Network Debugging Utility – netstat
netstat is a useful tool for checking your network configuration and statistics.
When invoked with the –i flag, it displays statistics for the network interfaces currently configured.
Output
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRPRX-OVR TX-OK TX-ERRTX-DRPTX-OVR Flg
eth0 1500 0 245257 0 0 0 118056 0 0 0 BMRU
lo 16436 0 23632 0 0 0 23632 0 0 0 LRU
The MTU and Met fields show the current MTU and metric values for that interface. The RX and TX columns show how many packets have been received or transmitted error-free (RX-OK/TX-OK) or damaged (RX-ERR/TX-ERR); how many were dropped (RX-DRP/TX-DRP); and how many were lost because of an overrun (RX-OVR/TX-OVR).
When invoked with –a flag, netstat displays all the active internet socket connections
Output
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 prabakaran:irdmi *:* LISTEN
tcp 0 0 *:43812 *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 prabakaran:ncube-lm prabakaran:49594 ESTABLISHED
tcp 0 0 prabakaran:49594 prabakaran:ncube-lm ESTABLISHED
udp 0 0 prabakaran:filenet-cm *:*
…
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 5624 @/tmp/fam-root-
unix 2 [ ACC ] STREAM LISTENING 5039 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 4986 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 6130 /tmp/.X11-unix/X0
where
Proto
specifies the protocol used by the socket(tcp, upd or raw)
Recv-Q
Total bytes not copied by the user program connected to this socket.
Send-Q
Total bytes not acknowledged by the remote host.
Local Address
Address and port number of the local end of the socket.
Foreign Address
Address and port number of the remote end of the socket.
State
It represents Socket state and is applicable only for TCP sockets. Possible values are
ESTABLISHED
The socket has an established connection.
SYN_SENT
The socket is actively attempting to establish a connection.
SYN_RECV
A connection request has been received from the network.
FIN_WAIT1
The socket is closed, and the connection is shutting down.
FIN_WAIT2
Connection is closed, and socket is waiting for a shutdown from the remote end.
TIME_WAIT
The socket is waiting after close to handle packets still in the network.
CLOSED
The socket is not being used.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
LAST_ACK
The remote end has shut down, and socket is closed but waiting for acknowledgement.
LISTEN
The socket is listening for incoming connections.
CLOSING
Both sockets are shut down but we still don’t have all our data sent.
UNKNOWN
The state of the socket is unknown.
When invoked with –p option, it displays the process ID and executable file name for all sockets.
Output
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 prabakaran:ncube-lm prabakaran:49594 ESTABLISHED 1750/tnslsnr
…..
This option will help to know the process which owns the socket when bind() call returns “address already in use” for the port.
When invoked with –s option, it displays statistics of TCP, UDP, IP protocol such as total number of active and passive connections for TCP, failed connection attempts for TCP, established connections for TCP, total TCP segments received and sent, total UDP packets received and sent, packet receive errors for UDP, etc.
No comments yet.
Leave a Reply
Prabakaran Thirumalai
