Understanding of netstat -na command in linux

1
votes

I am facing a really bad issue and I am pathetic in networking concepts. When I try to connect to a system using tcp protocol I am getting failure but if I connect to the same system after some time I would get a success.

Scenario : I disconnect to the target environment and obviously there are no connections established to the target which is confirmed by using the below command netstat -na|grep 10.11.12.13 I initiate a fresh request netstat -na|grep 10.11.12.13 I get a failure which is given in the below

tcp 0 182 ::ffff:127.0.0.1:1234 ::ffff:10.11.12.13:8444 ESTABLISHED

I try to initiate again after some time with same request netstat -na|grep 10.11.12.13 I get to see connections in ESTABLISHED mode.

I observed the difference only in the second third column of netstat results which says with value 182 which I did not see when my request is successful. I would like to know what does this 182 stands for.

3
tcptcpclientnetstat
Do you mean , you see ESTABLISHED even in case connection fails? - Prabhu
I mean that was the thing which I did not understand. It shows ESTABLISHED but it shows the value as 182. So my question was what does this 182 stands for? - Kiran Joshi

3 Answers

1
votes

Consider this:

[root@stg openssl]# netstat -na| more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State

You can see the description of the columns at the beginning of the netstat output.

1st : Protocol name. In your case TCP

2nd : Recv-Q . Number of bytes of data that the application at Local Address is yet to pull from TCP buffer. In your case it is zero

3rd: Send-Q. Number of bytes of data that the application has given to TCP and which aren't ACK'ed by the peer TCP. It is this in your case is 182

1
votes

This might help you in understanding few bits:

http://www.auditmypc.com/tcp-port-182.asp

From linux man page 

   When  a  network error occurs, TCP tries to resend the packet.  If it doesn't succeed after some time, either ETIMEDOUT or
   the last received error on this connection is reported.

   Some applications require a quicker error notification.  This can be enabled with the IPPROTO_IP level  IP_RECVERR  socket
   option.   When  this  option  is enabled, all incoming errors are immediately passed to the user program.  Use this option
   with care — it makes TCP less tolerant to routing changes and other normal network conditions.
1
votes

For more understand the use of netstat command here are its options:

-a : All ports -t : Ports TCP -u : Ports UDP -l : Listening ports -n : IP address without domain name resolution -p : Name of the program and it associated PID

So:

-To display all port (TCP & UDP), PId with the associated name of the program :

 $ netstat -paunt

-To display all Listening ports (TCP), PId with the associated name of the program : (and we can also filter with the grep command)

 $ sudo netstat -plnt | grep ':80'

I hope it will be helpful :)