Linux monitoring tool that administrators use every day.
netstat
Netstat, like ps, is a Linux tool that administrators use every day. It displays a lot of network related information, such as socket usage, routing, interface, protocol, network statistics, and more. Some of the most commonly used options are:
-a Show all socket information
-r Show routing information
-i Show network interface statistics
-s Show network protocol statistics
=============
[root@server1 ~]# netstat -s
Ip:
15052515222 total packets received
2847931 with invalid headers
14 with invalid addresses
15024657038 forwarded
0 incoming packets discarded
22028450 incoming packets delivered
15055903966 requests sent out
2633 outgoing packets dropped
260 dropped because of missing route
10469 fragments dropped after timeout
5600773 reassemblies required
2727990 packets reassembled ok
10469 packet reassembles failed
2710586 fragments received ok
128 fragments failed
5553326 fragments created
Icmp:
870378 ICMP messages received
135 input ICMP message failed.
ICMP input histogram:
destination unreachable: 58860
timeout in transit: 435
echo requests: 429244
echo replies: 381838
timestamp request: 1
7277390 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 94887
time exceeded: 2843710
echo request: 3909548
echo replies: 429244
timestamp replies: 1
IcmpMsg:
InType0: 381838
InType3: 58860
InType8: 429244
InType11: 435
InType13: 1
OutType0: 429244
OutType3: 94887
OutType8: 3909548
OutType11: 2843710
OutType14: 1
Tcp:
398065 active connections openings
1974389 passive connection openings
89978 failed connection attempts
35025 connection resets received
1 connections established
20497724 segments received
23183445 segments send out
143263 segments retransmited
300 bad segments received.
222648 resets sent
Udp:
581111 packets received
66796 packets to unknown port received.
4 packet receive errors
642478 packets sent
TcpExt:
731 resets received for embryonic SYN_RECV sockets
10 packets pruned from receive queue because of socket buffer overrun
5 ICMP packets dropped because they were out-of-window
115541171 TCP sockets finished time wait in fast timer
7 time wait sockets recycled by time stamp
400 TCP sockets finished time wait in slow timer
466647 delayed acks sent
15682 delayed acks further delayed because of locked socket
Quick ack mode was activated 5462 times
38212 packets directly queued to recvmsg prequeue.
2088833 packets directly received from backlog
177258976 packets directly received from prequeue
1752048 packets header predicted
1400 packets header predicted and directly queued to user
5715769 acknowledgments not containing data received
6395812 predicted acknowledgments
12200 times recovered from packet loss due to SACK data
Detected reordering 2 times using FACK
Detected reordering 1 times using time stamp
1 congestion windows fully recovered
9 congestion windows partially recovered using Hoe heuristic
TCPDSACKUndo: 105
1113 congestion windows recovered after partial ack
13024 TCP data loss events
TCPLostRetransmit: 5
4843 timeouts after SACK recovery
449 timeouts in loss state
23302 fast retransmits
863 forward retransmits
11193 retransmits in slow start
58017 other TCP timeouts
1148 sack retransmits failed
9759 packets collapsed in receive queue due to low socket buffer
5498 DSACKs sent for old packets
2603 DSACKs received
2 DSACKs for out of order packets received
14333 connections reset due to unexpected data
34180 connections reset due to early user close
699 connections aborted due to timeout
35 times unabled to send RST due to no memory
IpExt:
InNoRoutes: 109
InMcastPkts: 168
OutMcastPkts: 196
InBcastPkts: 12439
====================
tcpdump
Tcpdump is a simple, robust network monitoring utility. Its basic protocol analyzing capability enables you to get a rough view of what is happening on your network. To really dig into what's going on with your network however, you'll want to use Wireshark (see below).
Netstat, like ps, is a Linux tool that administrators use every day. It displays a lot of network related information, such as socket usage, routing, interface, protocol, network statistics, and more. Some of the most commonly used options are:
-a Show all socket information
-r Show routing information
-i Show network interface statistics
-s Show network protocol statistics
=============
[root@server1 ~]# netstat -s
Ip:
15052515222 total packets received
2847931 with invalid headers
14 with invalid addresses
15024657038 forwarded
0 incoming packets discarded
22028450 incoming packets delivered
15055903966 requests sent out
2633 outgoing packets dropped
260 dropped because of missing route
10469 fragments dropped after timeout
5600773 reassemblies required
2727990 packets reassembled ok
10469 packet reassembles failed
2710586 fragments received ok
128 fragments failed
5553326 fragments created
Icmp:
870378 ICMP messages received
135 input ICMP message failed.
ICMP input histogram:
destination unreachable: 58860
timeout in transit: 435
echo requests: 429244
echo replies: 381838
timestamp request: 1
7277390 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 94887
time exceeded: 2843710
echo request: 3909548
echo replies: 429244
timestamp replies: 1
IcmpMsg:
InType0: 381838
InType3: 58860
InType8: 429244
InType11: 435
InType13: 1
OutType0: 429244
OutType3: 94887
OutType8: 3909548
OutType11: 2843710
OutType14: 1
Tcp:
398065 active connections openings
1974389 passive connection openings
89978 failed connection attempts
35025 connection resets received
1 connections established
20497724 segments received
23183445 segments send out
143263 segments retransmited
300 bad segments received.
222648 resets sent
Udp:
581111 packets received
66796 packets to unknown port received.
4 packet receive errors
642478 packets sent
TcpExt:
731 resets received for embryonic SYN_RECV sockets
10 packets pruned from receive queue because of socket buffer overrun
5 ICMP packets dropped because they were out-of-window
115541171 TCP sockets finished time wait in fast timer
7 time wait sockets recycled by time stamp
400 TCP sockets finished time wait in slow timer
466647 delayed acks sent
15682 delayed acks further delayed because of locked socket
Quick ack mode was activated 5462 times
38212 packets directly queued to recvmsg prequeue.
2088833 packets directly received from backlog
177258976 packets directly received from prequeue
1752048 packets header predicted
1400 packets header predicted and directly queued to user
5715769 acknowledgments not containing data received
6395812 predicted acknowledgments
12200 times recovered from packet loss due to SACK data
Detected reordering 2 times using FACK
Detected reordering 1 times using time stamp
1 congestion windows fully recovered
9 congestion windows partially recovered using Hoe heuristic
TCPDSACKUndo: 105
1113 congestion windows recovered after partial ack
13024 TCP data loss events
TCPLostRetransmit: 5
4843 timeouts after SACK recovery
449 timeouts in loss state
23302 fast retransmits
863 forward retransmits
11193 retransmits in slow start
58017 other TCP timeouts
1148 sack retransmits failed
9759 packets collapsed in receive queue due to low socket buffer
5498 DSACKs sent for old packets
2603 DSACKs received
2 DSACKs for out of order packets received
14333 connections reset due to unexpected data
34180 connections reset due to early user close
699 connections aborted due to timeout
35 times unabled to send RST due to no memory
IpExt:
InNoRoutes: 109
InMcastPkts: 168
OutMcastPkts: 196
InBcastPkts: 12439
====================
tcpdump
Tcpdump is a simple, robust network monitoring utility. Its basic protocol analyzing capability enables you to get a rough view of what is happening on your network. To really dig into what's going on with your network however, you'll want to use Wireshark (see below).
Comments