MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat

Sat, Dec 31, 2016 6:21 pm

Using netstat to determine the process that is using a network port under Linux

While troubleshooting an isuue on a CentOS server, which functions as a web server, I used the tcpdump utility to monitor network traffic to and from the web server. I used the tcpdump command tcpdump -i enp1s4 -vvv port 80 to observe traffic on network interface enp1s4, which was the Local Area Network (LAN) interface, and only on port 80, the well-known port for HTTP traffic. Amidst the expected traffic I also saw HTTP connectivity from the server on which I was performing the troublehshooting to another web server, which seemed odd, since it wasn't immediately apparent to me why the server I was troubleshooting was connecting to that other web server at IP address

15:12:46.491073 IP (tos 0x0, ttl 64, id 21907, offset 0, flags [DF], proto TCP (
6), length 52) > Flags [F.], cksum 0x26b7 (incorrect
 -> 0x2738), seq 3599572683, ack 3802137359, win 115, options [nop,nop,TS val 28
33407685 ecr 423340583], length 0
15:12:46.515987 IP (tos 0x0, ttl 54, id 31318, offset 0, flags [none], proto TCP
 (6), length 52) > Flags [F.], cksum 0x13c6 (correct),
 seq 1, ack 1, win 114, options [nop,nop,TS val 423345561 ecr 2833407685], lengt
h 0
15:12:46.516052 IP (tos 0x0, ttl 64, id 21908, offset 0, flags [DF], proto TCP (
6), length 52) > Flags [.], cksum 0x26b7 (incorre
ct -> 0x13ac), seq 1, ack 2, win 115, options [nop,nop,TS val 2833407710 ecr 423
345561], length 0

[ More Info ]

[/os/unix/commands] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo