How to read netstat -n result?

General Discussion about IP Address Lookup caveats, technology, ideas, etc.

Moderator: Moderators

How to read netstat -n result?

Postby needip on Fri Mar 31, 2006 11:21 am

ok, i was directly connected to another user.

i did a NETSTAT command:

here are my results, im not asking for anyone to find this person, i just need to know which of these IP addresses should i be focusng on? The first row? the last row? 2nd to last? etc etc

Local address Foreign address
127.xxx. 127.xxx.
.
.
.
.
127.xxx 127.xx
172.xxx 64.xxx
172.xxx 205.xxx.
172.xxx 216.xxx
172.xxx 64.xxx
172.xxx 68.xxx
172.xxx 64.xxx
172.xxx 68.xxx
172.xxx 209.xxx
172.xxx 68.xxx

would the other person be at the 68.xxx?

thanks
needip
n00b
 
Posts: 8
Joined: Wed Mar 29, 2006 11:28 am

Re: How to read netstat -n result?

Postby robocoder on Fri Mar 31, 2006 12:48 pm

Focus your attention on the IP addresses in the foreign address column. Ignore IP addresses that look like 127.0.0.1 (this is your machine's loopback address) or your own IP address (I'm guessing this is the 172.xxx address you posted). In your example, this would be the 64.xxx, 68.xxx, 205.xxx, 209.xxx, and 216.xxx addresses.

TCP is inherently a direct connection -- how long the connection lasts depends on the application (which you can oftentimes determine from the port number). Here you'll see the IP address, followed by a colon and then the port number, e.g.,

TCP 192.168.1.101:22 128.xxx:2422 ESTABLISHED
TCP 192.168.1.101:3006 216.xxx:80 ESTABLISHED
TCP 192.168.1.101:3008 64.xxx:80 ESTABLISHED
TCP 192.168.1.101:3010 72.xxx:80 ESTABLISHED

In case you don't already know, port 80 is typically for web servers. In my example, these are connections made by simply browsing the hostip.info site Thus, I'd probably only be interested in the line showing someone from 128.xxx connected to my machine's ssh port.

Disclaimer: your mileage may vary.
User avatar
robocoder
Veteran
 
Posts: 105
Joined: Sat Mar 25, 2006 8:10 pm
Location: Ontario, Canada


Return to IP Address Lookup

Who is online

Users browsing this forum: No registered users and 3 guests

cron