EzDevInfo.com

netstat interview questions

Top netstat frequently asked interview questions

`netstat` doesn't show sockets binded by python SimpleHTTPServer?

A local server is run using the SimpleHTTPServer module from Python 2.7

$ python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...

Then I use netstat to search for that socket using 8000 as a filter for port number, however, I can't find any socket with the filter (even when I open a browser window and access 127.0.0.1:8000).

$ netstat | grep 8000
// "return Nothing"

Does anyone have ideas about why I can't see the socket binded by Python SimpleHTTPServer in netstat?


Source: (StackOverflow)

Used port not showing up in netstat -a result

This issues started recently when I am trying to start active-mq (which by default starts on port 61616). But suddenly it stopped coming up with JVM_BIND issue on that port. The problem did not go away even after restarting the computer.

Main problem is that netstat -a command on Windows 7, does not show that 61616 is consumed. But when I wrote a simple Java program to bind a socket to that port, I wasn't certainly able to!

I eventually started active-mq by moving to a different port. But, can anybody please help me find why all the ports are not showing up in netstat -a result? Thanks.


Source: (StackOverflow)

Advertisements

Getting per connection bandwidth statistics

I need to determine per-process network usage statistics similar to what TCPView can do.

Example

So before you shoot me for posting a duplicate of this question, or this question, I would like to point out that neither of those have a thorough answer that could help me actually do this.

I've been doing research, and there are clearly many ways to list out active connections and their associated processes, whether this be with netstat or other windows API's like IpHlpAPI.dll.

Now, from what Google'ing I've done, I have not found much - except for these vague terms: GetPerTcpConnectionEStats and GetPerTcp6ConnectionEStats. Presumably for TCP over IPv4 and IPv6 respectively. Now where I was reading its supposedly able to do what I need to do. However, that still leaves out UDP. And those are also not available on XP systems, which TCPViewer works on.

I would be satisfied with using those for TCP, but the problem is, I can't seem to find any examples of how to use them from C#.

So I guess it all boils down to these few questions:

  • Does anyone actually know how TCPView does it?
  • How do I use GetPerTcpConnectionEStats for the TCP? Or can it even accomplish what I'm suggesting?
  • Is there another known alternative that would work for UDP?

The whole point of this is to see the independent bandwidth usage of the processes themselves. Not calculate the total system bandwidth usage.

Thanks in advance for any and all answers.


Source: (StackOverflow)

How do I interpret 'netstat -a' output

Some things look strange to me:

  • What is the distinction between 0.0.0.0, 127.0.0.1, and [::]?
  • How should each part of the foreign address be read (part1:part2)?
  • What does a state TimeWait, CloseWait mean?
  • etc.

Could someone give a quick overview of how to interpret these results?


Source: (StackOverflow)

Who is listening on a given TCP port on Mac OS X?

On Linux, I can use netstat -pntl | grep $PORT or fuser -n tcp $PORT to find out which process (PID) is listening on the specified TCP port. How do I get the same information on Mac OS X?


Source: (StackOverflow)

How to find port number for a particular process id in unix?

In UNIX OS, how can I find the port number when i know the process name or pid ?


Source: (StackOverflow)

Why always 5 connections with no program attached?

This question is similar to Network port open, but no process attached? and netstat shows a listening port with no pid but lsof does not. But the answers to them can't solve mine, since it is so weird.

I have a server application called lps that waits for tcp connections on port 8588.

[root@centos63 lcms]# netstat -lnp | grep 8588   
tcp        0      0 0.0.0.0:8588                0.0.0.0:*                   LISTEN          6971/lps

As you can see, nothing is wrong with the listening socket, but when I connect some thousand test clients(written by another colleague) to the server, whether it's 2000, 3000, or 4000. There have always been 5 clients(which are also random) that connect and send login request to the server, but cannot receive any response. Take 3000 clients as an example. This is what the netstat command gives:

[root@centos63 lcms]# netstat -nap | grep 8588 | grep ES | wc -l
3000

And this is lsof command output:

[root@centos63 lcms]# lsof -i:8588 | grep ES | wc -l
2995

That 5 connections are here:

[root@centos63 lcms]# netstat -nap | grep 8588 | grep -v 'lps'                   
tcp    92660      0 192.168.0.235:8588          192.168.0.241:52658         ESTABLISHED -                   
tcp    92660      0 192.168.0.235:8588          192.168.0.241:52692         ESTABLISHED -                   
tcp    92660      0 192.168.0.235:8588          192.168.0.241:52719         ESTABLISHED -                   
tcp    92660      0 192.168.0.235:8588          192.168.0.241:52721         ESTABLISHED -                   
tcp    92660      0 192.168.0.235:8588          192.168.0.241:52705         ESTABLISHED -                   

The 5 above shows that they are connected to the server on port 8588 but no program attached. And the second column(which is RECV-Q) keeps increasing as the clients are sending the request.

The links above say something about NFS mount and RPC. As for RPC, I used the command rcpinfo -p and the result has nothing to do with port 8588. And NFS mount, nfssta output says Error: No Client Stats (/proc/net/rpc/nfs: No such file or directory).

Question : How can this happen? Always 5 and also not from the same 5 clients. I don't think it's port conflict as the other clients are also connected to the same server IP and port and they are all properly handled by the server.

Note: I'm using Linux epoll to accept client requests. I also write debug code in my program and record every socket(along with the clients' information) that accept returns but cannot find the 5 connections. This is uname -a output:

Linux centos63 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Thanks for your kind help! I'm really confused.


Update 2013-06-08: After upgrading the system to CentOS 6.4, the same problem occurs. Finally I returned to epoll, and found this page saying that set listen fd to be non-blocking and accept till EAGAIN or EWOULDBLOCK error returns. And yes, it works. No more connections are pending. But why is that? The Unix Network Programming Volume 1 says

accept is called by a TCP server to return the next completed connection from the 
front of the completed connection queue. If the completed connection queue is empty,
the process is put to sleep (assuming the default of a blocking socket).

So if there are still some completed connections in the queue, why the process is put to sleep?

Update 2013-7-1: I use EPOLLET when adding the listening socket, so I can't accept all if not keeping accept till EAGAIN encountered. I just realized this problem. My fault. Remember: always read or accept till EAGAIN comes out if using EPOLLET, even if it is listening socket. Thanks again to Matthew for proving me with a testing program.


Source: (StackOverflow)

How to find out application name by PID (process id)

I'm trying to install VisualSVN server and have message "Specified TCP port is occupied by another service". How I can find what service or app is using the 443 port? "netstat -aon" shows me only

UDP    0.0.0.0:443            *:*        4252

The OS is Windows. And yes, I had VisualSvn Server installed on this computer before. Then I removed it (I do not see any SVN service running) and would like to reinstall.

Also I'd like to know what Authentication mode should I choose. Considering I want to have repository on external drive.

Thank you in advance, Alex.


Source: (StackOverflow)

the command "netstat -p" doesn't display the pid

the shell command netstat -p , doesn't display the pid. It displays "-" like this:

tcp        0      0 *:2181 *:53837 ESTABLISHED -

why?

It still display "-" although I use root to login.


Source: (StackOverflow)

Extract IP from netstat output

The netstat output contains thing like...

tcp        0      0 0.0.0.0:80       221.126.149.99:51973    ESTABLISHED 23879/apache2
tcp        0      0 0.0.0.0:80        66.249.68.154:40883     ESTABLISHED 23899/apache2
tcp        0      0 0.0.0.0:80       66.249.68.81:41200      ESTABLISHED 23892/apache2
tcp        0      0 0.0.0.0:80       66.249.67.121:59355     ESTABLISHED 23905/apache2
tcp        0   4465 0.0.0.0:80       110.75.175.27:48139     ESTABLISHED 23901/apache2

I use this commands

netstat -anpt|grep apache2 |grep ESTABLISHED | awk -F "[ :]" '{print $4}'

I was not able to get the IP, any hints?


Source: (StackOverflow)

How to kill the application that is using a TCP port in C#?

I want to free a TCP port during startup of my application (asking confirmation to user), how to get the PID number and then, if the user confirm, kill it?

I know I can get this information by netstat, but how to do it in a script or better in a C# method.


Source: (StackOverflow)

Android: HttpURLConnection doesn't disconnect

by running netstat on the server:
UNTIL A FEW DAYS AGO: I could see the connection being ESTABLISHED only for about a second, and then it would disappear from the list
NOW: it stays as ESTABLISHED for about 10 seconds, then it goes into FIN_WAIT1 and FIN_WAIT2

the Android code is the same, the server is still the same

is it possible that some kind of Android update might have changed things?

I can't really explain it.

I report the code below. The urlConnection.disconnect() gets executed, but the connection remains established on the server.

    HttpURLConnection urlConnection = null;
    System.setProperty("http.keepAlive", "false");

    try {
        URL url = new URL(stringUrl);
        urlConnection = (HttpURLConnection) url.openConnection();
        InputStream instream = new BufferedInputStream(urlConnection.getInputStream());
        ...
        instream.close();
    } catch (MalformedURLException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    } finally {
        if (urlConnection!=null) {
            urlConnection.disconnect();
        }
    }

Source: (StackOverflow)

TCP connection owned by pid zero

I'm trying to ensure that a Windows service program (running on top of .NET) is properly releasing its network connections.

When running the service locally I know that it will create a lot of HTTP connections to localhost on port 57300. I'm using netstat to monitor whether they are released properly.

I was suprised to see that many connections to this port are owned by the "System Idle process" (PID=0).

netstat output

Here we can see that only three of those connections are owned by the service program (PID=5012). All the others are owned by PID 0.

My main questions are: Why is this happening? and Do I need to care?

But I'd also like to know:

  • Does this mean that the service program did release the connection properly, or not?

  • Will such connections be reused if needed?

  • Do such a connection "reserve a slot" in the .NET ServicePointManager?


Source: (StackOverflow)

netstat -na : udp and state established?

In an application (voip rtp media server), netstat -na on the server (172.16.226.3 bound to udp port 1286) gives the following line :

udp 0 0 172.16.226.3:1286 172.25.14.11:10000 ESTABLISHED

As an udp connection can not be really "established", it strikes me to see such a line. netstat documentation says that this field is used for tcp connection states, but I am sure that this really is an udp network flow. So : what does it means ? I know (wireshark dump) that my server sends back udp packets from 173.16.226.3:1286 to 172.25.14.11:10000, but I don't see why it should matter...

Os is debian 6.


Source: (StackOverflow)

Tracking an application's network statistics (netstats) using ADB

I have a feeling this is possible, I'm just not quite sure where the information is held.

I want to get the up/down statistics for specific applications, but I want to do it using ADB and not wireshark or netty.

I know I can see the vmData using

adb shell
cd proc
cd pid#
cat status 

and I know I can see the netstats using:

ADB Shell dumpsys netstats details full

which gives me these results:

Dev stats:

  Pending bytes: 1410076

  Complete history:

  ident=[[type=MOBILE, subType=COMBINED, subscriberId=310260...]] uid=-1 set=ALL tag=0x0
NetworkStatsHistory: bucketDuration=3600000
  bucketStart=1349211600000 activeTime=3600000 rxBytes=19656154 rxPackets=16897 txBytes=615620 txPackets=8084 operations=0
  bucketStart=1349215200000 activeTime=3600000 rxBytes=28854708 rxPackets=23363 txBytes=1037409 txPackets=12206 operations=0
  bucketStart=1349218800000 activeTime=3600000 rxBytes=1839274 rxPackets=1565 txBytes=89791 txPackets=914 operations=0
  bucketStart=1349222400000 activeTime=3600000 rxBytes=17421 rxPackets=88 txBytes=18376 txPackets=95 operations=0
  bucketStart=1349226000000 activeTime=3600000 rxBytes=506966 rxPackets=788 txBytes=96491 txPackets=859 operations=0

Unfortunately this looks like a combined netstat that does not differentiate between applications.

So my question, is there a way to see network traffic by unique PID#'s or application names, by simply using the command prompt?


EDIT


Alright I made some good strides

With this code

 adb shell cat proc/1638(thePID)/net/dev > C:\netstats.txt 

I can get this information:

Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
lo:        3564      28    0    0    0     0          0         0     3564      28    0    0    0     0       0          0
dummy0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
rmnet0: 117062940  191775  0    0    0     0          0         0 19344640  177574    0    0    0     0       0          0
rmnet1: 2925492    5450    0    0    0     0          0         0  1448544    5664    0    0    0     0       0          0
rmnet2:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
rmnet3:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
rmnet4:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
rmnet5:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
rmnet6:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
rmnet7:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  sit0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  vip0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0

Unfortunately after double checking these numbers with programs like "Network Usage" from the android market place, I discovered that these numbers are the total up and down across the entire device.

So it still leaves me with, how/where the heck are programs like "Network Usage" and "Spare Parts" getting their information from?


Source: (StackOverflow)