Network Statistics (netstat)
netstat displays the contents of various network-related data structures in depending on the options selected.
Syntax :
netstat
multiple options can be given at one time.
Options
-a - displays the state of all sockets.
-r - shows the system routing tables
-i - gives statistics on a per-interface basis.
-m - displays information from the network memory buffers.
Example :
$netstat -rnRouting Table: IPv4 Destination Gateway Flags Ref Use Interface-------------------- -------------------- ----- ----- ------ ---------192.168.1.0 192.168.1.11 U 1 1444 le0224.0.0.0 192.168.1.11 U 1 0 le0default 192.168.1.1 UG 1 68276 127.0.0.1 127.0.0.1 UH 1 10497 lo0
This shows the output on a Solaris machine who's IP address is 192.168.1.11 with a default router at 192.168.1.1
Results and Solutions:
A.) Network availability
The command as above is mostly useful in troubleshooting network accessibility issues . When outside network is not accessible from a machine check the following
1. if the default router ip address is correct
2. you can ping it from your machine.
3. If router address is incorrect it can be changed with route add commnad . See man route for more info .
route command examples:$route add default
$route add 192.0.2.32
If the router address is correct but still you can't ping it there may be some network cable /hub/switch problem and you have to try and eliminate the faulty component .
B.) Network Response
This option is used to diagnose the network problems when the connectivity is there but it is slow in response .
Values to look at:
Collisions (Collis)
Output packets (Opkts)
Input errors (Ierrs)
Input packets (Ipkts)
The above values will give information to workout
i. Network collision rate as follows :
Network collision rate = Output collision counts / Output packets
Network-wide collision rate greater than 10 percent will indicate
Overloaded network,
Poorly configured network,
Hardware problems.
ii. Input packet error rate as follows :
Input Packet Error Rate = Ierrs / Ipkts.
netstat displays the contents of various network-related data structures in depending on the options selected.
Syntax :
netstat
multiple options can be given at one time.
Options
-a - displays the state of all sockets.
-r - shows the system routing tables
-i - gives statistics on a per-interface basis.
-m - displays information from the network memory buffers.
Example :
$netstat -rnRouting Table: IPv4 Destination Gateway Flags Ref Use Interface-------------------- -------------------- ----- ----- ------ ---------192.168.1.0 192.168.1.11 U 1 1444 le0224.0.0.0 192.168.1.11 U 1 0 le0default 192.168.1.1 UG 1 68276 127.0.0.1 127.0.0.1 UH 1 10497 lo0
This shows the output on a Solaris machine who's IP address is 192.168.1.11 with a default router at 192.168.1.1
Results and Solutions:
A.) Network availability
The command as above is mostly useful in troubleshooting network accessibility issues . When outside network is not accessible from a machine check the following
1. if the default router ip address is correct
2. you can ping it from your machine.
3. If router address is incorrect it can be changed with route add commnad . See man route for more info .
route command examples:$route add default
$route add 192.0.2.32
If the router address is correct but still you can't ping it there may be some network cable /hub/switch problem and you have to try and eliminate the faulty component .
B.) Network Response
This option is used to diagnose the network problems when the connectivity is there but it is slow in response .
Values to look at:
Collisions (Collis)
Output packets (Opkts)
Input errors (Ierrs)
Input packets (Ipkts)
The above values will give information to workout
i. Network collision rate as follows :
Network collision rate = Output collision counts / Output packets
Network-wide collision rate greater than 10 percent will indicate
Overloaded network,
Poorly configured network,
Hardware problems.
ii. Input packet error rate as follows :
Input Packet Error Rate = Ierrs / Ipkts.
If the input error rate is high (over 0.25 percent), the host is dropping packets. Hub/switch cables etc needs to be checked for potential problems. C. Network socket & TCP Cconnection stateNetstat gives important information about network socket and tcp state . This is very useful in finding out the open , closed and waiting network tcp connection .Network states returned by netstat are following :
CLOSED ---- Closed. The socket is not being used.
LISTEN ---- Listening for incoming connections.
SYN_SENT ---- Actively trying to establish connection.
SYN_RECEIVED ---- Initial synchronization of the connection under way.
CLOSED ---- Closed. The socket is not being used.
LISTEN ---- Listening for incoming connections.
SYN_SENT ---- Actively trying to establish connection.
SYN_RECEIVED ---- Initial synchronization of the connection under way.
ESTABLISHED ---- Connection has been established.
CLOSE_WAIT ---- Remote shut down; waiting for the socket to close.
FIN_WAIT_1 ---- Socket closed; shutting down connection.
CLOSING ---- Closed, then remote shutdown; awaiting acknowledgement.
LAST_ACK ---- Remote shut down, then closed ;awaiting acknowledgement.
FIN_WAIT_2 ---- Socket closed; waiting for shutdown from remote.
TIME_WAIT ---- Wait after close for remote shutdown retransmission.
Example:
#netstat -a
if you see a lots of connections in FIN_WAIT state tcp/ip parameters have to be tuned because the connections are not being closed and they gets accumulating . After some time system may run out of resource . TCP parameter can be tuned to define a time out so that connections can be released and used by new connection.
CLOSE_WAIT ---- Remote shut down; waiting for the socket to close.
FIN_WAIT_1 ---- Socket closed; shutting down connection.
CLOSING ---- Closed, then remote shutdown; awaiting acknowledgement.
LAST_ACK ---- Remote shut down, then closed ;awaiting acknowledgement.
FIN_WAIT_2 ---- Socket closed; waiting for shutdown from remote.
TIME_WAIT ---- Wait after close for remote shutdown retransmission.
Example:
#netstat -a
if you see a lots of connections in FIN_WAIT state tcp/ip parameters have to be tuned because the connections are not being closed and they gets accumulating . After some time system may run out of resource . TCP parameter can be tuned to define a time out so that connections can be released and used by new connection.
Great tutorial...It helps me alot..Keep it up
ReplyDelete