Posted inPerformance

iostat, vmstat, netstat – Performance Monitoring & Tuning in Unix & Linux

2

netstat – Network Statistics

netstat displays the contents of various network-related data structures in depending on the options selected.

netstat Syntax

multiple options can be given at one time.
Options
-a – displays the state of all sockets.
-r – shows the system routing tables
-i – gives statistics on a per-interface basis.
-m – displays information from the network memory buffers. On Solaris, this shows statistics
for STREAMS
-p [proto] – retrieves statistics for the specified protocol
-s – shows per-protocol statistics. (some implementations allow -ss to remove fileds with a value of 0 (zero) from the display.)
-D – display the status of DHCP configured interfaces.
-n do not lookup hostnames, display only IP addresses.
-d (with -i) displays dropped packets per interface.
-I [interface] retrieve information about only the specified interface.
-v be verbose

interval – number for continuous display of statictics.

netstat Example

$netstat -rn

Routing Table: IPv4
    Destination           Gateway               Flags  Ref   Use   Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.1.0         192.168.1.11          U        1   1444      le0
224.0.0.0           192.168.1.11          U        1   0            le0
default             192.168.1.1           UG       1   68276 
127.0.0.1           127.0.0.1             UH       1   10497     lo0

This shows the output on a Solaris machine who’s IP address is 192.168.1.11 with a default router at 192.168.1.1

Results and Solutions

A.) Network availability

The command as above is mostly useful in troubleshooting network accessibility issues . When outside network is not accessible from a machine check the following

  1. if the default router ip address is correct
  2. you can ping it from your machine.
  3. If router address is incorrect it can be changed with route add command. See man route for more information.

route command examples
$route add default
$route add 192.0.2.32

If the router address is correct but still you can’t ping it there may be some network cable /hub/switch problem and you have to try and eliminate the faulty component .

B.) Network Response

$ netstat -i

Name Mtu 	Net/Dest Address 	Ipkts 	Ierrs 	Opkts Oerrs 	Collis 	Queue
lo0 8232 	loopback localhost 	77814 	0 	77814 	0 	0 	0
hme0 1500 	server1 server1 	10658 	3 	48325 	0 	279257 	0

This option is used to diagnose the network problems when the connectivity is there but it is slow in response .

Values to look at:

  • Collisions (Collis)
  • Output packets (Opkts)
  • Input errors (Ierrs)
  • Input packets (Ipkts)

The above values will give information to workout
i. Network collision rate as follows :
Network collision rate = Output collision counts / Output packets
Network-wide collision rate greater than 10 percent will indicate

  • Overloaded network,
  • Poorly configured network,
  • Hardware problems.

ii. Input packet error rate as follows :
Input Packet Error Rate = Ierrs / Ipkts.
If the input error rate is high (over 0.25 percent), the host is dropping packets. Hub/switch cables etc needs to be checked for potential problems.

C. Network socket & TCP Connection state

Netstat gives important information about network socket and tcp state . This is very useful in
finding out the open , closed and waiting network tcp connection .
Network states returned by netstat are following

CLOSED       ----  Closed.  The socket  is  not  being used.
LISTEN       ----  Listening for incoming connections.
SYN_SENT     ----  Actively trying to  establish  connection.
SYN_RECEIVED ---- Initial synchronization of the connection under way.
ESTABLISHED  ----  Connection has been established.
CLOSE_WAIT   ----  Remote shut down; waiting  for  the socket to close.
FIN_WAIT_1   ----  Socket closed; shutting  down  connection.
CLOSING      ----  Closed,
then   remote   shutdown; awaiting acknowledgement.
LAST_ACK     ----   Remote  shut  down,  then   closed ;awaiting acknowledgement.
FIN_WAIT_2   ----  Socket closed; waiting for shutdown from remote.
TIME_WAIT    ----  Wait after close for  remote  shutdown retransmission..

Example

#netstat -a

Local Address 	Remote Address 	Swind   	Send-Q 	Rwind 	Recv-Q 	State
*.* 	*.* 	0 	0 	24576 	0 	IDLE
*.22 	*.* 	0 	0 	24576 	0 	LISTEN
*.22 	*.* 	0 	0 	24576 	0 	LISTEN
*.* 	*.* 	0 	0 	24576 	0 	IDLE
*.32771 	*.* 	0 	0 	24576 	0 	LISTEN
*.4045 	*.* 	0 	0 	24576 	0 	LISTEN
*.25 	*.* 	0 	0 	24576 	0 	LISTEN
*.5987 	*.* 	0 	0 	24576 	0 	LISTEN
*.898 	*.* 	0 	0 	24576 	0 	LISTEN
*.32772 	*.* 	0 	0 	24576 	0 	LISTEN
*.32775 	*.* 	0 	0 	24576 	0 	LISTEN
*.32776 	*.* 	0 	0 	24576 	0 	LISTEN
*.* 	*.* 	0 	0 	24576 	0 	IDLE
192.168.1.184.22 	192.168.1.186.50457 	41992 	0 	24616 	0 	ESTABLISHED
192.168.1.184.22 	192.168.1.186.56806 	38912 	0 	24616 	0 	ESTABLISHED
192.168.1.184.22 	192.168.1.183.58672 	18048 	0 	24616 	0 	ESTABLISHED

if you see a lots of connections in FIN_WAIT state tcp/ip parameters have to be tuned because the
connections are not being closed and they gets accumulating . After some time system may run out of
resource . TCP parameter can be tuned to define a time out so that connections can be released and used by new connection.

Pages 1 2 3
Tags:

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *