Network Statistics (netstat)
netstat displays the contents of various network-related data structures in depending on the options selected.
netstat <option/s>
multiple options can be given at one time.
Options
-a – displays the state of all sockets.
-r – shows the system routing tables
-i – gives statistics on a per-interface basis.
-m – displays information from the network memory buffers. On Solaris, this shows statistics
forSTREAMS
-p [proto] – retrieves statistics for the specified protocol
-s – shows per-protocol statistics. (some implementations allow -ss to remove fileds with a value of 0 (zero) from the display.)
-D – display the status of DHCP configured interfaces.
-n do not lookup hostnames, display only IP addresses.
-d (with -i) displays dropped packets per interface.
-I [interface] retrieve information about only the specified interface.
-v be verbose
$netstat -rn
Routing Table: IPv4 |
This shows the output on a Solaris machine who’s IP address is 192.168.1.11 with a default router at 192.168.1.1
Results and Solutions:
A.) Network availability
The command as above is mostly useful in troubleshooting network accessibility issues . When outside network is not accessible from a machine check the following
1. if the default router ip address is correct
2. you can ping it from your machine.
3. If router address is incorrect it can be changed with route add commnad . See man route for more info .
route command examples:
$route add default <hostname>
$route add 192.0.2.32 <gateway_name>
If the router address is correct but still you can’t ping it there may be some network cable /hub/switch problem and you have to try and eliminate the faulty component .
B.) Network Response
$ netstat -i
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
lo0 8232 loopback localhost 77814 0 77814 0 0 0
hme0 1500 server1 server1 10658566 3 4832511 0 279257 0
This option is used to diagnose the network problems when the connectivity is there but it is slow in response .
Values to look at:
* Collisions (Collis)
* Output packets (Opkts)
* Input errors (Ierrs)
* Input packets (Ipkts)
The above values will give information to workout
i. Network collision rate as follows :
Network collision rate = Output collision counts / Output packets
Network-wide collision rate greater than 10 percent will indicate
* Overloaded network,
* Poorly configured network,
* Hardware problems.
ii. Input packet error rate as follows :
Input Packet Error Rate = Ierrs / Ipkts.
If the input error rate is high (over 0.25 percent), the host is dropping packets. Hub/switch cables etc needs to be checked for potential problems.
C. Network socket & TCP Cconnection state
Netstat gives important information about network socket and tcp state . This is very useful in
finding out the open , closed and waiting network tcp connection .
Network states returned by netstat are following :
CLOSED —- Closed. The socket is not being used.
LISTEN —- Listening for incoming connections.
SYN_SENT —- Actively trying to establish connection.
SYN_RECEIVED —- Initial synchronization of the connection under way.
ESTABLISHED —- Connection has been established.
CLOSE_WAIT —- Remote shut down; waiting for the socket to close.
FIN_WAIT_1 —- Socket closed; shutting down connection.
CLOSING —- Closed, then remote shutdown; awaiting acknowledgement.
LAST_ACK —- Remote shut down, then closed ;awaiting acknowledgement.
FIN_WAIT_2 —- Socket closed; waiting for shutdown from remote.
TIME_WAIT —- Wait after close for remote shutdown retransmission.
Example: #netstat -a
|
if you see a lots of connections in FIN_WAIT state tcp/ip parameters have to be tuned because the connections are not being closed and they gets accumulating . After some time system may run out of resource . TCP parameter can be tuned to define a time out so that connections can be released and used by new connection.
Leave a Reply
You must be logged in to post a comment.