Re: interpreting netstat results

From: Robert Binkley (rbinkl@COMCAST.NET)
Date: Tue Dec 02 2003 - 13:55:29 EST

• Next message: Vipin Khushu: "Re: interpreting netstat results"
• Previous message: Holger.VanKoll@SWISSCOM.COM: "Re: interpreting netstat results"
• In reply to: Vipin Khushu: "interpreting netstat results"
• Next in thread: Vipin Khushu: "Re: interpreting netstat results"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

netstat -an | grep "10.0.0.3" | grep TIME_WAIT | wc -l
/usr/ucb/echo -n "king LAST_ACK: "

to trace
The trpt command queries the buffer for Transmission Control Protocol (TCP)
trace records. This buffer is created when a socket is marked for debugging
with the setsockopt subroutine. The trpt command then prints a description
of these trace records.

Note: You can use the traceson command to turn on socket level debugging for
daemons.
When you specify no options, the trpt command prints all the trace records
found in the system and groups them according to their TCP/IP connection
protocol control block (PCB).

Before you can use the trpt command, you must:

Isolate the problem and mark for debugging the socket or sockets involved in
the connection.
Find the address of the protocol control blocks associated with these
sockets by using the netstat -aA command.
Then you can run the trpt command, using the -p flag to supply the
associated protocol control block addresses. You can specify
multiple -pAddress flags with a single trpt command.
The -f flag can be used to follow the trace log once it is located. The -j
flag can be used to check the presence of trace records for the socket in
question.

If the system image does not contain the proper symbols to find the trace
buffer, the trpt command cannot succeed.

Robert Lee Binkley
5009 Silver Oak
Sherwood ark 72120
** rbinkl@comcast.net <mailto:rbinkl@comcast.net>
** ************
** ************

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
Vipin Khushu
Sent: Tuesday, December 02, 2003 11:37 AM
To: aix-l@Princeton.EDU
Subject: interpreting netstat results

Does anyone know what to make of the "LAST_ACK" in the output of netstat?

# netstat

Active Internet connections

Proto Recv-Q Send-Q Local Address Foreign Address
(state)
tcp4 0 0 companyname.company.8765 123.456.789......
LAST_ACK

where 8765 is the port number.

Our shopping website was non-functional while the LAST_ACK state persisted.

Upon waiting a few minutes, the following change occurred without any
intervention on our part (which allowed the site to function normally once
again):

# netstat

Active Internet connections

Proto Recv-Q Send-Q Local Address Foreign Address
(state)
tcp4 0 0 companyname.company.8765 *.*
LISTEN
tcp4 0 0 companyname.company.8766 *.*
LISTEN

man netstat did not have anything useful (based on a quick review) that
would explain how to interpret the (state) messages.

TIA

Vipin

• Next message: Vipin Khushu: "Re: interpreting netstat results"
• Previous message: Holger.VanKoll@SWISSCOM.COM: "Re: interpreting netstat results"
• In reply to: Vipin Khushu: "interpreting netstat results"
• Next in thread: Vipin Khushu: "Re: interpreting netstat results"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:23 EDT