Interpreting Netstat output

Solution 1:

  • What do the 140 blank IPs represent?
  • What are 20 0.0.0.0 connections?

You passed the -a option which includes processes that are listening, and Unix Domain Sockets. Try running netstat -anp without any of the filtering/formatting stuff and you will see the full output. The 0.0.0.0 almost certainly represent listening processes. The blanks are almost certainly domain sockets.

Why does my slave DB (MySQL) need 80 connections? Can this number be reduced?

Because there are 80 things connecting too it? Look at the full netstat output, and you will be able to learn a lot more. Without any more details nobody here can make any useful guesses. The number may be able to be reduced, again we would need more details.

Solution 2:

0.0.0.0:993 (at local address column) is usually shown in the LISTENING state, indicating your device's dovecot (IMAP/POP3 mail server) is waiting from incoming connection on the port 993 of all IPv4 addresses. Since it is now not connected (to remote application, see below) so the IPv4 is still unknown or empty. Correspondingly, 0.0.0.0:* indicating the remote(foreign) application is also not connected to your device so remote end's IPv4 address is unknown or empty, port is also unknown.

In short, 0.0.0.0 means nothing is connected in IPv4

Once connected (ESTABLISHED state) it becomes an active connection, you should see some IP addresses on both local and foreign column. Make sense? Depending on the kind of connection, the local IP address can be local LAN address like 192.168.0.33, loopback address like 127.0.01, or Internet IP 129.128.30.130 address, while the foreign address will have corresponding type of IP addresses.

For IPv6 LISTENING state, same explanation applies, the local address will become :::443 (if you are running https), foreign address is :::*. First two :: is empty address, the 3rd : is colon mark.

These applies to both TCP and UDP connections. I assume you know the difference between TCP and UDP connections.