[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: netstat ?




 
> From: bss@iguanasuicide.net
> To: debian-user@lists.debian.org
> Subject: Re: netstat ?
> Date: Tue, 23 Feb 2010 23:59:41 -0600
>
> In <SNT125-W503AD2F570F2C86CE7A4AFDB410@phx.gbl>, Hadi Motamedi wrote:
> >My Debian server is at @172.16.128.1 and the remote network element is at
> > @172.16.4.1 , but the 'netstat' does not show the ip address and the
> > assigned port from my Debian . It just shows many dedicated ports ,
> > assigned with '0.0.0.0:xx' format . Can you please let me know how can I
> > distinguish the dedicated port to that remote network element ?
>
> There's not one. That's not the way TCP/IP or UDP/IP servers work. All the
> client connections use the same server IP address and port. The TCP/IP or
> UDP/IP stack separates them into different connections based on the source
> address. Netstat shows sockets, not connections.
>
> In pictures (ASCII art, view in a fixed-width font):
>
> src = "" src = "">> +----------+ dst = x.x.x.x:dx +---------+ dst = x.x.x.x:dx +----------+
> | Client 1 |----------------->| Server |<-----------------| Client 2 |
> | y.y.y.y | | x.x.x.x | | z.z.z.z |
> | port ry |<-----------------| port dx |----------------->| port rz |
> +----------+ src = "" +---------+ src = "" +----------+
> dst = y.y.y.y:ry dst = z.z.z.z:rz
>
> There are a number of tools that can "look in" to the TCP/IP or UDP/IP stack
> and give you per-connection metrics. I think iptraf is one of them; tcpdump
> can also be used. Someone with more network monitoring experience will have
> to mention any others.
> --
> Boyd Stephen Smith Jr. ,= ,-_-. =.
> bss@iguanasuicide.net ((_/)o o(\_))
> ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
> http://iguanas uicide.net/ \_/
 
Thank you for your reply . Sorry , you mean the tcpdump can be used to monitor the exchanged packets toward an spesific ip address ? I thought that it can just monitor all of the packets on my eth0 and then I need to find the dedicated port to try to filter with . If it can do that , please provide me with an example on how to use it to monitor for an specific ip address ?

 


Hotmail: Powerful Free email with security by Microsoft. Get it now.

Reply to: