Local and Foreign Address using netstat
In the context of netstat command, the 'Local Address' refers to the network address of your own computer, where a particular
network service is running. The 'Foreign Address'
refers to the network address of the remote computer or device that your
computer is connected to for that specific network service. This command
provides information about network connections and network statistics on your
system.
We will begin by viewing the help
information screen by executing the following command:
netstat -h
We will then view all active connections by typing
the following:
netstat
We can use netstat to display both local and foreign addresses in
numeric IP form using the “-n” parameter.
netstat -n
If we want
to view only TCP connections, we need to add the “-t” parameter.
netstat -t
Similary, if we want to view only UDP
connections, we need to add the “-u” parameter.
netstat -u
We can combine and operate multiple parameters in a
single command as follows;
netstat -tn
Let’s look at the figure;
1)
This area shows our local IP address and port number for each connection.
2) This field shows our remote IP address and port number for each
connection.
3) This area displays the TCP / UDP status of
each connection;
# LISTEN: represents waiting for a connection request from any remote
TCP and port.
# SYN-SENT: represents waiting for a matching connection request after
having sent a connection request.
# SYN-RECEIVED: represents waiting for a confirming connection request
acknowledgment after having both received and sent a connection request.
# ESTABLISHED: represents an open connection, data received can be
delivered to the user. The normal state for the data transfer phase of
the connection.
# FIN-WAIT-1: represents waiting for a connection termination request
from the remote TCP, or an acknowledgment of the connection termination
request previously sent.
# FIN-WAIT-2: represents waiting
for a connection termination request from the remote TCP.
# CLOSE-WAIT: represents waiting for a connection termination request
from the local user.
# CLOSING: represents waiting for a connection termination request
acknowledgment from the remote TCP.
# LAST-ACK: represents waiting for an acknowledgment of the connection
termination request previously sent to the remote TCP (which includes an
acknowledgment of its connection termination request).
# TIME-WAIT: represents waiting for enough time to pass to be sure the
remote TCP received the acknowledgment of its connection termination
request.
# CLOSED: represents no connection state at all.
Disclaimer
All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.