LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/nag2/x-087-2-iface.netstat.html

663 lines
12 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>The netstat Command</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
REL="HOME"
TITLE="Linux Network Administrators Guide"
HREF="index.html"><LINK
REL="UP"
TITLE="Configuring TCP/IP Networking"
HREF="x-087-2-iface.html"><LINK
REL="PREVIOUS"
TITLE="All About ifconfig"
HREF="x-087-2-iface.ifconfig.html"><LINK
REL="NEXT"
TITLE="Checking the ARP Tables"
HREF="x-087-2-iface.verify.arp.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux Network Administrators Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x-087-2-iface.ifconfig.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 5. Configuring TCP/IP Networking</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x-087-2-iface.verify.arp.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="X-087-2-IFACE.NETSTAT"
>5.9. The netstat Command</A
></H1
><P
><B
CLASS="COMMAND"
>netstat</B
> is a useful tool for checking your network
configuration and activity. It is in fact a collection of several
tools lumped together. We discuss each of its functions in the
following sections.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="X-087-2-IFACE.NETSTAT.-R"
>5.9.1. Displaying the Routing Table</A
></H2
><P
>When you invoke <B
CLASS="COMMAND"
>netstat</B
> with the
<TT
CLASS="OPTION"
>&#8211;r</TT
> flag, it displays the kernel routing table
in the way we've been doing with <B
CLASS="COMMAND"
>route</B
>. On
<SPAN
CLASS="SYSTEMITEM"
>vstout</SPAN
>, it produces:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
># <TT
CLASS="USERINPUT"
><B
>netstat -nr</B
></TT
>
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
127.0.0.1 * 255.255.255.255 UH 0 0 0 lo
172.16.1.0 * 255.255.255.0 U 0 0 0 eth0
172.16.2.0 172.16.1.1 255.255.255.0 UG 0 0 0 eth0</PRE
></TD
></TR
></TABLE
></P
><P
>The <TT
CLASS="OPTION"
>&#8211;n</TT
> option makes <B
CLASS="COMMAND"
>netstat</B
>
print addresses as dotted quad IP numbers rather than the symbolic
host and network names. This option is especially useful when you want
to avoid address lookups over the network (e.g., to a DNS or NIS
server).</P
><P
>The second column of <B
CLASS="COMMAND"
>netstat</B
>&#8201;'s output shows
the gateway to which the routing entry points. If no gateway is used,
an asterisk is printed instead. The third column shows the
&#8220;generality&#8221; of the route, i.e., the network mask for this
route. When given an IP address to find a suitable route for, the
kernel steps through each of the routing table entries, taking the
bitwise AND of the address and the genmask before comparing it to the
target of the route.</P
><P
>The fourth column displays the following flags that describe the route:
<P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="LITERAL"
>G</TT
></DT
><DD
><P
>The route uses a gateway.</P
></DD
><DT
><TT
CLASS="LITERAL"
>U</TT
></DT
><DD
><P
>The interface to be used is up.</P
></DD
><DT
><TT
CLASS="LITERAL"
>H</TT
></DT
><DD
><P
>Only a single host can be reached through the route. For example, this is the
case for the loopback entry <SPAN
CLASS="SYSTEMITEM"
>127.0.0.1</SPAN
>.</P
></DD
><DT
><TT
CLASS="LITERAL"
>D</TT
></DT
><DD
><P
> This
route is dynamically created. It is set if the table entry has been
generated by a routing daemon like <B
CLASS="COMMAND"
>gated</B
> or by an
ICMP redirect message (see the section <A
HREF="x-087-2-issues.icmp.html"
>Section 2.5</A
>&#8221; in Chapter 2).</P
></DD
><DT
><TT
CLASS="LITERAL"
>M</TT
></DT
><DD
><P
> This
route is set if the table entry was modified by an ICMP redirect
message.</P
></DD
><DT
><TT
CLASS="LITERAL"
>!</TT
></DT
><DD
><P
>The route is a reject route and datagrams will be dropped.</P
></DD
></DL
></DIV
></P
><P
>&#13;
The next three columns show the MSS, Window and irtt that will be
applied to TCP connections established via this route. The MSS is the
Maximum Segment Size and is the size of the largest datagram the
kernel will construct for transmission via this route. The Window is
the maximum amount of data the system will accept in a single burst
from a remote host. The acronym <TT
CLASS="LITERAL"
>irtt</TT
> stands for
&#8220;initial round trip time.&#8221; The TCP protocol ensures that
data is reliably delivered between hosts by retransmitting a datagram
if it has been lost. The TCP protocol keeps a running count of how
long it takes for a datagram to be delivered to the remote end, and an
acknowledgement to be received so that it knows how long to wait
before assuming a datagram needs to retransmitted; this process is
called the round-trip time. The initial round-trip time is the value
that the TCP protocol will use when a connection is first
established. For most network types, the default value is okay, but
for some slow networks, notably certain types of amateur packet radio
networks, the time is too short and causes unnecessary
retransmission. The <TT
CLASS="LITERAL"
>irtt</TT
> value can be set using the
<B
CLASS="COMMAND"
>route</B
> command. Values of zero in these fields mean
that the default is being used.</P
><P
>Finally, the last field displays the network interface that this route
will use.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="X-087-2-IFACE.NETSTAT.-I"
>5.9.2. Displaying Interface Statistics</A
></H2
><P
>When invoked with the <TT
CLASS="OPTION"
>&#8211;i</TT
> flag,
<B
CLASS="COMMAND"
>netstat</B
> displays statistics for the network
interfaces currently configured. If the <TT
CLASS="OPTION"
>&#8211;a</TT
>
option is also given, it prints <I
CLASS="EMPHASIS"
>all</I
> interfaces
present in the kernel, not only those that have been configured
currently. On <SPAN
CLASS="SYSTEMITEM"
>vstout</SPAN
>, the
output from <B
CLASS="COMMAND"
>netstat</B
> will look like this:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
># <TT
CLASS="USERINPUT"
><B
>netstat -i</B
></TT
>
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flags
lo 0 0 3185 0 0 0 3185 0 0 0 BLRU
eth0 1500 0 972633 17 20 120 628711 217 0 0 BRU</PRE
></TD
></TR
></TABLE
></P
><P
>The <TT
CLASS="LITERAL"
>MTU</TT
> and <TT
CLASS="LITERAL"
>Met</TT
> fields show the
current MTU and metric values for that interface. The
<TT
CLASS="LITERAL"
>RX</TT
> and <TT
CLASS="LITERAL"
>TX</TT
> columns show how many
packets have been received or transmitted error-free
(<TT
CLASS="LITERAL"
>RX-OK</TT
>/<TT
CLASS="LITERAL"
>TX-OK</TT
>) or damaged
(<TT
CLASS="LITERAL"
>RX-ERR</TT
>/<TT
CLASS="LITERAL"
>TX-ERR</TT
>); how many were
dropped (<TT
CLASS="LITERAL"
>RX-DRP</TT
>/<TT
CLASS="LITERAL"
>TX-DRP</TT
>); and how
many were lost because of an overrun
(<TT
CLASS="LITERAL"
>RX-OVR</TT
>/<TT
CLASS="LITERAL"
>TX-OVR</TT
>).</P
><P
>The last column shows the flags that have been set for this interface.
These characters are one-character versions of the long flag names
that are printed when you display the interface configuration with
<B
CLASS="COMMAND"
>ifconfig</B
>:
<P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="LITERAL"
>B</TT
></DT
><DD
><P
>A broadcast address has been set.</P
></DD
><DT
><TT
CLASS="LITERAL"
>L</TT
></DT
><DD
><P
>This interface is a loopback device.</P
></DD
><DT
><TT
CLASS="LITERAL"
>M</TT
></DT
><DD
><P
>All packets are received (promiscuous mode).</P
></DD
><DT
><TT
CLASS="LITERAL"
>O</TT
></DT
><DD
><P
>ARP is turned off for this interface.</P
></DD
><DT
><TT
CLASS="LITERAL"
>P</TT
></DT
><DD
><P
>This is a point-to-point connection.</P
></DD
><DT
><TT
CLASS="LITERAL"
>R</TT
></DT
><DD
><P
>Interface is running.</P
></DD
><DT
><TT
CLASS="LITERAL"
>U</TT
></DT
><DD
><P
>Interface is up.</P
></DD
></DL
></DIV
></P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="X-087-2-IFACE.NETSTAT.-T-U-X"
>5.9.3. Displaying Connections</A
></H2
><P
><B
CLASS="COMMAND"
>netstat</B
> supports a set of options to display active
or passive sockets. The options <TT
CLASS="OPTION"
>&#8211;t</TT
>,
<TT
CLASS="OPTION"
>&#8211;u</TT
>, <TT
CLASS="OPTION"
>&#8211;w</TT
>, and
<TT
CLASS="OPTION"
>&#8211;x</TT
> show active TCP, UDP, RAW, or Unix socket
connections. If you provide the <TT
CLASS="OPTION"
>&#8211;a</TT
> flag in
addition, sockets that are waiting for a connection (i.e., listening)
are displayed as well. This display will give you a list of all
servers that are currently running on your system.</P
><P
>Invoking <B
CLASS="COMMAND"
>netstat -ta</B
> on
<SPAN
CLASS="SYSTEMITEM"
>vlager</SPAN
> produces this output:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
>$ <TT
CLASS="USERINPUT"
><B
>netstat -ta</B
></TT
>
Active Internet Connections
Proto Recv-Q Send-Q Local Address Foreign Address (State)
tcp 0 0 *:domain *:* LISTEN
tcp 0 0 *:time *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 vlager:smtp vstout:1040 ESTABLISHED
tcp 0 0 *:telnet *:* LISTEN
tcp 0 0 localhost:1046 vbardolino:telnet ESTABLISHED
tcp 0 0 *:chargen *:* LISTEN
tcp 0 0 *:daytime *:* LISTEN
tcp 0 0 *:discard *:* LISTEN
tcp 0 0 *:echo *:* LISTEN
tcp 0 0 *:shell *:* LISTEN
tcp 0 0 *:login *:* LISTEN </PRE
></TD
></TR
></TABLE
></P
><P
>This output shows most servers simply waiting for an incoming
connection. However, the fourth line shows an incoming SMTP connection
from <SPAN
CLASS="SYSTEMITEM"
>vstout</SPAN
>, and the sixth
line tells you there is an outgoing <B
CLASS="COMMAND"
>telnet</B
>
connection to <SPAN
CLASS="SYSTEMITEM"
>vbardolino</SPAN
>.<A
NAME="X-087-2-FNTC13"
HREF="#FTN.X-087-2-FNTC13"
>[1]</A
>&#13;</P
><P
>Using the <TT
CLASS="OPTION"
>&#8211;a</TT
> flag by itself will display all
sockets from all families.</P
><P
></P
></DIV
></DIV
><H3
CLASS="FOOTNOTES"
>Notes</H3
><TABLE
BORDER="0"
CLASS="FOOTNOTES"
WIDTH="100%"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.X-087-2-FNTC13"
HREF="x-087-2-iface.netstat.html#X-087-2-FNTC13"
>[1]</A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
> You can tell whether a connection is
outgoing from the port numbers. The port number shown for the
<I
CLASS="EMPHASIS"
>calling</I
> host will always be a simple integer. On
the host being called, a well-known service port will be in use for
which <B
CLASS="COMMAND"
>netstat</B
> uses the symbolic name such as
<TT
CLASS="LITERAL"
>smtp</TT
>, found in <TT
CLASS="FILENAME"
>/etc/services</TT
>.</P
></TD
></TR
></TABLE
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x-087-2-iface.ifconfig.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x-087-2-iface.verify.arp.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>All About ifconfig</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="x-087-2-iface.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Checking the ARP Tables</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink