LinuxQuestions.org - The netstat -o switch

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - The netstat -o switch (https://www.linuxquestions.org/questions/linux-newbie-8/the-netstat-o-switch-638888/)

The netstat -o switch

I've read the man pages for netstat in regard to the -o switch (timer) but other than stating that it "Includes information on network timers" it really doesn't state anything else.

When I run the netstat command with this switch to listen on port 5100, this is a snippet of what I get:

Code:

tcp        0      0 magic:5100                  mail.cslibrary.org:1564    ESTABLISHED off (0.00/0/0)

tcp        0      0 magic:5100                  mail.cslibrary.org:1596    ESTABLISHED off (0.00/0/0)

tcp        0      0 magic:5100                  mail.cslibrary.org:1584    ESTABLISHED off (0.00/0/0)

tcp        0      3 magic:5100                  bensenville2.k12.il.us:1099 ESTABLISHED on (57.53/14/0)

tcp        0    27 magic:5100                  bensenville2.k12.il.us:1093 ESTABLISHED on (0.48/0/0)

tcp        0      0 magic:5100                  64.107.61.137:4975          ESTABLISHED off (0.00/0/0)

tcp        0      0 magic:5100                  mail.cslibrary.org:51237    ESTABLISHED off (0.00/0/0)

tcp        0      0 magic:5100                  st-64-107-165-131.pop:41734 ESTABLISHED off (0.00/0/0)

Can anyone illuminate me as to what I am looking at as far as the last column of numbers and what they mean

Determining what this is about IMHO works better if you have many connections cycling through different stages. If you take the scope to be the last three columns, you might see something like:

Code:

SYN_SENT      on  (1.35/1/0)

SYN_SENT      on  (1.65/2/0)

SYN_SENT      on  (8.94/3/0)

SYN_SENT      on  (46.85/4/0)

ESTABLISHED  off  (0.00/0/0)

For this connection you will see column one not changing until there's been a maximum of four SYN_SENTs, a steady decrease of the first value and the second value only incrementing when the second value reaches zero. From this you could infer the stack sent 4 SYNs (IIRC net.ipv4.tcp_syn_retries), each SYN triggered by the first value countdown timer (dunno sysctl for this), before it got a reply turning the timer to "off" and considering the connection established. In your "ESTABLISHED on (57.53/14/0)" example the "on" could mean there's a counter set for sending keepalives for established connections and this being the fourteenth time (net.ipv4.tcp_keepalive_probes?) it sent one. The timer itself I don't know about but I guess it's rather based on jiffies than seconds. BTW, slightly different in scope, another way to dynamically see timers at work is to use 'iptstate -f -r 2 -b s -R'.

Hi,

To see these changes in 'real-time':

watch netstat -to