tyt07fi.htm

一个学习tcp/ip协议的教程

Kernel Routing Table

Destination    Gateway   Genmask   Flags  MSS  Window  Use Iface

loopback         *       255.0.0.0   U    1936  0       16  lo</FONT></PRE><P>The important columns are the destination name, which shows the name of the configured target (in this case only loopback), the mask to be used (Genmask), and the interface (Iface, in this case /dev/lo). You can force route to display the IP addresses instead of symbolic names by using the -n option:<BR><PRE>

<FONT COLOR=#000080>$ route -n

Kernel Routing Table

Destination    Gateway   Genmask   Flags  MSS  Window  Use Iface

127.0.0.1         *       255.0.0.0   U    1936  0       16  lo</FONT></PRE><P>Not all UNIX and Linux versions show this type of output from the route command.<BR><P>The use of the ifconfig and route programs can be shown in the setup of a Slackware Linux system's Ethernet connection. To make the Ethernet interface active, the ifconfig command is issued with the Ethernet device name (eth0 on a Slackware Linux system) and the local IP address. For example, the command<BR><BR><PRE>

<FONT COLOR=#000080>ifconfig eth0 147.123.20.1</FONT></PRE><P>sets up the local machine with the IP Address 147.123.20.1. The interface is the Ethernet device /dev/eth0. The interface can then be checked with the ifconfig command using the interface name:<BR><PRE>

<FONT COLOR=#000080>$ ifconfig eth0

eth0    Link encap 10Mps: Ethernet Hwaddr

    inet addr 147.123.20.1 Bcast 147.123.1.255 Mask 255.255.255.0

    UP BROADCAST RUNNING  MTU 1500 Metric 1

    RX packets:0 errors:0 dropped:0 overruns:0

    TX packets:0 errors:0 dropped:0 overruns:0</FONT></PRE><P>You may notice in the output that the broadcast address was set based on the local machine's IP address. This is used by TCP/IP to access all machines on the local area network at once. The Message Transfer Unit (MTU) size is usually set to the maximum value of 1500 (for Ethernet networks).<BR><P>Next, an entry is added to the kernel routing tables to let the kernel know about the local machine's network address. The IP address that is used with the route command is not your local machine's IP address, but that of the network as a whole without the local identifier. To set the entire local are network at once, the -net option of the route command is used. In the case of the IP addresses shown earlier, the command would be this:<BR><BR><PRE>

<FONT COLOR=#000080>route add -net 147.123.20.0</FONT></PRE><P>This adds all the machines on the network identified by the network address 147.123.20 to the kernel's list of accessible machines. An alternative method is to use the /etc/networks file. Once the route has been added to the kernel routing tables, it can be tested with the ping command.<BR><BR><A ID=E68E73 NAME=E68E73></A><H3 ALIGN=CENTER><CENTER><FONT SIZE=5 COLOR=#FF0000><B>The </B><B><I>inetd</I></B><B> Daemon</B></FONT></CENTER></H3><BR><P>The inetd program is a holdover from the early days of TCP/IP UNIX development. When a UNIX machine was started, it would activate TCP/IP and immediately accept connections at its ports, spawning a process for each. This could result in many identical processes, one for each available port.<BR><P>To control the processes better, the inetd program was developed to handle the port connections itself, offloading that task from the server. The primary difference is that inetd creates a process for each connection that is established, whereas the server creates a process for each port (which leads to many unused processes).<BR><P>On many systems, some of the test programs and status information utilities are run through inetd. Typically, services like echo, discard, and time use inetd.<BR><P>The inetd program uses a configuration file usually called /etc/inetd.cfg, /etc/inetd.conf, or /etc/inetd.cf on UNIX systems. An extract of a sample /etc/inetd.cfg file is shown in the following code:<BR><PRE>

<FONT COLOR=#000080>#      @(#)inetd.conf     5.2 Lachman System V STREAMS TCP  source

#

#     System V STREAMS TCP - Release 4.0

ftp       stream     tcp     nowait     NOLUID     /etc/ftpd       ftpd

telnet    stream     tcp     nowait     NOLUID     /etc/telnetd    telnetd

shell     stream     tcp     nowait     NOLUID     /etc/rshd       rshd

login     stream     tcp     nowait     NOLUID     /etc/rlogind    rlogind

exec      stream     tcp     nowait     NOLUID     /etc/rexecd     rexecd

finger    stream     tcp     nowait     nouser     /etc/fingerd    fingerd

comsat    dgram      udp     wait       root       /etc/comsat     comsat

ntalk     dgram      udp     wait       root       /etc/talkd      talkd

echo      stream     tcp     nowait     root       internal

discard   stream     tcp     nowait     root       internal

chargen   stream     tcp     nowait     root       internal

daytime   stream     tcp     nowait     root       internal

time      stream     tcp     nowait     root       internal

echo      dgram      udp     wait       root       internal

discard   dgram      udp     wait       root       internal

chargen   dgram      udp     wait       root       internal

daytime   dgram      udp     wait       root       internal

time      dgram      udp     wait       root       internal</FONT></PRE><P>The columns show the service name (which corresponds to an entry in the services file, such as /etc/services), the socket type (stream, raw, or datagram), the protocol name, whether inetd can accept further connections at the same port immediately (nowait) or must wait for the server to finish (wait), the login that owns the service, the server program name, and any optional parameters needed for the server program.<BR><P>The configuration file is read when the server is booted and every time a hang-up signal is received from an application. This enables dynamic changes to the file, because any modifications would be read and register on the next file read.<BR><BR><A ID=E68E74 NAME=E68E74></A><H3 ALIGN=CENTER><CENTER><FONT SIZE=5 COLOR=#FF0000><B>The </B><B><I>netstat</I></B><B> Command</B></FONT></CENTER></H3><BR><P>The netstat program or a similar utility provides comprehensive information about the local system and its TCP/IP implementation. This is the program most commonly used by administrators to quickly diagnose a problem with TCP/IP. The actual information and its format supplied by the netstat utility differs with the operating system implementation, but it usually supplies the following important summaries, each of which is covered in more detail later:<BR><UL><UL><P>Communications end points</UL></UL><UL><UL><P>Network interface statistics</UL></UL><UL><UL><P>Information on the data buffers</UL></UL><UL><UL><P>Routing table information</UL></UL><BLOCKQUOTE><BLOCKQUOTE><P>Protocol statistics<BR></BLOCKQUOTE></BLOCKQUOTE><P>On some systems, information about the interprocess communications and other protocol stacks might be appended. The information to be displayed can usually be toggled with a command-line option. The output from a typical UNIX installation that uses the netstat command is shown in the next few sections, which discuss netstat and its output in more detail. The output and meaning might be different with other operating systems, but the general purpose of the diagnostic tool remains the same.<BR><BR><A ID=E69E104 NAME=E69E104></A><H4 ALIGN=CENTER><CENTER><FONT SIZE=4 COLOR=#FF0000><B>Communications End Points</B></FONT></CENTER></H4><BR><P>The netstat command with no options provides information on all active communications end points. To display all end points (active and passive), netstat uses the -a option.<BR><P>The output is formatted into columns showing the protocol (Proto), the amount of data in the receive and send queues (Recv-Q and Send-Q), the local and remote addresses, and the current state of the connection. A truncated sample output is shown here:<BR><PRE>

<FONT COLOR=#000080>$ netstat -a

Active Internet connections (including servers)

Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)

ip         0      0  *.*                    *.*

tcp        0   2124  tpci.login             merlin.1034            ESTABL.

tcp        0      0  tpci.1034              prudie.login           ESTABL.

tcp    11212      0  tpci.1035              treijs.1036            ESTABL.

tcp        0      0  tpci.1021              reboc.1024             TIME_WAIT

tcp        0      0  *.1028                 *.*                    LISTEN

tcp        0      0  *.*                    *.*                    CLOSED

tcp        0      0  *.6000                 *.*                    LISTEN

tcp        0      0  *.listen               *.*                    LISTEN

tcp        0      0  *.1024                 *.*                    LISTEN

tcp        0      0  *.sunrpc               *.*                    LISTEN

tcp        0      0  *.smtp                 *.*                    LISTEN

tcp        0      0  *.time                 *.*                    LISTEN

tcp        0      0  *.echo                 *.*                    LISTEN

tcp        0      0  *.finger               *.*                    LISTEN

tcp        0      0  *.exec                 *.*                    LISTEN

tcp        0      0  *.telnet               *.*                    LISTEN

tcp        0      0  *.ftp                  *.*                    LISTEN

tcp        0      0  *.*                    *.*                    CLOSED

udp        0      0  *.60000                *.*

udp        0      0  *.177                  *.*

udp        0      0  *.1039                 *.*

udp        0      0  *.1038                 *.*

udp        0      0  localhost.1036         localhost.syslog

udp        0      0  *.1034                 *.*

udp        0      0  *.*                    *.*

udp        0      0  *.1027                 *.*

udp        0      0  *.1026                 *.*

udp        0      0  *.sunrpc               *.*

udp        0      0  *.1025                 *.*

udp        0      0  *.time                 *.*

udp        0      0  *.daytime              *.*

udp        0      0  *.chargen              *.*

udp        0      0  *.route                *.*

udp        0      0  *.*                    *.*</FONT></PRE><BLOCKQUOTE><BLOCKQUOTE><HR ALIGN=CENTER><BR><NOTE><IMG SRC=note.gif WIDTH = 75 HEIGHT = 46>The output shown for the netstat commands in this section is from an SCO UNIX system. Each implementation of netstat is slightly different, so the output columns might change, and different options might be needed to obtain each type of report. Check with your system documentation for more details about your netstat implementation.</NOTE><BR><HR ALIGN=CENTER></BLOCKQUOTE></BLOCKQUOTE><P>In the preceding example, there are three active TCP connections, as identified by the state ESTABL. One has data being sent (as shown in the Send-Q column), and another has incoming data in the queue. The network names and port numbers of the connection ends are shown whenever possible. An asterisk (*) means there is no end point associated with that address yet.<BR><P>One connection is waiting to be hung up, identified by TIME_WAIT in the state column. After 30 seconds, these sessions are terminated and the connection freed. Any row with LISTEN as the state has no connection at the moment, and is waiting. There is no state column for UDP sessions because they do not have an end-to-end connection (as discussed on Day 5, &quot;Gateway and Routing Protocols&quot;). A CLOSED entry in the output shows that the connection is closed but hasn&#146;t switched over to LISTEN yet.<BR><BR><A ID=E69E105 NAME=E69E105></A><H4 ALIGN=CENTER><CENTER><FONT SIZE=4 COLOR=#FF0000><B>Network Interface Statistics</B></FONT></CENTER></H4><BR><P>The behavior of the network interface (such as the network interface card) can be determined with the -i option to the netstat command. This information quickly shows an administrator whether there are major problems with the network connection.<BR><P>The netstat -i command displays the name of the interface, the maximum number of characters a packet can contain (Mtu), the network and host addresses or names, the number of input packets (Ipkts), input errors (Ierrs), output packets (Opkts), output errors (Oerrs), and number of collisions (Collis) experienced in the current sampling session. The collisions column has relevance only for a networking system that enables packet collisions, such as Ethernet. A sample output from a netstat -i command is shown here:<BR><PRE>

<FONT COLOR=#000080>$ netstat -i

Name   Mtu   Network     Address       Ipkts   Ierrs Opkts   Oerrs Collis

ec0    1500  tpci        merlin         34     0     125     0     0

lan0   1497  47.80       tpci_hpws4  11625     0   11625     0     0

lo0    8232  loopback    localhost     206     0     206     0     0</FONT></PRE><P>An administrator can obtain more specific information about one interface by using the -I option with a device name and a time interval, specified in seconds, such as netstat -I ec0 30 to obtain specific information about the behavior of the ec0 (Ethernet) interface over the last 30 seconds.<BR><BR><A ID=E69E106 NAME=E69E106></A><H4 ALIGN=CENTER><CENTER><FONT SIZE=4 COLOR=#FF0000><B>Data Buffers</B></FONT></CENTER></H4><BR><P>Information about the data buffers can be obtained with the netstat command's -m option. Monitoring the behavior of the buffers is important, because they directly impact the performance of TCP/IP. The output of the netstat -m command differs depending on the version of UNIX in use, reflecting the different implementations of the TCP/IP code.<BR><P>The netstat -m command output from a System V-based UNIX version is shown in the following code example. Entries are provided for the streamhead, queue, message descriptor table (mblks), data descriptor table (dblks), and the different classes of data descriptor tables. The columns show the number of blocks configured (config) and currently allocated (alloc), the number of columns free (free), the total number of blocks in use (total), the maximum number of blocks that were in use at one time (max), and the number of times a block was not available (fail).<BR><PRE>