1. About the specific meaning of Proto, Recv-Q, Send-Q and other columns
Proto : protocol name
Recv-Q : network receive queue
Indicates that the received data has been buffered locally, but how much has not been taken by the process, recv(). If the receiving queue Recv-Q has been blocked, it may be a denial-of-service attack.
send-Q : Network send queue
The data that the other party has not received or that has no Ack is still in the local buffer.
If the send queue Send-Q cannot be cleared quickly, it may be that some application sends out data packets too fast, or the other party does not receive data packets fast enough .
The two values of recv-Q and send-Q should usually be 0. If they are not 0, there may be problems. There should be no accumulation of packets in either queue. Brief non-zero cases are acceptable.
2. Local Address : local address
- 0.0.0.0:2000: Indicates listening to port 2000 of all ip addresses on the server (0.0.0.0 indicates all local ip)
- :::2000: It also means listening to port 2000 of all local IPs. The difference from 0.0.0.0:2000 is that it represents an IPv6 address , and 0.0.0.0 represents all local IPv4 addresses.
- ":::" The first two "::" of the three: are the abbreviation of "0:0:0:0:0:0:0:0", which is equivalent to "0.0.0.0" of IPv6. Represents all IPv6 addresses of this machine, the third: is the separator between IP and port
- 127.0.0.1:8080: Indicates port 8080 that listens to the loopback address of the local machine. If a service only listens to the loopback address, it can only be accessed locally, and cannot be accessed remotely through the tcp/ip protocol
- ::1:9000: indicates the port 9000 listening to the IPv6 loopback address, ::1 indicates the IPv6 loopback address
3. Foreign Address : external address
An external socket to communicate with the native port. The display rules are the same as Local Address
4. State : state
There are 11 link states. There are 12 possible states in the state column. The first 11 are described according to the three-way handshake of TCP connection establishment and the four-way handshake process of TCP connection disconnection.
The state parameters mainly include:
LISTEN: First, the server needs to open a socket for listening, and the status is LISTEN. Connection requests from remote TCP portsSYN_SENT: The client calls connect through the application to perform active open. So the client tcp sends a SYN to request to establish a connection, and the state is set to SYN_SENT. Wait for a matching connection request after sending a connection requestSYN_RECV: The server should send an ACK to confirm the SYN of the client, and at the same time send a SYN to the client, and set the status to SYN_RECV. Waiting for an acknowledgment of a connection request after receiving and sending oneESTABLISHED: Represents an open connection, both parties can or have already exchanged data. Represents an open connection, data can be sent to the userFIN-WAIT-1: Active close (active close) The terminal application calls close, so its TCP sends a FIN request to actively close the connection, and then enters the FIN_WAIT1 state. Waiting for a remote TCP connection interruption request, or an acknowledgment of a previous connection interruption requestCLOSE-WAIT: After the passive close (passive close) end TCP receives the FIN, it sends an ACK to respond to the FIN request (its reception is also passed to the upper-layer application as the end of file), and enters CLOSE_WAIT. Waiting for a connection termination request from a local userFIN-WAIT-2: After actively closing the terminal and receiving ACK, it enters FIN-WAIT-2. Waiting for connection interrupt request from remote TCPLAST-ACK: After passively closing the terminal for a period of time, the application that receives the end-of-file will call CLOSE to close the connection. This causes its TCP to also send a FIN, waiting for the other party's ACK, which enters the LAST-ACK. Wait for the confirmation of the connection interruption request originally sent to the remote TCPTIME-WAIT: After receiving the FIN at the active shutdown end, TCP sends an ACK packet and enters the TIME-WAIT state. Wait enough time to ensure that the remote TCP receives an acknowledgment of the connection break requestCLOSING: Relatively rare. Wait for acknowledgment from the remote TCP that the connection has been interruptedCLOSED: After receiving the ACK packet, the passive closed end enters the closed state. Link ended without any connection status
State parameter supplement :
SYN : Synchronize Sequence Numbers (Synchronize Sequence Numbers), this flag is only valid when the three-way handshake establishes a TCP connection, indicating a new TCP connection request ACK: Acknowledgment Number (
Acknowledgment Number), is the confirmation flag for TCP requests, and prompts for The end system has successfully received all data
FIN : the end flag (Finish), used to end a TCP conversation, but the corresponding port is still open, waiting to receive subsequent data
5. PID/Program:
PID is the process id, Program is the application using the socket