Network Monitoring  «Prev  Next»

Lesson 3Determining Network Connections
ObjectiveUse netstat command to view active TCP connections on Machine.

Determining Network Connections

The netstat command examines many of the kernel's tables that deal with network connections. One of its most useful applications is to list active network connections involving your machine.
The netstat command will list active TCP connections and show active “UNIX domain” connections. UNIX domain connections are internal to one machine; they are a form of interprocess communication. For the purposes of this course, we will concentrate on TCP connections.
View the diagram below to see an example of using netstat to view active TCP connections.

Number of Bytes

Number of bytes in the receive queues for connections listed
  1. Number of bytes in the receive queues for connections listed. This number is usually small (zero, for example), unless the connection is blocked for some reason
  2. Number of bytes in the send queues for connections listed. This number is usually small (zero, for example), unless the connection is blocked for some reason.
  3. Local address (in the form address:port)
  4. Foreign address (in the form address:port)
  5. This column shows the state of the TCP finite-state automaton for the connection listed. The most common outputs are ESTABLISHED, CLOSE_WAIT, FIN_WAIT, and FIN_WAIT2
  6. CLOSE_WAIT means that the TCP connection was recently closed and the port is in a mandatory “rest period
  7. This line describes a connection between the telnet port on mymachine and port 60786 on the machine acme.com.
  8. ESTABLISHED means this is an ongoing TCP connection.
  9. FIN_WAIT (and FIN_WAIT2) is an intermediate TCP state that indicates a connection in the process of shutting down.


On Solaris, to view a report on TCP connections, use the netstat -P tcp command.

Netstat Command

Click the link below to test your knowledge of the netstat command. netstat Command Output

Determining -Network Connections - Exercise

Click the Exercise link below to test your knowledge of the netstat command.
Determining -Network Connections - Exercise