[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] netstat commands and output on AIX, HP-UX, Darwin, OSF/1

phoebus_ROOT~# uname -a
OSF1 phoebus V4.0 1229 alpha

phoebus_ROOT~# netstat -an
printing 1 hashtable with 512 buckets
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 194.57.34.158.3494 129.175.64.15.631 ESTABLISHED
tcp 0 4 194.57.34.158.23 129.175.65.105.4017 ESTABLISHED
tcp 0 0 127.0.0.1.4005 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4006 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4007 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4008 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4009 127.0.0.1.2301 TIME_WAIT
tcp 0 0 127.0.0.1.4010 127.0.0.1.2301 TIME_WAIT
tcp 0 0 *.6000 *.* LISTEN
tcp 0 0 *.1032 *.* LISTEN
tcp 0 0 *.1700 *.* LISTEN
tcp 0 0 *.631 *.* LISTEN
tcp 0 0 *.1030 *.* LISTEN
tcp 0 0 *.1029 *.* LISTEN
tcp 0 0 *.6112 *.* LISTEN
tcp 0 0 *.10402 *.* LISTEN
tcp 0 0 *.10401 *.* LISTEN
tcp 0 0 *.79 *.* LISTEN
tcp 0 0 *.512 *.* LISTEN
tcp 0 0 *.513 *.* LISTEN
tcp 0 0 *.514 *.* LISTEN
tcp 0 0 *.23 *.* LISTEN
tcp 0 0 *.21 *.* LISTEN
tcp 0 0 *.2301 *.* LISTEN
tcp 0 0 *.30000 *.* LISTEN
tcp 0 0 *.25 *.* LISTEN
tcp 0 0 127.0.0.1.1025 *.* LISTEN
tcp 0 0 194.57.34.158.1025 *.* LISTEN
tcp 0 0 127.0.0.1.1024 *.* LISTEN
tcp 0 0 194.57.34.158.1024 *.* LISTEN
tcp 0 0 *.111 *.* LISTEN


Henrik Stoerner wrote: 
I'm merging some code I got 6 months ago for checking the "netstat"
output for what ports are being used - both for active connections
and listen-ports.

For that, I need the "netstat" commands to put into the client code,
and an example of the output so I can tell the client-module how to
interpret the data.

I'm only interested in TCP ports. I have the data I need for Linux,
Solaris and the BSD variants, but I would like them also for AIX,
HP-UX, Darwin and OSF/1.

So I need:
* The "netstat" command to run to get the set of TCP ports currently
in use, including ports used for incoming connections. Typically
this will be some sort of "netstat -na", with some extra options
to get only the TCP sockets.
Note that it may be necessary to run two commands to get both
IPv4 and IPv6 ports. On the BSD's, I noticed that connections to the loopback interface register as IPv6 sockets, not IPv4.

* A sample of the output, so I can see which columns the various
  data go into.


Anyone there who could get me this info ?


Thanks,
Henrik


PS: This lets you setup rules in hobbit-clients to track eg the
number of connections to your webserver, and put this into
a graph so you can see the activity over the day. It can also alert you if there is a port 25 open on a server where
it shouldn't be, or if the number of connections to your
ssh daemon goes above 20.



To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk




--
_____________________________________________________________________________
Stephane Caminade
Administrateur Systèmes et Réseau
                                  \  <Stephane.Caminade (at) medoc-ias.u-psud.fr>
Institut d'Astrophysique Spatiale  /  tel : (33) (1) 69 85 87 03
Batiment 121, Universite Paris XI  \  fax : (33) (1) 69 85 86 75
F-91405 ORSAY Cedex                /  www : http://www.medoc-ias.u-psud.fr/

_____________________________________________________________________________