|
Computer networking is a major computer discipline by itself as it has become ubiquitous. The government, private companies, and the mass media heavily rely on the Internet to function. The World Wide Web, e-mail, instant messaging, and so on have made the world much smaller, putting dispersed countries much closer than ever before. Search engines are very popular in getting information to your fingertips in a fraction of a second. eBusiness has taken business to the next level, where people, without leaving the place of their comfort, can shop, bank, trade stocks, play games with remote partners, collaborate on work, and so on. All these are made possible through advances in computer networking such as high-speed and high-bandwidth networks. Moreover, these advances facilitate new computer infrastructures such as cluster networks, storage networks, and multitiered setups. Tanenbaum has very good coverage of major topics in this field, such as the TCP/IP protocol suite, circuit and packet switching, wireless communications, security, and voice and data transmission. Linux not only offers many of the powerful network capabilities that other major operating systems provide, but it also surpasses them through additional features such as masquerading. The Linux kernel supports several networking protocols such as TCP/IP, IPX (Internetwork Packet Exchange), and AppleTalk DDP, and it supports features such as packet forwarding, firewall operations, proxy, masquerading, tunneling, and aliasing. Many network monitoring tools available in Linux help you evaluate the performance of any Linux network. Some of these tools can also be used to troubleshoot network problems along with monitoring performance. The Linux kernel makes a large amount of networking system information available to the user, helping you monitor the health of the network and detect problems in configuration, runtime, and performance. This section explores only some of the tools that are readily available in most major Linux distributions. In this section, we look at the network tools netstat, nfsstat, tcpdump, ethtool, snmp, ifport, ifconfig, route, arp, ping, TRaceroute, host, and nslookup. System and network administrators use some of these tools every day. Tools such as ping, route, arp, TRaceroute, ethtool, and tcpdump are used to determine network problems. These tools can be described as follows:
Network StatisticsThe netstat utility, available in the net-tools package, displays a large amount of information related to the networking subsystem. netstat is one of the most frequently used tools for monitoring network connections on a Linux server. netstat displays a list of active sockets for each network protocol, such as TCP and UDP. It also provides information about network routes and cumulative statistics for network interfaces, including the number of incoming and outgoing packets and the number of packet collisions. The netstat output that follows shows a number of network protocol statistics and routing information, such as Internet protocol (IP), transport control protocol (TCP), and user datagram protocol (UDP). From the statistics, you can tell whether the number of packets received is higher or lower than expected. This tool can easily be used to investigate performance degradation between kernels. Without any arguments, netstat displays a list of the existing network sockets and their connection information. All protocol families are displayed, including UNIX domain sockets. The following are typical lines from sample output: $ netstat Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:32768 *:* LISTEN tcp 0 0 *:smux *:* LISTEN tcp 0 0 *:9099 *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:x11 *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 *:ftp *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:telnet *:* LISTEN tcp 0 0 nethostA:smtp *:* LISTEN tcp 0 0 nethostA:32974 nethostB:ssh ESTABLISHED tcp 0 0 nethostA:32996 nethostB:ssh ESTABLISHED tcp 0 0 nethostA:33002 64.233.161.99:http ESTABLISHED tcp 0 0 nethostA:33005 nethostB:ftp ESTABLISHED udp 0 0 *:32768 *:* udp 0 0 *:snmp *:* udp 0 0 *:sunrpc *:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 2012 /dev/gpmctl unix 2 [ ACC ] STREAM LISTENING 159792 /tmp/ksocket-nivedita/kdeinit-:0 unix 2 [ ACC ] STREAM LISTENING 2210 /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 79840 /tmp/.ICE-unix/dcop15789-1077867386 The first column indicates the protocol family of the socket, which is commonly either tcp (transport control protocol), udp (user datagram protocol), or unix (UNIX domain socket). The second and third columns indicate the amount of data, in bytes, that is currently present in receive and send socket queues. The next columns list the local and remote address and port information. The last column displays the protocol state that the socket is currently in. The IP addresses are normally translated into host names (nethostA, nethostB) unless the -n flag is provided to netstat. To display only select address families, their corresponding flags can be provided. For example, netstat --tcp or -t displays only the TCP sockets present. A full listing of the flags for the individual families is available in the netstat man page. The asterisk (*) indicates a wildcard. For the local address, this is typical of listener processes, which listen on all the local interfaces. Remote host address and port information is displayed when the socket has made a connection to a remote host and is in established state. You see ssh, http, and ftp connections in progress in the preceding display. Displaying Interface InformationThis information is identical to that displayed by the ifconfig command. It is a listing of the statistics provided by the interface. These include the MTU (maximum transmission unit) and counts of packets received and sent that were successful, erroneous in some way, dropped, or overflowed. $ netstat i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 21941 0 0 0 11998 0 0 0 BMRU lo 16436 0 795 0 0 0 795 0 0 0 LRU TCP/IP Protocol StatisticsThe Linux kernel supports the statistics counters specified in RFC 2012 as part of the Simple Network Management Protocol (SNMP) Management Information Base (MIB). It also implements a large number of counters that are Linux-specific and capture network protocol events, primarily TCP. The netstat utility displays most, but not all, of the counters present in the kernel. To see the full list of the events being counted, view the content of the /proc/net/snmp and /proc/net/netstat files. The former contains the RFC 2012 counters, and the latter contains the extended Linux-specific MIB. The following is a sample listing of SNMP counters produced by the netstat s command: netstat -s Ip: 662968 total packets received 0 forwarded 0 incoming packets discarded 659592 incoming packets delivered 162297 requests sent out Tcp: 5721 active connections openings 39 passive connection openings 0 failed connection attempts 0 connection resets received 1 connections established 136759 segments received 152791 segments send out 20660 segments retransmited 3 bad segments received. 1165 resets sent Udp: 14031 packets received 15 packets to unknown port received. 0 packet receive errors 7519 packets sent Moreover, network communication involves heavy interrupt processing. Thus, in conjunction with netstat, vmstat can be used to capture the number of interrupts, and sar can be used to determine the spread of interrupt processing. nfsstatNetwork File System (NFS) is a technique to incorporate a file system from a remote machine into the local file systemthat is, NFS uses the same read and write interface to access data remotely as the one used locally. nfsstat is a simple tool that prints NFS kernel statistics. nfsstat prints the counts of NFS API calls during a workload. In the following example, the server is running an I/O workload. Output from nfsstat shows the counts of reads and writes, which can be used for debugging purposes. The counts of reads and writes can also be used to understand performance issues. Server nfs v3: null getattr setattr lookup access readlink 0 0% 8 0% 0 0% 6 0% 43 0% 0 0% read write create mkdir symlink mknod 262242 44% 328004 55% 2 0% 0 0% 0 0% 0 0% remove rmdir rename link readdir readdirplus 3 0% 0 0% 0 0% 0 0% 0 0% 0 0% fsstat fsinfo pathconf commit 1 0% 1 0% 0 0% 2586 0% |
|