Hello, I want to know if the following output is indicative of a healthy computer system.The command is "netstat -t" . I am worried about the apparent circular reference with localhost. Proto Recv-Q Send-Q Local Address Foreign Address State tcp 32 0 L1JDFY77FVHYMJD6O:37642 162.125.83.7:https CLOSE_WAIT tcp 0 0 localhost:60846 localhost:42012 ESTABLISHED tcp 32 0 L1JDFY77FVHYMJD6O:60696 162.125.36.1:https CLOSE_WAIT tcp 32 0 L1JDFY77FVHYMJD6O:39138 162.125.83.3:https CLOSE_WAIT tcp 0 0 L1JDFY77FVHYMJD6O:46664 134.213.52.45:https ESTABLISHED tcp 0 0 localhost:42012 localhost:60846 ESTABLISHED tcp 0 0 L1JDFY77FVHYMJD6O:46662 134.213.52.45:https ESTABLISHED tcp 32 0 L1JDFY77FVHYMJD6O:38518 162.125.83.3:https CLOSE_WAIT tcp 0 0 L1JDFY77FVHYMJD6O:57244 162.125.34.129:https ESTABLISHED tcp 32 0 L1JDFY77FVHYMJD6O:39130 162.125.83.3:https CLOSE_WAIT tcp 32 0 L1JDFY77FVHYMJD6O:59380 162.125.83.4:https CLOSE_WAIT tcp 0 0 L1JDFY77FVHYMJD6O:57852 162.125.34.129:https ESTABLISHED tcp 1 0 L1JDFY77FVHYMJD6O:41264 ec2-52-22-138-109:https CLOSE_WAIT regards Peter
Peter Wolf via luv-beginners wrote:
I want to know if the following output is indicative of a healthy computer system.The command is "netstat -t" .
I am worried about the apparent circular reference with localhost.
On GNU/Linux "netstat" has been deprecated for over a decade. You should use "ss" instead. See also https://en.wikipedia.org/wiki/iproute2 It is perfectly normal for a host to talk to itself. That's what the loopback interface, and the 127.0.0.0/8 address range, is for. Here's a host I have: root@tweak:~# ss -n | grep -e ^Netid -e 127.*127 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp ESTAB 0 0 127.0.0.1:53520 127.0.0.1:60044 udp ESTAB 0 0 127.0.0.1:43282 127.0.0.1:43282 udp ESTAB 0 0 127.0.0.1:60044 127.0.0.1:53520 tcp CLOSE-WAIT 55 0 127.0.0.1:37780 127.0.0.1:10025 tcp ESTAB 0 0 127.0.0.1:47327 127.0.0.1:54637 tcp ESTAB 0 0 127.0.0.1:32843 127.0.0.1:37867 tcp ESTAB 0 0 127.0.0.1:54637 127.0.0.1:47327 tcp ESTAB 0 0 127.0.0.1:37867 127.0.0.1:32843 If you run ss with -p (as root) you can see what the processes in question are. For example, I see these (hand-elided and hand-wrapped): root@tweak:~# ss -np | grep -e ^Netid -e 127.*127 ... users:(("pinger",pid=7557,fd=1), ("pinger",pid=7557,fd=0)) ... users:(("postgres",pid=15895,fd=10), ("postgres",pid=15894,fd=10), ("postgres",pid=15893,fd=10), ("postgres",pid=15892,fd=10), ("postgres",pid=15891,fd=10), ("postgres",pid=15889,fd=10)) ... users:(("squid",pid=27687,fd=11)) ... users:(("/usr/sbin/amavi",pid=29179,fd=14)) ... users:(("squid-acl-check",pid=7559,fd=1), ("squid-acl-check",pid=7559,fd=0)) ... users:(("squid",pid=27687,fd=21)) ... users:(("squid",pid=27687,fd=18)) ... users:(("squid-acl-check",pid=7560,fd=1), ("squid-acl-check",pid=7560,fd=0)) i.e. right now squid and amavis are using the loopback interface. NFS is another obvious candidate. DNS via systemd-resolved (without libnss-resolve) also needs lo. I *think* dbus stuff happens via unix sockets, so won't appear on the loopback interface, but you can see it in ss using -x. You can see how much relies on the loopback interface by turning it off and watching things break (DON'T DO THIS to a production host): sudo ip link set lo down
participants (2)
-
Peter Wolf -
Trent W. Buck