Keep an Eye on Your Linux Systems with Netstat
Continuous Capture, "Borken" DNS, and Interface Checking
Carla Schroder
Thursday, November 4, 2004 08:33:38 AM
Because all these things change often, how do you capture the changes? Run netstat continuously with the -c flag and record the output:
$ netstat --inet -a -c > netstat.txt
Then check email,
start and stop services, surf the web, log in to a telnet BBS and play
Legend of the Red Dragon; then review your capture file to see what it
all looks like.
If netstat is taking too long, or not resolving a hostname at all, give it the -n flag to turn off DNS lookups:
$ netstat --inet -an
netstat can help diagnose NIC problems. Use the -i flag when you're troubleshooting a flakey connection, and you suspect your NIC:
$ netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 28698 0 0 0 33742 0 0 0 BMRU
lo 16436 0 14 0 0 0 14 0 0 0 LRU
You should see large
numbers in the RX-OK (received OK) and TX-OK (transmitted OK) columns,
and very low numbers in all the others. If you are seeing a lot of
RX-ERRs or TX-ERRs, suspect the NIC or the patch cable. This is what
the flags mean:
B = broadcast address
L = loopback device
M = promicuous mode
R = interface is running
U = interface is up
Resources
Linux Network Administrator's Guide, by Olaf Kirch & Terry Dawson
[Editor's Note: This article originally appeared on Enterprise Networking Planet. -BKP]
« Back: Using Netstat For Surveillance And Troubleshooting
