lsg32.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<P>System V-based versions of netstat (as opposed to most Linux BSD-based versions) enable you to display protocol statistics. Statistics about the overall behavior of network protocols can be obtained with the netstat -s command. This usually provides summaries for IP (Internet Protocol), ICMP (Internet Control Message Protocol), TCP (Transmission Control Protocol), and UDP (User Datagram Protocol). The output from this command is useful for determining where an error in a received packet was located, and then leading the user to try to isolate whether that error was due to a software or network problem.



<BR>



<P>Issuing the netstat -s command provides a verbose output, as shown in the following example:



<BR>



<PRE>



<FONT COLOR="#000080">$ netstat -s



ip:



 183309 total packets received



 0 bad header checksums



 0 with size smaller than minimum



 0 with data size &lt; data length



 0 with header length &lt; data size



 0 with data length &lt; header length



 0 with unknown protocol



 13477 fragments received



 0 fragments dropped (dup or out of space)



 0 fragments dropped after timeout



 0 packets reassembled



 0 packets forwarded



 0 packets not forwardable



 75 no routes



 0 redirects sent



 0 system errors during input



 309 packets delivered



 309 total packets sent



 0 system errors during output



 0 packets fragmented



 0 packets not fragmentable



 0 fragments created



icmp:



 1768 calls to icmp_error



 0 errors not generated because old message was icmp



 Output histogram:



 destination unreachable: 136



 0 messages with bad code fields



 0 messages &lt; minimum length



 0 bad checksums



 0 messages with bad length



 Input histogram:



 destination unreachable: 68



 0 message responses generated



 68 messages received



 68 messages sent



 0 system errors during output



tcp:



 9019 packets sent



 6464 data packets (1137192 bytes)



 4 data packets (4218 bytes) retransmitted



 1670 ack-only packets (918 delayed)



 0 URG only packets



 0 window probe packets



 163 window update packets



 718 control packets



 24 resets



 9693 packets received



 4927 acks (for 74637 bytes)



 37 duplicate acks



 0 acks for unsent data



 5333 packets (1405271 bytes) received in-sequence



 23 completely duplicate packets (28534 bytes)



 0 packets with some dup. data (0 bytes duped)



 38 out-of-order packets (5876 bytes)



 0 packets (0 bytes) of data after window



 0 window probes



 134 window update packets



 0 packets received after close



 0 discarded for bad checksums



 0 discarded for bad header offset fields



 0 discarded because packet too short



 0 system errors encountered during processing



 224 connection requests



 130 connection accepts



 687 connections established (including accepts)



 655 connections closed (including 0 drops)



 24 embryonic connections dropped



 0 failed connect and accept requests



 0 resets received while established



 5519 segments updated rtt (of 5624 attempts)



 5 retransmit timeouts



 0 connections dropped by rexmit timeout



 0 persist timeouts



 0 keepalive timeouts



 0 keepalive probes sent



 0 connections dropped by keepalive



 0 connections lingered



 0 linger timers expired



 0 linger timers cancelled



 0 linger timers aborted by signal



udp:



 0 incomplete headers



 0 bad data length fields



 0 bad checksums



 68 bad ports



 125 input packets delivered



 0 system errors during input



 268 packets sent</FONT></PRE>



<P>Again, the exact layout of the output changes depending on the version of the networking code. However, you can use the basic information with all formats.



<BR>



<BR>



<A NAME="E68E182"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>The ping Command</B></FONT></CENTER></H3>



<BR>



<P><A HREF="lsg30.htm">Chapter 30</A>, &quot;Configuring TCP/IP,&quot; showed you how to use the ping command to check whether interfaces were functioning correctly. You use the ping (Packet Internet Groper) utility to query another system to ensure a connection is still active.



<BR>



<P>The ping program operates by sending out an Internet Control Message Protocol (ICMP) echo request. If the destination machine's IP software receives the ICMP request, it will issue an echo-reply back immediately. The sending machine will continue to send an echo request until the ping program is terminated with a break sequence (Ctrl-c or DEL in UNIX). After termination, ping displays a set of statistics. The following is a sample ping session:



<BR>



<PRE>



<FONT COLOR="#000080">$ ping merlin



PING merlin: 64 data bytes



64 bytes from 142.12.130.12: icmp_seq=0. time=20. ms



64 bytes from 142.12.130.12: icmp_seq=1. time=10. ms



64 bytes from 142.12.130.12: icmp_seq=2. time=10. ms



64 bytes from 142.12.130.12: icmp_seq=3. time=20. ms



64 bytes from 142.12.130.12: icmp_seq=4. time=10. ms



64 bytes from 142.12.130.12: icmp_seq=5. time=10. ms



64 bytes from 142.12.130.12: icmp_seq=6. time=10. ms



--- merling PING Statistics ---



7 packets transmitted, 7 packets received, 0% packet loss



round-trip (ms) min/avg/max = 10/12/20</FONT></PRE>



<P>An alternate method to invoke ping is to provide the number of times you want it to query the remote. Also, you could provide a packet length as a test. The following command instructs ping to use 256 data byte packets and to try five times:



<BR>



<PRE>



<FONT COLOR="#000080">$ ping merlin 256 5



PING merlin: 256 data bytes



256 bytes from 142.12.130.12: icmp_seq=0. time=20. ms



256 bytes from 142.12.130.12: icmp_seq=1. time=10. ms



256 bytes from 142.12.130.12: icmp_seq=2. time=10. ms



256 bytes from 142.12.130.12: icmp_seq=3. time=20. ms



256 bytes from 142.12.130.12: icmp_seq=4. time=10. ms



--- merling PING Statistics ---



5 packets transmitted, 5 packets received, 0% packet loss



round-trip (ms) min/avg/max = 10/13/20</FONT></PRE>



<P>Using ping to send large packets is one method of determining the network's behavior with large packet sizes, especially when fragmentation must occur. The ping program is also useful for monitoring response times of the network, by observing the reply time on packets sent as the network load (or the machine load) changes. This information can be very useful in optimization of TCP/IP. Some older implementations of ping simply reply with a message that the system at the other end is active (the message is of the form &quot;X is alive&quot;). To obtain the verbose messages shown previously, you must use the -s option.



<BR>



<P>The ping program is useful for diagnostics because it tells you whether the TCP/IP software is functioning correctly, whether a local network device can be addressed (validating its address), and whether a remote machine can be accessed (again validating the address and testing the routing). It also verifies the software on the remote machine.



<BR>



<BR>



<A NAME="E68E183"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>The arp Command</B></FONT></CENTER></H3>



<BR>



<P>The arp program manages entries in the system's Address Resolution Protocol (ARP) tables. ARP provides the link between the IP address and the underlying physical address. With arp, you can create, modify, or delete entries in the ARP table. Typically, this will have to be performed whenever a machine's network address changes (either because of a change in the network hardware or because of a physical move).



<BR>



<P>To use the arp program, you need to follow one of the following formats:



<BR>



<PRE>



<FONT COLOR="#000080">arp [-v] [-t type] -a [hostname]



arp [-v] [-t type] -s hostname hwaddress



arp [-v] -d hostname [hostname ...]</FONT></PRE>



<P>When specifying a hostname you can use either a symbolic name or the IP address.



<BR>



<P>To display the entry for a host or IP address, use the first format shown above. If you do not give a hostname, all hosts are shown. For example, to check the ARP entry for the remote machine darkstar, issue the following command:



<BR>



<PRE>



<FONT COLOR="#000080">$ arp -a darkstar



IP address HW type HW address



147.12.32.1 10Mbps Ethernet 00:00:C0:5A:3F:C2</FONT></PRE>



<P>This command shows that the machine darkstar has the IP address 147.12.32.1, and is reached through a 10Mbps Ethernet connection. You can slightly alter the output by using the -t option with a specific type of interface. Valid values are ax25 (AMPR AX.25 networks), ether (10Mbps Ethernet), and pronet (IEEE 802.5 Token Ring). For example, to show all the Ethernet connections only, use the following command:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">arp -t ether -a</FONT></PRE>



<P>To add an entry to the ARP tables, use the second format of the command shown earlier, using the -s option. When adding an entry, the hwaddress refers to the hardware address of the adapter (usually six sets of hexadecimal digits separated by colons). For example, to add an entry for the remote system big_cat, you would issue the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">arp -s big_cat 00:00:c0:10:A1</FONT></PRE>



<P>where the hardware address of the network card is as shown.



<BR>



<P>Finally, the last format of the arp command shown above is used to delete entries from the ARP table. This format may be necessary when you have incorrectly added an entry to the table or the network has changed. To delete the entry for the machine x-wing, issue this command:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">arp -d x-wing</FONT></PRE>



<P>Several other options are valid with many versions of arp, but you will probably never have to use the arp command at all (let alone these more obscure options). If you need more information, the man pages include a list of all valid options and their functions.



<BR>



<BR>



<A NAME="E68E184"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>The traceroute Command</B></FONT></CENTER></H3>



<BR>



<P>Most Linux systems have a utility called traceroute available that sends a series of UDP (User Datagram Protocol) datagrams to a target machine. The datagrams are constructed slightly differently depending on their location in the stream sent to the remote machine. The first three datagrams have a field called Time to Live (TTL) set to a value of one, meaning that the first time a router encounters the message it is returned with an expiry message (the datagram has been discarded). The next three messages have the TTL field set to two, three, four, and so on so that each router the messages pass through will return an expiry message until the destination machine is successfully reached.



<BR>



<P>The traceroute output shows the round trip time of each message (which is useful for identifying bottlenecks in the network) and the efficiency of the routing algorithms (through a number of routers which may not be the best route). The following is sample output from a traceroute command:



<BR>



<PRE>



<FONT COLOR="#000080">$ traceroute black.cat.com



1 TPCI.COM (127.01.13.12) 51ms 3ms 4ms



2 BEAST.COM (143.23.1.23) 60ms 5ms 7ms



3 bills_machine.com (121.22.56.1) 121ms 12ms 12ms



4 SuperGateway.com (130.12.14.2) 75ms 13ms 10ms



5 black.cat.com (122.13.2.12) 45ms 4ms 6ms</FONT></PRE>



<P>This output shows each router the messages were received by until the destination machine was reached. The traceroute command has many options to tailor its behavior, which are all explained in the man page. The traceroute command is usually used by system or network administrators when there are delivery problems with messages or network behavior seems very slow. Because most Linux systems are on small local area networks or are stand-alone, you may never have to use traceroute.



<BR>



<BR>



<A NAME="E68E185"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>c)The rpcinfo Command</B></FONT></CENTER></H3>



<BR>



<P>For RPC (Remote Procedure Call) services, a utility called rpcinfo can determine which RPC services are currently active on the local machine or any remote system that supports RPC. The options supported by rpcinfo vary with the implementation, but all implementations allow flags to decide which type of service to check.



<BR>



<P>For example, the -p option displays the local portmapper. The following example shows the options supported by the Slackware Linux version of rpcinfo, as well as the output for the portmapper:



<BR>



<PRE>



<FONT COLOR="#000080">merlin:~# rpcinfo



Usage: rpcinfo [ -n portnum ] -u host prognum [ versnum ]



 rpcinfo [ -n portnum ] -t host prognum [ versnum ]



 rpcinfo -p [ host ]



 rpcinfo -b prognum versnum



 rpcinfo -d prognum versnum



merlin:~# rpcinfo -p



 program vers proto port



 100000 2 tcp 111 portmapper



 100000 2 udp 111 portmapper



 100005 1 udp 650 mountd



 100005 1 tcp 652 mountd



 100003 2 udp 2049 nfs



 100003 2 tcp 2049 nfs</FONT></PRE>



<P>As with the traceroute command, most system administrators will never need to use rpcinfo. If you are a network programmer or a network administrator, they may be handy utilities to know about, though.



<BR>



<BR>



<A NAME="E68E186"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Summary</B></FONT></CENTER></H3>



<BR>



<P>This chapter has shown you the basic administration programs used with TCP/IP, as well as the configuration files that are necessary to use TCP/IP properly. Knowing the tools available and the type of diagnostics that can be produced is useful to better understanding TCP/IP and especially handy when you are having a problem.



<P ALIGN=LEFT>



























</td>
</tr>
</table>
<!-- begin footer information -->


</body></html>