Netstat command explanation

1.netstat command Explanation
In fact, I used to be NETSTAT-TNL | grep 443 (check if 443 port is occupied), if there is currently root user, I like to use NETSTAT-PNL | grep 443 (also shows the process PID that occupies the native 443 port).
Netstat
Feature Description: Displays network status.
Syntax: netstat [-accefghilmnnoprstuvvwx] [-a< network type &GT;][--IP]
Note: Using the NETSTAT directive allows you to know the network situation of the entire Linux system.
Parameters
-A or –all shows all sockets in the connection.
-A < network type > or –< network type > lists the relevant addresses in the network type connection.
-C or –continuous continues to list network status.
-C or –cache displays the cache information for the router configuration.
-E or –extend displays other relevant information about the network.
-F or –FIB displays the fib.
-G or –groups displays the multi-broadcast feature group members list.
-h or Help online Help.
-I or –interfaces displays the Web interface information form.
-L or –listening displays the socket of the server in the monitor.
-M or –masquerade displays the spoofed network connection.
-N or –numeric uses the IP address directly, not through the domain name server.
-N or –netlink or –symbolic displays the symbolic connection name of the network hardware peripherals.
-O or –timers displays the timer.
-P or –programs shows the program identification code and program name that are using the socket.
-R or –route displays Routing Table.
-S or –statistice displays the statistics of network work information.
-T or –tcp shows the connection status of the TCP transport protocol.
-U or –UDP shows the connection status of the UDP transport protocol.
-V or –verbose shows the instruction execution process.
-V or –version displays version information.
-W or –raw shows the connection status of the raw transport protocol.
-X or –unix the effect of this parameter is the same as specifying the "-A Unix" parameter.
– IP or –inet the effect of this parameter is the same as specifying the "-A inet" parameter.

2. Detailed Network connection Status
A total of 12 possible states, the first 11 are based on the TCP connection established three handshake and the TCP connection broken four wave process to describe.
1), LISTEN: First, the server needs to open a socket for monitoring, the status of listen./* the socket is listening for incoming connections. Listening for connection requests from remote TCP ports */

2), Syn_sent: The client calls connect through the application to make active open. The client TCP sends a SYN to request a connection. Then the status is set to Syn_sent./*the socket is actively Attempting to establish a connection. Wait for a matching connection request after sending a connection request */

3), SYN_RECV: The server should issue an ACK to confirm the client's SYN, and send itself to the client a syn. The status is then set to syn_recv/* A connection request has been received from the network. Wait for confirmation of the connection request after receiving and sending a connection request */

4), established: represents an open connection, both can be made or have interacted with the data. /* The socket has an established connection. Represents an open connection, data can be sent to the user */

5), Fin_wait1: Active shutdown (active close) end application calls Close, and its TCP sends a FIN request to actively close the connection before entering the FIN_WAIT1 state./* The socket is closed, and the Connection is shutting down. Pending connection interruption request for remote TCP, or confirmation of a previous connection interruption request */

6), close_wait: Passive shutdown (passive close) After TCP receives FIN, an ACK is issued in response to the FIN request (its receive is also passed as a file terminator to the upper-level application), and enters close_wait./* the remote end Have shut down, waiting for the socket to close. Waiting for a connection interrupt request from a local user */

7), Fin_wait2: Active closed end received ACK, entered the fin-wait-2./* Connection is closed, and the socket was waiting for a shutdown from the Remot E end. Waiting for connection interrupt request from remote TCP */

8), Last_ack: After a period of passive shutdown, the application that receives the file terminator will call close to close the connection. This causes its TCP to also send a FIN, waiting for the other person's ACK. It entered the last-ack./* The remote end has a shut down, and the socket is closed. Waiting for acknowledgement. Wait for the acknowledgement of the connection interrupt request that was originally sent to remote TCP */

9), Time_wait: After the active shut-off side receives the fin, TCP sends the ACK packet, and enters the time-wait state. /* The socket is waiting after close to handle packets still in the network. Wait enough time to make sure that the remote TCP receives a connection interrupt request confirmation */

10), CLOSING: relatively rare./* Both sockets is shut down but we still don ' t has all of our data sent. Wait for the remote TCP acknowledgement of the connection interruption */

11), CLOSED: Passive closed end after receiving the ACK packet, it entered the state of CLOSED. The connection ends./* The socket is not being used. No connection Status */

12), UNKNOWN: Unknown socket status. /* The state of the socket is unknown. */

SYN: (Synchronous sequence number, Synchronize Sequence Numbers) This flag is valid only if the three-time handshake establishes a TCP connection. Represents a new TCP connection request.
ACK: (acknowledgement number) is a confirmation flag for the TCP request and indicates that the peer system has successfully received all the data.
FIN: (end sign, finish) is used to end a TCP reply. But the corresponding port is still open, ready to receive subsequent data

Netstat command explanation