"the mapping of $DISPLAY on C to $DISPLAY on B" what does that mean?
Clearly you grep out of something on C, so you only see sockets on C which involves "port num=6010". Other connection or listening socket on C are grep out.
You didn't see any connection before because there hasn't been any X client running and connected to sshd(port number=6010), and more info after because you now run an X client, which has connected to your sshd(port num=6010).
You have to know the network topology when using SSH tunnel. SSH server on C opens a new socket which listen on port 6010 because it was asked to by the SSH client on B. The ssh tunnel is still established between SSH client on B and SSH server on C(port num=22, if sshd not specially configured), you don't see this tunnel connection since you grep it out. X clients on C connects to sshd(port number=6010), then sshd multiplex these connections using the ssh tunnel and forward these connections to the X server on B.
"Connection between $DISPLAY on C and $DISPLAY on B" doesn't really exist, the ssh tunnel is created between C:22 and address_of_the_SSH_client_on_B. And since it's a connection, it's not possible in the LISTENING state.
use netstat -ap without grep to see more information.
All the connection we mentioned in this answer means real TCP connection, from the kernel's view, not "connections" from end-users' view.
Best Answer
Once the SSH connection is established, you’ll see a listening socket on port 9000:
You won’t see a connection to
google.comuntil a connection is established to port 9000; runthen in another terminal you’ll see something like
with a peer address belonging to Google.