an indirect root), and Dynamic (learned from a redirect), but that leaves me mystified as to the meaning of P. The only…

routing netstat flags ibm

asked Oct 29 '09 at 17:54

Cian

5,838
1
28
40

1

vote

0 answers

netstats shows my own server is hitting a server its not supposed to know about

On AWS I have a few dedicated servers that do image processing, and they seem to get high traffic and fail. When running netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n I get that the most active IP is an IP of an nginx…

ubuntu nginx ddos netstat exploit

asked Jun 13 '16 at 12:46

Niro

1,401
4
20
36

1

vote

1 answer

PID 4 Using Port 80 - IIS Unable To Bind

So I've been having a problem where I can't use localhost:80 on IIS So I ran this: > netstat -ano | find "0:80" And got: TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 I then looked under the details tab of Task Manager and…

iis port netstat iis-8.5

asked May 19 '16 at 17:28

Matt Cowley

265
2
3
11

1

vote

1 answer

nmap shows strange open ports

Running nmap on my localhost shows me strange open ports: $ nmap -p- localhost Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET Nmap scan report for localhost (127.0.0.1) Host is up (0.00047s latency). All 65535 scanned ports on…

netstat nmap port-scanning

asked Dec 28 '15 at 11:29

lumbric

234
2
9

1

vote

3 answers

Is postfix the only program that should be using port 25

My server IP was blacklisted for sending out spam and I am tracking down the program sending spam. I did netstat, and it shows a lot of programs using port 25 e.g tcp 0 182 10.205.3.7:38995 xxx.55.92.168:25 ESTABLISHED…

postfix netstat

asked Aug 25 '15 at 15:40

Mr Mixin

113
4

1

vote

0 answers

Synology open for Cloud Station even if blocking 6690 port

I have a NAS Synology beyong my Internet Box. On the Internet Box, I have UPnP not activated and I have only activated on Port Transfer the following ports : 1701/UDP, 500/UDP and 4500/UDP which are usefull for my L2TP VPN. Even that, my Cloud…

port-forwarding netstat synology

asked Aug 16 '15 at 21:44

Alexis G

121
1
8

1

vote

2 answers

Does "ESTABLISHED" state in netstat command for the sshd program mean they actually have access?

I have this person(or bot) from an IP in Chile which has an "ESTABLISHED" connection to SSHD as root on my server. I'm trying to understand what netstat's outputs really mean, the manual doesn't really provide much details about them. Here's what I…

ssh netstat

asked May 08 '15 at 20:07

Nim

31
1
3

1

vote

2 answers

See stats of data in and out of each connection to a port

I have an application listening to a port. The clients connect to it using http connection. At any given time I see around 3000 connections established. I assume not all these connections are in use (sending and receiving data) in parallel. To…

networking netstat conntrack

asked May 05 '15 at 16:46

Amod Pandey

121
5

1

vote

0 answers

TCP High Send-q coupled with FIN_WAIT1 status

I'm having a problem with one of my webservers, which is taking minutes to completely render a web page. I had a look at the TCP connection and noticed that I have a very high value in the send-q buffer, while also having a TCP state of FIN_WAIT1,…

tcp netstat packetloss

asked Mar 06 '15 at 11:51

StephenC

65
1
1
7

1

vote

1 answer

Port suddenly closed. How to re-open?

I've written a software module in PHP that manages the saving of data in different data stores (MySQL, ElasticSearch and Redis). To test the module, I've created several test plans in Apache JMeter, including some that make a lot of concurrent…

iptables port ubuntu-14.04 netstat nmap

asked Feb 08 '15 at 21:47

jgxvx

113
1
3

1

vote

0 answers

How to check a given connection has been offloaded to network card

From what I read, some part of the tcp protocol operation can be offloaded from kernel to network card driver thanks to TOE (or GSO, LSO, LRO..). My objective is too find if a given socket has some part of its treatment offloaded. It seems to be…

linux-networking netstat tcp-offload-engine

asked Feb 05 '15 at 10:39

kamaradclimber

111
3

1

vote

0 answers

iptables traffic after forwarding

I have 2 servers Server A and Server B ServerA = 1.1.1.1 ServerB = 2.2.2.2 I am using ip-tables to send all traffic on port 80 to Server B on Server (A) 1.1.1.1 i have done iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination…

iptables netstat

asked Jan 21 '15 at 14:13

Ra Fay

21
1

Questions tagged [netstat]