Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [netstat]

netstat is a tool for viewing active network connections, listeners and sockets.

netstat is a tool for viewing active network connections, listeners and sockets.

322 questions
1
vote
0 answers

Ghost tcp connections: ss sees them, nothing else does

We have a strange problem. Our remote server shows over 900 connections coming from our office over port 80: # ss -n | grep ESTAB | grep $OFFICEIP | grep :80 | wc -l 935 Netstat shows a similar number: # netstat -n | grep $OFFICEIP | grep :80 | wc…
Mediocre Gopher
  • 803
  • 1
  • 13
  • 24
1
vote
3 answers

Limit Number of TCP connections in Linux Server, to avoid attack

I want to limit the number of TCP connections in Linux server, I have used the following command. iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 25 --connlimit-mask 32 -j REJECT --reject-with tcp-reset It seems like,…
Mani
  • 215
  • 3
  • 9
1
vote
2 answers

Netstat count TIME_WAIT connections by port

I can obtain individual TIME_WAIT counts on a port, netstat -nat | grep :11300 | grep TIME_WAIT | wc -l; but how to do this based on all ports eg: 11300 2900 connection 3306 1200 connection 80 890 connection
Pentium10
  • 444
  • 1
  • 9
  • 23
1
vote
2 answers

What are records in 'netstat' command are when using logstash?

I use logstash with embedded elasticsearch. My logstash config looks like the following: output { tdout { debug => true debug_format => "json"} elasticsearch { embedded => true cluster => "logs" } } When I issue command to see all…
Erik
  • 203
  • 2
  • 5
  • 14
1
vote
2 answers

How to find the count of Apache workers' at a given point for shared IPs?

One can find the number of Apache workers an IP address is consuming at an instantaneous point in time by executing: netstat -pantu | grep :80 |sort | uniq -c |grep | wc -l This is useful during a DDoS attack, for example. …
ylluminate
  • 1,155
  • 2
  • 17
  • 35
1
vote
2 answers

Can I find the list of ports being listened by a process ordered by the time of opening?

I know I can see the list of open ports using the lsof command. I am trying to view the results ordered by timestamp of listening. The process opens multiple (~6) ports and I suspect the order of initialization/binding on that port is the cause of…
rajeshnair
  • 113
  • 5
1
vote
1 answer

Lots of TIME_WAIT from same IP address

I've seen a lot of questions with people concerned about lots of TIME_WAITs in netstat. I'm having a similar problem but all the TIME_WAITs are coming from the same IP address. I get over 200 of the following line: tcp6 0 0 myip:80 …
user213510
  • 11
  • 1
  • 3
1
vote
2 answers

Why is netstat -n different between Solaris and Linux and how can I make it the same?

When I run netstat -n on Solaris I get different results from netstat -n on Linux, even though according to the manual pages in Solaris and Linux the -n flag should do the same thing. My question: Please advise me how to run netstat in Linux so…
Eytan
  • 611
  • 6
  • 13
  • 27
1
vote
2 answers

Linux: Find amount of "active" connections on one port

i need to monitor how many users are actively connected to one port on debian. I know i can do it with command netstat -na |grep $port |grep ESTABLISHED |wc -l which really gives me result - a number of connections on certain port which are…
John
  • 11
  • 1
1
vote
1 answer

Random TCP Resets

We got randomly TCP "reset" error when we send request to remote server. Log from remote server Cisco TCP Connection Terminated,Nov 05 14:43:39 EST: %ASA-session-6-302014: Teardown TCP connection 640068283 for Outside:xxxx to xxxx duration 0:00:00…
allenwei
  • 71
  • 1
  • 7
1
vote
1 answer

What's the meaning of `netstat -i` flags

When I run netstat -i in Linux, I get outputs like: Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 0 0 0 0 236 0 0 0 BMPRU eth1 …
can.
  • 181
  • 1
  • 9
1
vote
1 answer

Apache2 many CLOSE_WAIT. LAMP. Locating the issue

I've got a LAMP setup running and I seem to have many CLOSE_WAIT connections for apache2 program when I netstat (several hundred). This eventually causes my apache to become unresponsive. Bellow is the setup: php: PHP 5.3.10-1ubuntu3.6 with…
D.Mill
  • 379
  • 5
  • 15
1
vote
1 answer

How to see IPs of user using the most SYN_RECV, TIME_WAIT, etc?

Does anyone recommend (or have a netstat script) that will print the IP sending the most of X (where X is FIN_WAIT, SYN_RECV, etc.). Like, I have this netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n Which will nicely print out: 1…
kidcapital
  • 847
  • 2
  • 8
  • 10
1
vote
2 answers

Established connection to a blocked port, what does it mean?

I'm pretty new to system administration, and I've been trying to get more familiar with tools like netsat. If I run netstat -n on my server, I see this line: tcp 0 0 xxx.xxx.xxx.xxx:44573 xxx.xxx.xxx.xxx:443 …
Brandon
  • 426
  • 5
  • 17
1
vote
2 answers

Averaging dstat output

I need to average upload and download speed using dstat -n. How can I add all the received and sent datas that appear after dstat -n, so that I can add them and find average upload and download speed over some period of time?
Optimus Prime
  • 113
  • 6
1 2 3
21 22