November 23, 2014
 
 
RSSRSS feed

Keep an Eye on Your Linux Systems with Netstat - page 3

Using Netstat For Surveillance And Troubleshooting

  • November 4, 2004
  • By Carla Schroder

Because all these things change often, how do you capture the changes? Run netstat continuously with the -c flag and record the output:

$ netstat --inet -a -c > netstat.txt

Then check email, start and stop services, surf the web, log in to a telnet BBS and play Legend of the Red Dragon; then review your capture file to see what it all looks like.

If netstat is taking too long, or not resolving a hostname at all, give it the -n flag to turn off DNS lookups:

$ netstat --inet -an

netstat can help diagnose NIC problems. Use the -i flag when you're troubleshooting a flakey connection, and you suspect your NIC:

$ netstat -i
Kernel Interface table
Iface   MTU  Met   RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0    1500  0    28698  0      0      0     33742  0      0      0     BMRU
lo      16436 0    14     0      0      0     14     0      0      0     LRU
You should see large numbers in the RX-OK (received OK) and TX-OK (transmitted OK) columns, and very low numbers in all the others. If you are seeing a lot of RX-ERRs or TX-ERRs, suspect the NIC or the patch cable. This is what the flags mean:
B = broadcast address
L = loopback device
M = promicuous mode
R = interface is running
U = interface is up

Resources

Linux Network Administrator's Guide, by Olaf Kirch & Terry Dawson

[Editor's Note: This article originally appeared on Enterprise Networking Planet. -BKP]

Sitemap | Contact Us