When you run netstat on Linux/Unix systems, you might encounter entries like:

[::]:ssh                [::]:*                  LISTEN

The [::] notation represents the IPv6 wildcard address (equivalent to 0.0.0.0 in IPv4). It indicates that the service is listening on all available IPv6 interfaces.

In IPv6:

• :: is the compressed form of 0000:0000:0000:0000:0000:0000:0000:0000
• When enclosed in brackets [::], it represents the wildcard address
• The colon after the brackets ([::]:) separates the address from the port number

Here's how to check listening ports with netstat:

netstat -tulnp | grep '\['

Sample output showing IPv6 listening sockets:

tcp6       0      0 [::]:http               [::]:*                  LISTEN      1234/nginx
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      5678/sshd

When writing network applications, you might need to handle IPv6 wildcard addresses. Here's a Python example:

import socket

# Create IPv6 TCP socket
s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)

# Bind to all IPv6 interfaces
s.bind(('::', 8080))
print("Listening on [::]:8080")

You'll typically see [::] in these cases:

• Services configured to listen on all interfaces (IPv4 and IPv6)
• When IPv6 is enabled but no specific address is bound
• In dual-stack implementations where IPv6 is preferred

If you need to verify IPv6 connectivity:

# Check IPv6 routes
ip -6 route

# Test connectivity
ping6 ::1

# Check firewall rules for IPv6
ip6tables -L

Binding to [::] means your service is accessible from:

• All network interfaces
• Both IPv4 and IPv6 (via IPv4-mapped addresses)
• Consider restricting binding to specific interfaces when possible

When examining netstat output, you'll often encounter [::] as part of socket information. This notation represents IPv6's wildcard address, equivalent to 0.0.0.0 in IPv4. It indicates the service is listening on all available IPv6 interfaces.

Consider this output line:

[::]:ssh                [::]:*                  LISTEN

Here's what each component means:

• [::]:ssh - The service is listening on port 22 (SSH) across all IPv6 interfaces
• [::]:* - Accepting connections from any remote IPv6 address
• LISTEN - Current socket state

When programming network applications, understanding these notations is crucial:

// Python example checking listening ports
import socket

def check_ipv6_listening():
    for port in [22, 80, 443]:
        sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
        result = sock.connect_ex(('::1', port))
        if result == 0:
            print(f"Port {port} is listening on IPv6")
        sock.close()

Here's how equivalent configurations appear:

The brackets around :: are necessary because the colon is also used for port separation. In configuration files, you might see variations:

# Apache configuration example
Listen [::]:80
Listen 0.0.0.0:80

When debugging, combine netstat with other tools for complete information:

$ netstat -tulnp | grep '$$::$$'
$ ss -tulnp | grep -i ssh
$ lsof -i -P -n | grep LISTEN