NETSTAT / Network Statistics

netstat displays the contents of various network-related data structures in depending on theoptions selected.
multiple options can be given at one time.
 -a – displays the state of all sockets.
 -r – shows the system routing tables
 -i – gives statistics on a per-interface basis.
 -m – displays information from the network memory buffers. On Solaris, this shows statistics for STREAMS
 -p [proto] – retrieves statistics for the specified protocol
 -s – shows per-protocol statistics. (some implementations allow -ss to remove fileds with a value of 0 (zero) from the display.)
 -D – display the status of DHCP configured interfaces.
 -n do not lookup hostnames, display only IP addresses.
 -d (with -i) displays dropped packets per interface.
 -I [interface] retrieve information about only the specified interface.
 -v be verbose
interval – number for continuous display of statictics.
 $netstat -rn
Routing Table: IPv4    Destination           Gateway               Flags  Ref   Use   Interface-------------------- -------------------- ----- ----- ------ ---------          U        1   1444      le0224.0.0.0           U        1   0            le0default              UG       1   68276127.0.0.1              UH       1   10497     lo0
This shows the output on a Solaris machine who’s IP address is with a default router at
Results and Solutions
A.) Network availability
 The command as above is mostly useful in troubleshooting network accessibility issues . When outside network is not accessible from a machine check the following
  1. if the default router ip address is correct
     2. you can ping it from your machine.
     3. If router address is incorrect it can be changed with route add command. See man route for more information.
route command examples
 $route add default
 $route add
If the router address is correct but still you can’t ping it there may be some network cable /hub/switch problem and you have to try and eliminate the faulty component .
B.) Network Response
 $ netstat -i
Name Mtu         Net/Dest Address Ipkts    Ierrs    Opkts Oerrs       Collis   Queuelo0 8232         loopback localhost        77814    0        77814    0        0        0hme0 1500        server1 server1 10658    3        48325    0        279257   0
This option is used to diagnose the network problems when the connectivity is there but it is slow in response .
Values to look at:
* Collisions (Collis)
 * Output packets (Opkts)
 * Input errors (Ierrs)
 * Input packets (Ipkts)
The above values will give information to workout
  1. Network collision rate as follows :
Network collision rate = Output collision counts / Output packets
Network-wide collision rate greater than 10 percent will indicate
* Overloaded network,
 * Poorly configured network,
 * Hardware problems.
  1. Input packet error rate as follows :
Input Packet Error Rate = Ierrs / Ipkts.
If the input error rate is high (over 0.25 percent), the host is dropping packets. Hub/switch cables etc needs to be checked for potential problems.
  1.  Network socket & TCP Connection state
Netstat gives important information about network socket and tcp state . This is very useful in  finding out the open , closed and waiting network tcp connection .
Network states returned by netstat are following
CLOSED       ----  Closed.  The socket  is  not  being used.LISTEN       ----  Listening for incoming connections.SYN_SENT     ----  Actively trying to  establish  connection.SYN_RECEIVED ---- Initial synchronization of the connection under way.ESTABLISHED  ----  Connection has been established.CLOSE_WAIT   ----  Remote shut down; waiting  for  the socket to close.FIN_WAIT_1   ----  Socket closed; shutting  down  connection.CLOSING      ----  Closed,then   remote   shutdown; awaiting acknowledgement.LAST_ACK     ----   Remote  shut  down,  then   closed ;awaiting acknowledgement.FIN_WAIT_2   ----  Socket closed; waiting for shutdown from remote.TIME_WAIT    ----  Wait after close for  remote  shutdown retransmission..
#netstat -a
Local Address       Remote Address      Swind     Send-Q    Rwind     Recv-Q    State*.*       *.*       0         0         24576     0         IDLE*.22      *.*       0         0         24576     0         LISTEN*.22      *.*       0         0         24576     0         LISTEN*.*       *.*       0         0         24576     0         IDLE*.32771   *.*       0         0         24576     0         LISTEN*.4045    *.*       0         0         24576     0         LISTEN*.25      *.*       0         0         24576     0         LISTEN*.5987    *.*       0         0         24576     0         LISTEN*.898     *.*       0         0         24576     0         LISTEN*.32772   *.*       0         0         24576     0         LISTEN*.32775   *.*       0         0         24576     0         LISTEN*.32776   *.*       0         0         24576     0         LISTEN*.*       *.*       0         0         24576     0         IDLE192. 41992     0         24616     0         ESTABLISHED192. 38912     0         24616     0         ESTABLISHED192. 18048     0         24616     0         ESTABLISHED
if you see a lots of connections in FIN_WAIT state tcp/ip parameters have to be tuned because the  connections are not being closed and they gets accumulating . After some time system may run out of  resource . TCP parameter can be tuned to define a time out so that connections can be released and used by new connection.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: