tyt07fi.htm

14天内学会TCP/IP协议(HTML)

<P>Issuing the netstat -s command provides a verbose output. A sample output is shown in the following code. The entries are self-explanatory.

<BR>

<PRE>

<FONT COLOR="#000080">tpci_sco4-67&gt; netstat -s

ip:

     183309 total packets received

     0 bad header checksums

     0 with size smaller than minimum

     0 with data size &lt; data length

     0 with header length &lt; data size

     0 with data length &lt; header length

     0 with unknown protocol

     13477 fragments received

     0 fragments dropped (dup or out of space)

     0 fragments dropped after timeout

     0 packets reassembled

     0 packets forwarded

     0 packets not forwardable

     75 no routes

     0 redirects sent

     0 system errors during input

     309 packets delivered

     309 total packets sent

     0 system errors during output

     0 packets fragmented

     0 packets not fragmentable

     0 fragments created

icmp:

     1768 calls to icmp_error

     0 errors not generated because old message was icmp

     Output histogram:

          destination unreachable: 136

     0 messages with bad code fields

     0 messages &lt; minimum length

     0 bad checksums

     0 messages with bad length

     Input histogram:

          destination unreachable: 68

     0 message responses generated

     68 messages received

     68 messages sent

     0 system errors during output

tcp:

    9019 packets sent

              6464 data packets (1137192 bytes)

          4 data packets (4218 bytes) retransmitted

          1670 ack-only packets (918 delayed)

          0 URG only packets

          0 window probe packets

          163 window update packets

          718 control packets

               24 resets

     9693 packets received

          4927 acks (for 74637 bytes)

          37 duplicate acks

          0 acks for unsent data

          5333 packets (1405271 bytes) received in-sequence

          23 completely duplicate packets (28534 bytes)

          0 packets with some dup. data (0 bytes duped)

          38 out-of-order packets (5876 bytes)

          0 packets (0 bytes) of data after window

          0 window probes

          134 window update packets

          0 packets received after close

          0 discarded for bad checksums

          0 discarded for bad header offset fields

          0 discarded because packet too short

          0 system errors encountered during processing

     224 connection requests

     130 connection accepts

     687 connections established (including accepts)

     655 connections closed (including 0 drops)

     24 embryonic connections dropped

     0 failed connect and accept requests

     0 resets received while established

     5519 segments updated rtt (of 5624 attempts)

     5 retransmit timeouts

          0 connections dropped by rexmit timeout

     0 persist timeouts

     0 keepalive timeouts

          0 keepalive probes sent

          0 connections dropped by keepalive

     0 connections lingered

          0 linger timers expired

          0 linger timers cancelled

          0 linger timers aborted by signal

udp:

     0 incomplete headers

     0 bad data length fields

     0 bad checksums

     68 bad ports

     125 input packets delivered

     0 system errors during input

     268 packets sent</FONT></PRE>

<BR>

<A ID="E68E75" NAME="E68E75"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>The </B><B><I>ping</I></B><B> Utility</B></FONT></CENTER></H3>

<BR>

<P>The ping (Packet Internet Groper) utility is used to query another system to ensure that a connection is still active. (You may recall the ruptime utility from yesterday, which also does this. However, ruptime waits five minutes before trying the remote, and you may want to know right away if the connection is active.) The ping command is available on most operating systems that implement TCP/IP.

<BR>

<P>The ping program operates by sending out an Internet Control Message Protocol (ICMP) echo request. If the destination machine's IP software receives the ICMP request, it issues an echo reply immediately. The sending machine continues to send an echo request until the ping program is terminated with a break sequence (Ctrl+C or the Delete key in UNIX). After termination, ping displays a set of statistics. A sample ping session is shown here:

<BR>

<PRE>

<FONT COLOR="#000080">$ ping merlin

PING merlin: 64 data bytes

64 bytes from 142.12.130.12: icmp_seq=0.  time=20.  ms

64 bytes from 142.12.130.12: icmp_seq=1.  time=10.  ms

64 bytes from 142.12.130.12: icmp_seq=2.  time=10.  ms

64 bytes from 142.12.130.12: icmp_seq=3.  time=20.  ms

64 bytes from 142.12.130.12: icmp_seq=4.  time=10.  ms

64 bytes from 142.12.130.12: icmp_seq=5.  time=10.  ms

64 bytes from 142.12.130.12: icmp_seq=6.  time=10.  ms

--- merling PING Statistics ---

7 packets transmitted, 7 packets received, 0% packet loss

round-trip (ms) min/avg/max = 10/12/20</FONT></PRE>

<P>An alternate method to invoke ping is to provide the number of times you want it to query the remote. Also, you could provide a packet length as a test. The following example instructs ping to use 256 data byte packets and try five times. Using ping to send large packets is one method of determining the network's behavior with large packet sizes, especially when fragmentation must occur. The ping program is also useful for monitoring response times of the network, by observing the reply time on packets sent as the network load (or the machine load) changes. This information can be very useful in optimization of TCP/IP.

<BR>

<PRE>

<FONT COLOR="#000080">$ ping merlin 256 5

PING merlin: 256 data bytes

256 bytes from 142.12.130.12: icmp_seq=0.  time=20.  ms

256 bytes from 142.12.130.12: icmp_seq=1.  time=10.  ms

256 bytes from 142.12.130.12: icmp_seq=2.  time=10.  ms

256 bytes from 142.12.130.12: icmp_seq=3.  time=20.  ms

256 bytes from 142.12.130.12: icmp_seq=4.  time=10.  ms

--- merling PING Statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip (ms) min/avg/max = 10/13/20</FONT></PRE>

<P>Some older implementations of ping simply reply with a message that the system at the other end is active. (The message is of the form X is alive.) To obtain the verbose messages shown previously, the -s option must be used.

<BR>

<P>The ping program is useful for diagnostics because it provides four important pieces of information: whether the TCP/IP software is functioning correctly; whether a local network device can be addressed (validating its address); whether a remote machine can be accessed (again validating the address and testing the routing); and verifying the software on the remote machine.

<BR>

<P>Most non-UNIX TCP/IP implementations provide ping utilities as part of their suite. For example, Figure 7.4 shows the NetManage ChameleonNFS ping utility. The Chameleon ping sends only a single ICMP packet instead of a continuous stream, but is useful for verifying that a remote machine is responding.

<BR>

<P><B><A HREF="07tyt04.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/07tyt04.gif">Figure 7.4. ChameleonNFS uses a </B><B>ping</B><B> utility to </B><B>send a single packet.</A></B>

<BR>

<P>Windows 95 has a ping utility built into the distribution software, but it is DOS-based and doesn't use the Windows 95 GUI. Figure 7.5 shows the Windows 95 ping utility used to ping another machine on the network.

<BR>

<P><B><A HREF="07tyt05.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/07tyt05.gif">Figure 7.5. The Windows 95 </B><B>ping</B><B> utility is </B><B>DOS-based.</A></B>

<BR>

<BR>

<A ID="E68E76" NAME="E68E76"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>Tracing a Connection</B></FONT></CENTER></H3>

<BR>

<P>There is a tracing option built into TCP/IP. When simpler methods have failed, this option can be used to trace a problem. To activate the trace, a system call is sent to the end point that turns on a flag. Most TCP/IP implementations enable the tracing option to be turned on from the command line using the -d (debug) option. When tracing is turned on, all activities are echoed to a buffer or to the screen, depending on the system configuration.

<BR>

<P>The output from the TCP/IP tracing option is examined using the program trpt (trace report). A specific connection can be specified, or all behavior passing through TCP/IP can be displayed. The output from trpt is verbose and of little interest to most users.

<BR>

<BR>

<A ID="E68E77" NAME="E68E77"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>Summary</B></FONT></CENTER></H3>

<BR>

<P>This chapter has shown you the basic administration programs used with TCP/IP, as well as the configuration files that are necessary in order to use symbolic names. Although this information is not likely to be used by most users, knowing the available tools and the type of diagnostics that can be produced is useful in better understanding TCP/IP.

<BR>

<BR>

<A ID="E68E78" NAME="E68E78"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>Q&amp;A</B></FONT></CENTER></H3>

<BR>

<P><B>All the TCP/IP protocols available to you are listed in a system </B><B>configuration file. Which file is this?</B>

<BR>

<P>All TCP/IP protocols are listed in /etc/ protocols. The file lists the protocol name and the corresponding protocol number.

<BR>

<P><B>What is a loopback driver used for?</B>

<BR>

<P>The loopback driver is a virtual circuit within the host machine, avoiding all contact with the physical network itself. The most common use of a loopback driver is as a diagnostic. By sending data to the loopback driver, you can make sure the protocols are working correctly on your machine. Without this capability, it would be difficult to separate network problems and software configuration problems.

<BR>

<P><B>What does the following excerpt from a </B><B>netstat -a</B><B> command tell you?</B>

<BR>

<UL>

<UL>

<PRE>

<FONT COLOR="#000080">Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)

ip         0      0  *.*                    *.*

tcp        0   1024  tpci.login             merlin.1034            ESTABL.

tcp     8756      0  tpci.1035              treijs.1036            ESTABL.

tcp        0      0  tpci.1021              reboc.1024             TIME_WAIT

tcp        0      0  *.1028                 *.*                    LISTEN

tcp        0      0  *.6000                 *.*                    LISTEN</FONT></PRE></UL></UL>

<P>This extract shows there are two established TCP connections (to merlin.1034 and treijs.1036), one of which is sending information and the other receiving. The connection to reboc.1024 is waiting to hang up. There are two ports waiting for a connection.

<BR>

<P><B>What is the utility </B><B>ping</B><B> used for?</B>

<BR>

<P>The ping utility is used to query another system. It sends an ICMP message to the remote and waits for a reply. The ping command is very useful for testing connections.

<BR>

<P><B>What command gives you overall statistics about the network protocols </B><B>running on your system?</B>

<BR>

<P>One of the best summaries is obtained with the netstat -s command.

<BR>

<P><P ALIGN=CENTER>

<A HREF="tyt06fi.htm" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/tyt06fi.htm" TARGET="_self"><IMG SRC="blanprev.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/blanprev.gif" WIDTH = 37 HEIGHT = 37 BORDER = 0 ALT="Previous Page"></A>

<A HREF="#I0" TARGET="_self"><IMG SRC="blantop.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/blantop.gif" WIDTH = 37 HEIGHT = 37 BORDER = 0 ALT="Page Top"></A>

<A HREF="index.htm" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/index.htm" TARGET="_self"><IMG SRC="blantoc.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/blantoc.gif" WIDTH = 37 HEIGHT = 37 BORDER = 0 ALT="TOC"></A>

<A HREF="tyt08fi.htm" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/tyt08fi.htm" TARGET="_self"><IMG SRC="blannext.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/blannext.gif" WIDTH = 37 HEIGHT = 37 BORDER = 0 ALT="Next Page"></A>




</BODY></HTML>