Network Debugging Utility – netstat

netstat is a useful tool for checking your network configuration and statistics.

When invoked with the –i flag, it displays statistics for the network interfaces currently configured.

Output

Kernel Interface table

Iface       MTU Met    RX-OK RX-ERR RX-DRPRX-OVR   TX-OK TX-ERRTX-DRPTX-OVR Flg

eth0       1500   0   245257      0            0            0               118056      0        0              0     BMRU

lo        16436   0    23632        0            0            0                23632       0       0               0       LRU

The MTU and Met fields show the current MTU and metric values for that interface. The RX and TX columns show how many packets have been received or transmitted error-free (RX-OK/TX-OK) or damaged (RX-ERR/TX-ERR); how many were dropped (RX-DRP/TX-DRP); and how many were lost because of an overrun (RX-OVR/TX-OVR).

When invoked with –a flag, netstat displays all the active internet socket connections

Output

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address               Foreign Address             State

tcp        0      0 prabakaran:irdmi            *:*                         LISTEN

tcp        0      0 *:43812                     *:*                         LISTEN

tcp        0      0 *:mysql                     *:*                         LISTEN

tcp        0      0 *:sunrpc                    *:*                         LISTEN

tcp        0      0 prabakaran:ncube-lm         prabakaran:49594            ESTABLISHED

tcp        0      0 prabakaran:49594            prabakaran:ncube-lm         ESTABLISHED

udp        0      0 prabakaran:filenet-cm       *:*

Active UNIX domain sockets (servers and established)

Proto RefCnt Flags       Type       State         I-Node Path

unix  2      [ ACC ]     STREAM     LISTENING     5624   @/tmp/fam-root-

unix  2      [ ACC ]     STREAM     LISTENING     5039   /var/run/cups/cups.sock

unix  2      [ ACC ]     STREAM     LISTENING     4986   /var/run/avahi-daemon/socket

unix  2      [ ACC ]     STREAM     LISTENING     6130   /tmp/.X11-unix/X0

where

   Proto

       specifies the protocol used by the socket(tcp, upd or raw)

   Recv-Q

       Total bytes not copied by the user program connected to this socket.

   Send-Q

       Total bytes not acknowledged by the remote host.

   Local Address

       Address and port number of the local end of the socket. 

   Foreign Address

       Address and  port  number of the remote end of the socket.

   State

       It represents Socket state and is applicable only for TCP sockets. Possible values are

       ESTABLISHED

              The socket has an established connection.

       SYN_SENT

              The socket is actively attempting to establish a connection.

       SYN_RECV

              A connection request has been received from the network.

       FIN_WAIT1

              The socket is closed, and the connection is shutting down.

       FIN_WAIT2

              Connection is closed, and socket is waiting for a shutdown from the remote end.

       TIME_WAIT

              The socket is waiting after close to handle packets still in the network.

       CLOSED

               The socket is not being used.

       CLOSE_WAIT

              The remote end has shut down, waiting for the socket to close.

       LAST_ACK

              The remote end has shut down, and socket is closed but waiting for acknowledgement.

       LISTEN

              The socket is listening for incoming connections.

       CLOSING

              Both sockets are shut down but we still don’t have all our data sent.

       UNKNOWN

              The state of the socket is unknown.

When invoked with –p option, it displays the process ID and executable file name for all sockets.

Output

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address      Foreign Address       State                  PID/Program name

tcp        0         0    prabakaran:ncube-lm  prabakaran:49594   ESTABLISHED    1750/tnslsnr

…..

This option will help to know the process which owns the socket when bind() call returns “address already in use” for the port.

When invoked with –s option, it displays statistics of TCP, UDP, IP protocol such as total number of active and passive connections for TCP, failed connection attempts for TCP, established connections for TCP, total TCP segments received and sent, total UDP packets received and sent, packet receive errors for UDP, etc.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s