C.3 Using netstat to View the Network State

Previous page
Table of content
Next page
   

C.3 Using netstat to View the Network State

netstat is an extensive tool for viewing the network state. For example, you can use netstat to display the routing table and the state of the socket currently created.

Displaying routing tables

If you start it with the -r option, netstat outputs the routing tables of the kernel. This corresponds broadly to the result of the route command. The option -n is used to output the IP addresses of computers instead of their DNS names.

root@tux # netstat -nr Kernel routing table   Destination      Gateway        Genmask        Flags MSS Window Use Iface   129.13.42.0      0.0.0.0        255.255.255.0  U     0   0      478 eth0   127.0.0.0        0.0.0.0        255.0.0.0      U     0   0      50  lo   0.0.0.0          129.13.42.233  0.0.0.0        UG    0   0      238 eth0

The first column of this output shows the route destination. The column Flags shows the type of destination (i.e., Gateway (G) or Host (H)), to better explicate the entry in the first column.

If the destination is a gateway (router), the second column shows the IP address of that router (or, more exactly, the IP address of the adapter where the packet arrives in that router). If the route does not lead across a gateway, then the second column shows the value 0.0.0.0.

The third column shows the reach of a route. In routes with a (sub)network as the destination, the entry in the third column corresponds to the network mask; the value 255.255.255.255 is output for routes to computers (H). The default route has the mask 0.0.0.0.

All entries in the routing table are sorted so that the more special routes (long network masks) are listed before the more general routes (short network masks). When searching for a matching route, the kernel takes the bit-by-bit AND of the destination address and the network mask and compares the result with the route's destination.

The fourth column shows various flags that provide more information about a route. As has been mentioned, these flags specify the type of destination (gateway or host), among other things:

  • G: The next hop is a router (gateway). This means that the packet is sent with the router's MAC address.

  • U shows that the network device is enabled (UP).

  • H: The next hop is an end system, addressed directly by its MAC address in the MAC layer.

  • D: This entry was created dynamically, either by an ICMP redirect packet or by a routing protocol.

  • M: The route was modified by an ICMP redirect.

The last column shows the output interface for a route.

Viewing Interface Statistics

We can start netstat with -i to output current statistics about active network devices. This option can be used together with the option -a to show inactive network devices in addition to active network devices. The output from netstat -i looks like an output of the ifconfig command and uses the same parameters.

Active Connections and Sockets

netstat supports a number of options we can use to list active and passive sockets. The arguments -t, -u,-w, and -x show active TCP, UDP, RAW, and UNIX sockets. We can additionally use the option -a to list all sockets currently waiting for an incoming connection. This shows all open server sockets.

root@tux # netstat -ta Active Internet connections (including servers) Proto Recv-Q Send-Q  Local Address          Foreign Address    (state) tcp        0      0  localhost.4261         localhost.sunrpc   TIME_WAIT tcp        0      0  sioux.1023             cocopah.1017       ESTABLISHED tcp        0    280  sioux.22               tpc17.telemat.873  ESTABLISHED tcp        0      0  localhost.4254         localhost.2301     TIME_WAIT tcp        0      0  localhost.4255         localhost.2301     TIME_WAIT tcp        0    217  tmnis.domain           tmins.4263         ESTABLISHED tcp        0      0  sioux.4257             tlps17.print-sr    SYN_SENT tcp        0      0  sioux.4259             tlps17.print-sr    SYN_SENT tcp        0      0  *.printer              *.*                LISTEN tcp        0      0  *.dnacml               *.*                LISTEN tcp        0      0  *.1027                 *.*                LISTEN udp        0      0  sioux.domain           *.* udp        0      0  *.908                  *.* udp        0      0  *.987                  *.* udp        0      0  *.1017                 *.*

This example of a netstat -ta output shows that most sockets either are in the LISTEN state (waiting for incoming connections) or already have an existing TCP connection (ESTABLISHED). Previously closed connections remain in the TIME_WAIT state for a little while before the sockets are deleted and so can be reused. (See Chapter 24.)

The first two columns of the output show the current number of packets in the input queue (Recv-Queue) and the output queue (Send-Queue). The fourth and fifth columns show the socket addresses (IP address / DNS name, and port) of the two communication peers. An asterisk next to connections that don't yet exist means that there is no communication peer yet, so that no address can be specified. *:ssh means that the computer waits for connections incoming at port ssh. The allocation of port addresses to protocols is defined in /etc/services.

       

    Previous page
    Table of content
    Next page
    Linux Network Architecture
    Linux Network Architecture
    ISBN: 131777203
    EAN: N/A
    Year: 2004
    Pages: 187
    BUY ON AMAZON
    High-Speed Signal Propagation[c] Advanced Black Magic
    The CISSP and CAP Prep Guide: Platinum Edition
    Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
    Cisco IP Communications Express: CallManager Express with Cisco Unity Express
    Service-Oriented Architecture (SOA): Concepts, Technology, and Design
    Quantitative Methods in Project Management
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy