phoebus_ROOT~# uname -a OSF1 phoebus V4.0 1229 alpha
phoebus_ROOT~# netstat -an
printing 1 hashtable with 512 buckets
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 194.57.34.158.3494 129.175.64.15.631
ESTABLISHED
tcp 0 4 194.57.34.158.23 129.175.65.105.4017
ESTABLISHED
tcp 0 0 127.0.0.1.4005 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4006 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4007 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4008 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4009 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4010 127.0.0.1.2301 TIME_WAIT
tcp 0 0 *.6000 *.* LISTEN
tcp 0 0 *.1032 *.* LISTEN
tcp 0 0 *.1700 *.* LISTEN
tcp 0 0 *.631 *.* LISTEN
tcp 0 0 *.1030 *.* LISTEN
tcp 0 0 *.1029 *.* LISTEN
tcp 0 0 *.6112 *.* LISTEN
tcp 0 0 *.10402 *.* LISTEN
tcp 0 0 *.10401 *.* LISTEN
tcp 0 0 *.79 *.* LISTEN
tcp 0 0 *.512 *.* LISTEN
tcp 0 0 *.513 *.* LISTEN
tcp 0 0 *.514 *.* LISTEN
tcp 0 0 *.23 *.* LISTEN
tcp 0 0 *.21 *.* LISTEN
tcp 0 0 *.2301 *.* LISTEN
tcp 0 0 *.30000 *.* LISTEN
tcp 0 0 *.25 *.* LISTEN
tcp 0 0 127.0.0.1.1025 *.* LISTEN
tcp 0 0 194.57.34.158.1025 *.* LISTEN
tcp 0 0 127.0.0.1.1024 *.* LISTEN
tcp 0 0 194.57.34.158.1024 *.* LISTEN
tcp 0 0 *.111 *.* LISTEN
Henrik Stoerner wrote:
I'm merging some code I got 6 months ago for checking the "netstat" output for what ports are being used - both for active connections and listen-ports.
For that, I need the "netstat" commands to put into the client code, and an example of the output so I can tell the client-module how to interpret the data.
I'm only interested in TCP ports. I have the data I need for Linux, Solaris and the BSD variants, but I would like them also for AIX, HP-UX, Darwin and OSF/1.
So I need:
The "netstat" command to run to get the set of TCP ports currently in use, including ports used for incoming connections. Typically this will be some sort of "netstat -na", with some extra options to get only the TCP sockets. Note that it may be necessary to run two commands to get both IPv4 and IPv6 ports. On the BSD's, I noticed that connections to the loopback interface register as IPv6 sockets, not IPv4.
A sample of the output, so I can see which columns the various data go into.
Anyone there who could get me this info ?
Thanks, Henrik
PS: This lets you setup rules in hobbit-clients to track eg the number of connections to your webserver, and put this into a graph so you can see the activity over the day. It can also alert you if there is a port 25 open on a server where it shouldn't be, or if the number of connections to your ssh daemon goes above 20.
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
--
Stephane Caminade Administrateur Systèmes et Réseau \ <Stephane.Caminade at medoc-ias.u-psud.fr> Institut d'Astrophysique Spatiale / tel : (33) (1) 69 85 87 03 Batiment 121, Universite Paris XI \ fax : (33) (1) 69 85 86 75 F-91405 ORSAY Cedex / www : http://www.medoc-ias.u-psud.fr/