6

I have a socket connection between a client process and a server process, both running on my machine. There are two entries shown for the connection as,

sudo netstat -ntp | grep 56442
tcp        1      0 127.0.0.1:56442         127.0.0.1:8002          CLOSE_WAIT  8276/python
tcp        0      0 127.0.0.1:8002          127.0.0.1:56442         FIN_WAIT2   -

How can I figure out which is the server in this case?

I know that the TCP server is running on port 8002, and a client connects to the listening server from port 56442.

I am trying to figure out a way to distinguish between server and client, by looking at the netstat output entries.

And why doesn't the process id/description appear when the socket is in FIN_WAIT2 state?

Improve this question
4
  • 1
    Check this page, you'll get answer of your first part. By checking the status of your processes, i.e., which process is in which state? FIN_WAIT2 state can only be occupied by a server. Check image given in that link. Don't know exactly why the process description/pid is not showing.
    – Am_I_Helpful
    Commented Aug 2, 2015 at 13:35
  • 1
    If you look at the whole output of netstat -ntp you will see that the first line tells you what each column represents. "Local Address" will be the address and port listen()ing (i.e the server bound on port 8002).
    – Drav Sloan
    Commented Aug 2, 2015 at 16:51
  • @shekharsuman: I believe that your link is misleading; you should look at the RFP itself.  Once a TCP connection is established, it is symmetrical; anything that one side can do, the other can do.  The first socket to be closed (or shutdown) can and will go into FIN-WAIT-1 and FIN-WAIT-2 states; that can be either the client or the server side.
    – Scott - Слава Україні
    Commented Aug 2, 2015 at 17:14
  • @Scott- I wasn't sure of it, that's why I didn't post that as an answer. But, I am not convinced by your reasoning either.
    – Am_I_Helpful
    Commented Aug 2, 2015 at 17:18

2 Answers 2

Reset to default
1

If you run the netstat without the grep, you'll see that the column to the left of the center has a heading like "Local Address" and the column to the right of the center has a heading like "Foreign Address".  The row that shows the local address that includes the server port number is the server.

You may be able to get a better feel for this if you start two client processes simultaneously and then run

sudo netstat -ntp | grep -E "Address|8002"

And why doesn't the process id/description come, when the socket is in FIN_WAIT2 state?

Probably because the process has terminated; after all, FIN stands for "finish" or "final".  FIN packets and FIN_ states are related to shutting down (closing) a TCP connection, which typically happens only when the processes are done with it (and which happens automatically when one or both of the processes die).  A socket can hang around in the system for a little while after the process that had it open has gone away.  Again, you can probably get a better feel for this by running netstat when both processes are alive and well, and then watching how it changes when they shut down.

Improve this answer
0

I believe netstat -ntp will only show client (nonlistening) sockets in the Local address column.

The -l flag should cause netstat to list server (listening) sockets only, and with -a you should get both and then you can differentiate based on STATEs.

Improve this answer

You must log in to answer this question.