phoebus_ROOT~# uname -a
OSF1 phoebus V4.0 1229 alpha
phoebus_ROOT~# netstat -an
printing 1 hashtable with 512 buckets
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 194.57.34.158.3494 129.175.64.15.631
ESTABLISHED
tcp 0 4 194.57.34.158.23 129.175.65.105.4017
ESTABLISHED
tcp 0 0 127.0.0.1.4005 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4006 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4007 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4008 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4009 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4010 127.0.0.1.2301 TIME_WAIT
tcp 0 0 *.6000 *.* LISTEN
tcp 0 0 *.1032 *.* LISTEN
tcp 0 0 *.1700 *.* LISTEN
tcp 0 0 *.631 *.* LISTEN
tcp 0 0 *.1030 *.* LISTEN
tcp 0 0 *.1029 *.* LISTEN
tcp 0 0 *.6112 *.* LISTEN
tcp 0 0 *.10402 *.* LISTEN
tcp 0 0 *.10401 *.* LISTEN
tcp 0 0 *.79 *.* LISTEN
tcp 0 0 *.512 *.* LISTEN
tcp 0 0 *.513 *.* LISTEN
tcp 0 0 *.514 *.* LISTEN
tcp 0 0 *.23 *.* LISTEN
tcp 0 0 *.21 *.* LISTEN
tcp 0 0 *.2301 *.* LISTEN
tcp 0 0 *.30000 *.* LISTEN
tcp 0 0 *.25 *.* LISTEN
tcp 0 0 127.0.0.1.1025 *.* LISTEN
tcp 0 0 194.57.34.158.1025 *.* LISTEN
tcp 0 0 127.0.0.1.1024 *.* LISTEN
tcp 0 0 194.57.34.158.1024 *.* LISTEN
tcp 0 0 *.111 *.* LISTEN
Henrik Stoerner wrote:
I'm merging some code I got 6 months ago for checking the "netstat"
output for what ports are being used - both for active connections
and listen-ports.
For that, I need the "netstat" commands to put into the client code,
and an example of the output so I can tell the client-module how to
interpret the data.
I'm only interested in TCP ports. I have the data I need for Linux,
Solaris and the BSD variants, but I would like them also for AIX,
HP-UX, Darwin and OSF/1.
So I need:
* The "netstat" command to run to get the set of TCP ports currently
in use, including ports used for incoming connections. Typically
this will be some sort of "netstat -na", with some extra options
to get only the TCP sockets.
Note that it may be necessary to run two commands to get both
IPv4 and IPv6 ports. On the BSD's, I noticed that connections
to the loopback interface register as IPv6 sockets, not IPv4.
* A sample of the output, so I can see which columns the various
data go into.
Anyone there who could get me this info ?
Thanks,
Henrik
PS: This lets you setup rules in hobbit-clients to track eg the
number of connections to your webserver, and put this into
a graph so you can see the activity over the day. It can
also alert you if there is a port 25 open on a server where
it shouldn't be, or if the number of connections to your
ssh daemon goes above 20.
--
Stephane Caminade
Administrateur Systèmes et Réseau
\ <user-a265b6c42ffc@xymon.invalid>
Institut d'Astrophysique Spatiale / tel : (XX) (X) XX XX XX XX
Batiment 121, Universite Paris XI \ fax : (XX) (X) XX XX XX XX
F-91405 ORSAY Cedex / www : http://www.medoc-ias.u-psud.fr/