Does “ESTABLISHED” state in netstat command for the sshd program mean they actually have access?Unrecognized SSH access on server?If I change the root password on a linux server, can someone still access root if they created an SSH authorized_key for root user?In the output for netstat what does the [::] mean?Interpreting Netstat outputHow do I configure SSHd to permit a single command, without giving full login access to the user?what does the --backup-mode option for rdiff mean?do SSH keys have to be unique to the service they are used for?What does it mean for netstat -tDoes the netstat counter wrap around? And over what period are they collected?A specified logon session does not exist. It may already have been terminated (only from SSH)(for the accounts not specified in Log On tab)

Why do even high-end cameras often still include normal (non-cross-type) AF sensors?

How dangerous are set-size assumptions?

How does DC work with natural 20?

Is it damaging to turn off a small fridge for two days every week?

Employer wants to use my work email account after I quit

NSE Numerical IQ Test no.12: 759802, 358829, 847123,?

If I wouldn't want to read the story, is writing it still a good idea?

How large would a mega structure have to be to host 1 billion people indefinitely?

Hot coffee brewing solutions for deep woods camping

Why does the Saturn V have standalone inter-stage rings?

Can White Castle?

Why did pressing the joystick button spit out keypresses?

Can someone suggest a path to study Mordell-Weil theorem for someone studying on their own?

Can any NP-Complete Problem be solved using at most polynomial space (but while using exponential time?)

What is the legal status of travelling with methadone in your carry-on?

Would it be a copyright violation if I made a character’s full name refer to a song?

What did River say when she woke from her proto-comatose state?

What's currently blocking the construction of the wall between Mexico and the US?

Appropriate way to say "see you tomorrow" when meeting online

Is "Busen" just the area between the breasts?

When to remove insignificant variables?

Should developer taking test phones home or put in office?

Impossible darts scores

Java TreeMap.floorKey() equivalent for std::map



Does “ESTABLISHED” state in netstat command for the sshd program mean they actually have access?


Unrecognized SSH access on server?If I change the root password on a linux server, can someone still access root if they created an SSH authorized_key for root user?In the output for netstat what does the [::] mean?Interpreting Netstat outputHow do I configure SSHd to permit a single command, without giving full login access to the user?what does the --backup-mode option for rdiff mean?do SSH keys have to be unique to the service they are used for?What does it mean for netstat -tDoes the netstat counter wrap around? And over what period are they collected?A specified logon session does not exist. It may already have been terminated (only from SSH)(for the accounts not specified in Log On tab)






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















I have this person(or bot) from an IP in Chile which has an "ESTABLISHED" connection to SSHD as root on my server.



I'm trying to understand what netstat's outputs really mean, the manual doesn't really provide much details about them. Here's what I get:



root@linode [~]# netstat -tanpc|grep 200.29.174.125
tcp 0 840 45.33.71.204:22 200.29.174.125:40506 ESTABLISHED 12016/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:40792 ESTABLISHED 12020/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:41079 SYN_RECV -
tcp 0 1 45.33.71.204:22 200.29.174.125:40792 FIN_WAIT1 -
tcp 0 84 45.33.71.204:22 200.29.174.125:41079 ESTABLISHED 12022/sshd
tcp 0 52 45.33.71.204:22 200.29.174.125:41353 ESTABLISHED 12024/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:41661 ESTABLISHED 12026/sshd
tcp 0 720 45.33.71.204:22 200.29.174.125:41959 ESTABLISHED 12028/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:42208 ESTABLISHED 12030/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:42509 ESTABLISHED 12032/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:42810 ESTABLISHED 12034/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:43094 SYN_RECV -
tcp 0 84 45.33.71.204:22 200.29.174.125:43094 ESTABLISHED 12036/sshd
tcp 0 52 45.33.71.204:22 200.29.174.125:43362 ESTABLISHED 12038/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:43676 ESTABLISHED 12040/sshd
tcp 0 720 45.33.71.204:22 200.29.174.125:43936 ESTABLISHED 12042/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:44229 ESTABLISHED 12044/sshd
tcp 0 840 45.33.71.204:22 200.29.174.125:44566 ESTABLISHED 12047/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:44844 ESTABLISHED 12056/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:45079 SYN_RECV -
tcp 0 84 45.33.71.204:22 200.29.174.125:45079 ESTABLISHED 12058/sshd


What I understand from the above output is that this person(or bot?) is changing ports every second and so a new PID for SSHD is created every time he(or it) "establishes" a connection. Am I right?



Next and more important thing I'd like to ask is does the "ESTABLISHED" state here mean that he(or it) actually has access to my server as the root user? Or if I'm right at my assumption above, does this mean he(or it) is scanning for ports in my server, still trying to get in?






ssh netstat







share|improve this question






















  • Most systems log authentication events. Where depends on the distribution / OS like /var/log/secure for Redhat and derivatives (Centos, Oracle Linux etc) and /var/log/auth.log for Debian and derivatives (Ubuntu etc).

    – Brian
    May 8 '15 at 20:34

















0















I have this person(or bot) from an IP in Chile which has an "ESTABLISHED" connection to SSHD as root on my server.



I'm trying to understand what netstat's outputs really mean, the manual doesn't really provide much details about them. Here's what I get:



root@linode [~]# netstat -tanpc|grep 200.29.174.125
tcp 0 840 45.33.71.204:22 200.29.174.125:40506 ESTABLISHED 12016/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:40792 ESTABLISHED 12020/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:41079 SYN_RECV -
tcp 0 1 45.33.71.204:22 200.29.174.125:40792 FIN_WAIT1 -
tcp 0 84 45.33.71.204:22 200.29.174.125:41079 ESTABLISHED 12022/sshd
tcp 0 52 45.33.71.204:22 200.29.174.125:41353 ESTABLISHED 12024/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:41661 ESTABLISHED 12026/sshd
tcp 0 720 45.33.71.204:22 200.29.174.125:41959 ESTABLISHED 12028/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:42208 ESTABLISHED 12030/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:42509 ESTABLISHED 12032/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:42810 ESTABLISHED 12034/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:43094 SYN_RECV -
tcp 0 84 45.33.71.204:22 200.29.174.125:43094 ESTABLISHED 12036/sshd
tcp 0 52 45.33.71.204:22 200.29.174.125:43362 ESTABLISHED 12038/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:43676 ESTABLISHED 12040/sshd
tcp 0 720 45.33.71.204:22 200.29.174.125:43936 ESTABLISHED 12042/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:44229 ESTABLISHED 12044/sshd
tcp 0 840 45.33.71.204:22 200.29.174.125:44566 ESTABLISHED 12047/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:44844 ESTABLISHED 12056/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:45079 SYN_RECV -
tcp 0 84 45.33.71.204:22 200.29.174.125:45079 ESTABLISHED 12058/sshd


What I understand from the above output is that this person(or bot?) is changing ports every second and so a new PID for SSHD is created every time he(or it) "establishes" a connection. Am I right?



Next and more important thing I'd like to ask is does the "ESTABLISHED" state here mean that he(or it) actually has access to my server as the root user? Or if I'm right at my assumption above, does this mean he(or it) is scanning for ports in my server, still trying to get in?






ssh netstat







share|improve this question






















  • Most systems log authentication events. Where depends on the distribution / OS like /var/log/secure for Redhat and derivatives (Centos, Oracle Linux etc) and /var/log/auth.log for Debian and derivatives (Ubuntu etc).

    – Brian
    May 8 '15 at 20:34













0












0








0


1






I have this person(or bot) from an IP in Chile which has an "ESTABLISHED" connection to SSHD as root on my server.



I'm trying to understand what netstat's outputs really mean, the manual doesn't really provide much details about them. Here's what I get:



root@linode [~]# netstat -tanpc|grep 200.29.174.125
tcp 0 840 45.33.71.204:22 200.29.174.125:40506 ESTABLISHED 12016/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:40792 ESTABLISHED 12020/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:41079 SYN_RECV -
tcp 0 1 45.33.71.204:22 200.29.174.125:40792 FIN_WAIT1 -
tcp 0 84 45.33.71.204:22 200.29.174.125:41079 ESTABLISHED 12022/sshd
tcp 0 52 45.33.71.204:22 200.29.174.125:41353 ESTABLISHED 12024/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:41661 ESTABLISHED 12026/sshd
tcp 0 720 45.33.71.204:22 200.29.174.125:41959 ESTABLISHED 12028/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:42208 ESTABLISHED 12030/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:42509 ESTABLISHED 12032/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:42810 ESTABLISHED 12034/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:43094 SYN_RECV -
tcp 0 84 45.33.71.204:22 200.29.174.125:43094 ESTABLISHED 12036/sshd
tcp 0 52 45.33.71.204:22 200.29.174.125:43362 ESTABLISHED 12038/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:43676 ESTABLISHED 12040/sshd
tcp 0 720 45.33.71.204:22 200.29.174.125:43936 ESTABLISHED 12042/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:44229 ESTABLISHED 12044/sshd
tcp 0 840 45.33.71.204:22 200.29.174.125:44566 ESTABLISHED 12047/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:44844 ESTABLISHED 12056/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:45079 SYN_RECV -
tcp 0 84 45.33.71.204:22 200.29.174.125:45079 ESTABLISHED 12058/sshd


What I understand from the above output is that this person(or bot?) is changing ports every second and so a new PID for SSHD is created every time he(or it) "establishes" a connection. Am I right?



Next and more important thing I'd like to ask is does the "ESTABLISHED" state here mean that he(or it) actually has access to my server as the root user? Or if I'm right at my assumption above, does this mean he(or it) is scanning for ports in my server, still trying to get in?






ssh netstat







share|improve this question














I have this person(or bot) from an IP in Chile which has an "ESTABLISHED" connection to SSHD as root on my server.



I'm trying to understand what netstat's outputs really mean, the manual doesn't really provide much details about them. Here's what I get:



root@linode [~]# netstat -tanpc|grep 200.29.174.125
tcp 0 840 45.33.71.204:22 200.29.174.125:40506 ESTABLISHED 12016/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:40792 ESTABLISHED 12020/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:41079 SYN_RECV -
tcp 0 1 45.33.71.204:22 200.29.174.125:40792 FIN_WAIT1 -
tcp 0 84 45.33.71.204:22 200.29.174.125:41079 ESTABLISHED 12022/sshd
tcp 0 52 45.33.71.204:22 200.29.174.125:41353 ESTABLISHED 12024/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:41661 ESTABLISHED 12026/sshd
tcp 0 720 45.33.71.204:22 200.29.174.125:41959 ESTABLISHED 12028/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:42208 ESTABLISHED 12030/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:42509 ESTABLISHED 12032/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:42810 ESTABLISHED 12034/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:43094 SYN_RECV -
tcp 0 84 45.33.71.204:22 200.29.174.125:43094 ESTABLISHED 12036/sshd
tcp 0 52 45.33.71.204:22 200.29.174.125:43362 ESTABLISHED 12038/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:43676 ESTABLISHED 12040/sshd
tcp 0 720 45.33.71.204:22 200.29.174.125:43936 ESTABLISHED 12042/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:44229 ESTABLISHED 12044/sshd
tcp 0 840 45.33.71.204:22 200.29.174.125:44566 ESTABLISHED 12047/sshd
tcp 0 21 45.33.71.204:22 200.29.174.125:44844 ESTABLISHED 12056/sshd
tcp 0 0 45.33.71.204:22 200.29.174.125:45079 SYN_RECV -
tcp 0 84 45.33.71.204:22 200.29.174.125:45079 ESTABLISHED 12058/sshd


What I understand from the above output is that this person(or bot?) is changing ports every second and so a new PID for SSHD is created every time he(or it) "establishes" a connection. Am I right?



Next and more important thing I'd like to ask is does the "ESTABLISHED" state here mean that he(or it) actually has access to my server as the root user? Or if I'm right at my assumption above, does this mean he(or it) is scanning for ports in my server, still trying to get in?






ssh netstat




ssh netstat






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked May 8 '15 at 20:07









Nim LeFleurNim LeFleur

1112




1112












  • Most systems log authentication events. Where depends on the distribution / OS like /var/log/secure for Redhat and derivatives (Centos, Oracle Linux etc) and /var/log/auth.log for Debian and derivatives (Ubuntu etc).

    – Brian
    May 8 '15 at 20:34

















  • Most systems log authentication events. Where depends on the distribution / OS like /var/log/secure for Redhat and derivatives (Centos, Oracle Linux etc) and /var/log/auth.log for Debian and derivatives (Ubuntu etc).

    – Brian
    May 8 '15 at 20:34
















Most systems log authentication events. Where depends on the distribution / OS like /var/log/secure for Redhat and derivatives (Centos, Oracle Linux etc) and /var/log/auth.log for Debian and derivatives (Ubuntu etc).

– Brian
May 8 '15 at 20:34





Most systems log authentication events. Where depends on the distribution / OS like /var/log/secure for Redhat and derivatives (Centos, Oracle Linux etc) and /var/log/auth.log for Debian and derivatives (Ubuntu etc).

– Brian
May 8 '15 at 20:34










2 Answers
2






active

oldest

votes


















8














Established only means that the connection is fully open and data can be transmitted. It doesn't necessarily mean that any data has been transmitted! It doesn't imply anything about layer 7, whether someone has authenticated to your system or not. You can check your system logs to learn if someone has authenticated successfully.






share|improve this answer























  • Thanks for clarifying that about the "established" state. That's what I'm actually worried about. I have set this server to send me an email every time a successful root login happens (I am using WHM/cPanel on this server). And it works when I login as root, I get an email. I'm not sure if it might be possible for root logins/successful authentication to happen without triggering the email notification I have set. Please excuse me, I'm relatively new to managing servers. Where do I find those system logs that you're talking about? I have CentOS 6.6 on this server, again with WHM/cPanel.

    – Nim LeFleur
    May 8 '15 at 20:19











  • All the system logs are in /var/log. I don't know what cPanel does; it is not a supportable topic here. You probably want to familiarize yourself with the system documentation.

    – Michael Hampton
    May 8 '15 at 20:23



















-1














Established means that the user on the other end has an open connection and so things like "shutdown -I" should work except if obviously you cannot do that anyway. I only worry about the outputs labelled Established unless the other ones are needed.






share|improve this answer

























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "2"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f690711%2fdoes-established-state-in-netstat-command-for-the-sshd-program-mean-they-actua%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    8














    Established only means that the connection is fully open and data can be transmitted. It doesn't necessarily mean that any data has been transmitted! It doesn't imply anything about layer 7, whether someone has authenticated to your system or not. You can check your system logs to learn if someone has authenticated successfully.






    share|improve this answer























    • Thanks for clarifying that about the "established" state. That's what I'm actually worried about. I have set this server to send me an email every time a successful root login happens (I am using WHM/cPanel on this server). And it works when I login as root, I get an email. I'm not sure if it might be possible for root logins/successful authentication to happen without triggering the email notification I have set. Please excuse me, I'm relatively new to managing servers. Where do I find those system logs that you're talking about? I have CentOS 6.6 on this server, again with WHM/cPanel.

      – Nim LeFleur
      May 8 '15 at 20:19











    • All the system logs are in /var/log. I don't know what cPanel does; it is not a supportable topic here. You probably want to familiarize yourself with the system documentation.

      – Michael Hampton
      May 8 '15 at 20:23
















    8














    Established only means that the connection is fully open and data can be transmitted. It doesn't necessarily mean that any data has been transmitted! It doesn't imply anything about layer 7, whether someone has authenticated to your system or not. You can check your system logs to learn if someone has authenticated successfully.






    share|improve this answer























    • Thanks for clarifying that about the "established" state. That's what I'm actually worried about. I have set this server to send me an email every time a successful root login happens (I am using WHM/cPanel on this server). And it works when I login as root, I get an email. I'm not sure if it might be possible for root logins/successful authentication to happen without triggering the email notification I have set. Please excuse me, I'm relatively new to managing servers. Where do I find those system logs that you're talking about? I have CentOS 6.6 on this server, again with WHM/cPanel.

      – Nim LeFleur
      May 8 '15 at 20:19











    • All the system logs are in /var/log. I don't know what cPanel does; it is not a supportable topic here. You probably want to familiarize yourself with the system documentation.

      – Michael Hampton
      May 8 '15 at 20:23














    8












    8








    8







    Established only means that the connection is fully open and data can be transmitted. It doesn't necessarily mean that any data has been transmitted! It doesn't imply anything about layer 7, whether someone has authenticated to your system or not. You can check your system logs to learn if someone has authenticated successfully.






    share|improve this answer













    Established only means that the connection is fully open and data can be transmitted. It doesn't necessarily mean that any data has been transmitted! It doesn't imply anything about layer 7, whether someone has authenticated to your system or not. You can check your system logs to learn if someone has authenticated successfully.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered May 8 '15 at 20:10









    Michael HamptonMichael Hampton

    180k28336666




    180k28336666












    • Thanks for clarifying that about the "established" state. That's what I'm actually worried about. I have set this server to send me an email every time a successful root login happens (I am using WHM/cPanel on this server). And it works when I login as root, I get an email. I'm not sure if it might be possible for root logins/successful authentication to happen without triggering the email notification I have set. Please excuse me, I'm relatively new to managing servers. Where do I find those system logs that you're talking about? I have CentOS 6.6 on this server, again with WHM/cPanel.

      – Nim LeFleur
      May 8 '15 at 20:19











    • All the system logs are in /var/log. I don't know what cPanel does; it is not a supportable topic here. You probably want to familiarize yourself with the system documentation.

      – Michael Hampton
      May 8 '15 at 20:23


















    • Thanks for clarifying that about the "established" state. That's what I'm actually worried about. I have set this server to send me an email every time a successful root login happens (I am using WHM/cPanel on this server). And it works when I login as root, I get an email. I'm not sure if it might be possible for root logins/successful authentication to happen without triggering the email notification I have set. Please excuse me, I'm relatively new to managing servers. Where do I find those system logs that you're talking about? I have CentOS 6.6 on this server, again with WHM/cPanel.

      – Nim LeFleur
      May 8 '15 at 20:19











    • All the system logs are in /var/log. I don't know what cPanel does; it is not a supportable topic here. You probably want to familiarize yourself with the system documentation.

      – Michael Hampton
      May 8 '15 at 20:23

















    Thanks for clarifying that about the "established" state. That's what I'm actually worried about. I have set this server to send me an email every time a successful root login happens (I am using WHM/cPanel on this server). And it works when I login as root, I get an email. I'm not sure if it might be possible for root logins/successful authentication to happen without triggering the email notification I have set. Please excuse me, I'm relatively new to managing servers. Where do I find those system logs that you're talking about? I have CentOS 6.6 on this server, again with WHM/cPanel.

    – Nim LeFleur
    May 8 '15 at 20:19





    Thanks for clarifying that about the "established" state. That's what I'm actually worried about. I have set this server to send me an email every time a successful root login happens (I am using WHM/cPanel on this server). And it works when I login as root, I get an email. I'm not sure if it might be possible for root logins/successful authentication to happen without triggering the email notification I have set. Please excuse me, I'm relatively new to managing servers. Where do I find those system logs that you're talking about? I have CentOS 6.6 on this server, again with WHM/cPanel.

    – Nim LeFleur
    May 8 '15 at 20:19













    All the system logs are in /var/log. I don't know what cPanel does; it is not a supportable topic here. You probably want to familiarize yourself with the system documentation.

    – Michael Hampton
    May 8 '15 at 20:23






    All the system logs are in /var/log. I don't know what cPanel does; it is not a supportable topic here. You probably want to familiarize yourself with the system documentation.

    – Michael Hampton
    May 8 '15 at 20:23














    -1














    Established means that the user on the other end has an open connection and so things like "shutdown -I" should work except if obviously you cannot do that anyway. I only worry about the outputs labelled Established unless the other ones are needed.






    share|improve this answer



























      -1














      Established means that the user on the other end has an open connection and so things like "shutdown -I" should work except if obviously you cannot do that anyway. I only worry about the outputs labelled Established unless the other ones are needed.






      share|improve this answer

























        -1












        -1








        -1







        Established means that the user on the other end has an open connection and so things like "shutdown -I" should work except if obviously you cannot do that anyway. I only worry about the outputs labelled Established unless the other ones are needed.






        share|improve this answer













        Established means that the user on the other end has an open connection and so things like "shutdown -I" should work except if obviously you cannot do that anyway. I only worry about the outputs labelled Established unless the other ones are needed.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jun 5 at 21:04









        user526596user526596

        1




        1



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Server Fault!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f690711%2fdoes-established-state-in-netstat-command-for-the-sshd-program-mean-they-actua%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Wikipedia:Vital articles Мазмуну Biography - Өмүр баян Philosophy and psychology - Философия жана психология Religion - Дин Social sciences - Коомдук илимдер Language and literature - Тил жана адабият Science - Илим Technology - Технология Arts and recreation - Искусство жана эс алуу History and geography - Тарых жана география Навигация менюсу

            Image
            centralized watchlist Wikipedia:Vital articles Wikipedia дан Jump to navigation Jump to search This is a list of basic subjects for which Wikipedia should have a corresponding high-quality article, and ideally a featured article. It also serves as a centralized watchlist and tracks the status of some of Wikipedia's most essential articles. Ideally this page should list approximately 1,000 of the most vital Wikipedia articles. Мазмуну 1 Biography - Өмүр баян 1.1 Actors, dancers and models - Актёрлор, бийчилер жана моделдер 1.2 Artists and architects - Сүрөтчүлөр жана архитекторлор 1.3 Authors, playwrights and poets - Жазуучулар, драматургдар жана акындар 1.4 Composers and musicians - Композиторлор жана музыканттар 1.5 Explorers and travelers - Изилдөөчүлөр менен саякатчылар 1.6 Film directors and screenwriters - Режиссёрлор жана сценаристтер 1.7 Inventors, scientists and mathematicians - Ойлоп табуучулар, окумуштуулар жана математиктер
            Read more

            Bruxelas-Capital Índice Historia | Composición | Situación lingüística | Clima | Cidades irmandadas | Notas | Véxase tamén | Menú de navegacióneO uso das linguas en Bruxelas e a situación do neerlandés"Rexión de Bruxelas Capital"o orixinalSitio da rexiónPáxina de Bruselas no sitio da Oficina de Promoción Turística de Valonia e BruxelasMapa Interactivo da Rexión de Bruxelas-CapitaleeWorldCat332144929079854441105155190212ID28008674080552-90000 0001 0666 3698n94104302ID540940339365017018237

            Image
            AnderlechtCidade de BruxelasIxellesEtterbeekEvereGanshorenJetteKoekelbergAuderghemSchaerbeekBerchem-Sainte-AgatheSaint-GillesMolenbeek-Saint-JeanSaint-Josse-ten-NoodeWoluwe-Saint-LambertWoluwe-Saint-PierreUccleForestWatermaal-Bosvoorde Comunidade Francesa de Bélxica Comunidade Flamenga de Bélxica Comunidade Xermanófona de Bélxica Bruxelas-CapitalRexións de Bélxica francésneerlandésRexiónsBélxicacomunidade francesacomunidade flamengafrancófonaflamengaUnión EuropeaMagrebMarrocosTurquíaAméricaÁfricaRepública Democrática do CongoEuropa central18 de xuño1989FlandresRexión Valoaflamengaséculo XIXClasificación climática de Köppen Bruxelas-Capital Na Galipedia, a Wikipedia en galego. Saltar ata a navegación Saltar á procura Para outras páxinas con títulos homónimos véxase: Bruxelas . Région de Bruxelles-Capitale Brussels Hoofdstedelijk Gewest Bandeira Estado Bélxica Capital Cidade de Bruxelas  • Poboación n/d Lingua oficial As dúas Superficie  • Total 1
            Read more

            What should I write in an apology letter, since I have decided not to join a company after accepting an offer letterShould I keep looking after accepting a job offer?What should I do when I've been verbally told I would get an offer letter, but still haven't gotten one after 4 weeks?Do I accept an offer from a company that I am not likely to join?New job hasn't confirmed starting date and I want to give current employer as much notice as possibleHow should I address my manager in my resignation letter?HR delayed background verification, now jobless as resignedNo email communication after accepting a formal written offer. How should I phrase the call?What should I do if after receiving a verbal offer letter I am informed that my written job offer is put on hold due to some internal issues?Should I inform the current employer that I am about to resign within 1-2 weeks since I have signed the offer letter and waiting for visa?What company will do, if I send their offer letter to another company

            Image
            When is the original BFGS algorithm still better than the Limited-Memory version? How well known and how commonly used was Huffman coding in 1979? Inverse-quotes-quine Can the US president have someone sent to jail? Employer wants to use my work email account after I quit, is this legal under German law? Is this a GDPR waiver? Do French speakers not use the subjunctive informally? Low-gravity Bronze Age fortifications Does ultrasonic bath cleaning damage laboratory volumetric glassware calibration? Why do some games show lights shine through walls? Unusual mail headers, evidence of an attempted attack. Have I been pwned? Smooth Julia set for quadratic polynomials Require advice on power conservation for backpacking trip Dimensions of list used in test C-152 carb heat on before landing in hot weather? Is my Rep in Stack-Exchange Form? What happens when your group is victim of a surprise attack but you can't be surprised? How come I was asked by a CBP
            Read more