7.1. Terms for Network Analysis The following list of terms related to network analysis also serves as an overview of the topics in this section. Packets. Network interface packet counts can be fetched from netstat -i and roughly indicate network activity. Bytes. Measuring throughput in terms of bytes is useful because interface maximum throughput is measured in comparable terms, bits/sec. Byte statistics for interfaces are provided by Kstat, SNMP, nx.se, and nicstat. Utilization. Heavy network use can degrade application response. The nicstat tool calculates utilization by dividing current throughput by a known maximum. Saturation. Once an interface is saturated, network applications usually experience delays. Saturation can occur elsewhere on the network. Errors. netstat -i is useful for printing error counts: collisions (small numbers are normal), input errors (bad FCS), and output errors (late collisions). Link status. link_status plus link_speed and link_mode are three values to describe the state of the interface; they are provided by kstat or ndd. Tests. There is great value in test driving the network to see what speed it can really manage. Tools such as TTCP can be used. By-process. Network I/O by process can be analyzed with DTrace. Scripts such as tcptop and tcpsnoop perform this analysis. TCP. Various TCP statistics are kept for MIB-II,[1] plus additional statistics. These statistics are useful for troubleshooting and are obtained with kstat or netstat -s. [1] Management Information Base, a collection of documented statistics that SNMP uses
IP. Various IP statistics are kept for MIB-II, plus additional statistics. They are obtained with kstat or netstat -s. ICMP. Tests, such as the ping and TRaceroute commands, that make use of ICMP can inform about the network surroundings. Various ICMP statistics, obtained with kstat or netstat -s, are also kept.
Table 7.1 summarizes and cross-references the tools discussed in this section. Table 7.1. Tools for Network AnalysisTool | Uses | Description | Ref. |
|---|
netstat | Kstat | Kitchen sink of network statistics. Route table, established connections, interface packet counts, and errors | 7.7.1 | kstat | Kstat | For fetching raw kstat counters for each network interface and the TCP, IP, and ICMP modules | 7.7.2, 7.9.2, 7.10.2, 7.11.1 | nx.se | Kstat | For printing network interface and TCP throughput in terms of kilobytes | 7.7.3 | nicstat | Kstat | For printing network interface utilization | 7.7.4 | snmpnetstat | SNMP | For network interface statistics from SNMP | 7.7.5 | checkcable | Kstat,ndd | For network interface status: link speed, link mode, link up availability | 7.7.6 | ping | ICMP | To test whether remote hosts are "alive" | 7.7.7 | traceroute | UDP, ICMP | To print the path to a remote host, including delays to each hop | 7.7.8 | snoop | /dev | To capture network packets | 7.7.9 | TTCP | TCP | For applying a network traffic workload | 7.7.10 | pathchar | UDP, ICMP | For analysis of the path to a remote host, including speed between hops | 7.7.11 | ntop | libpcap | For reporting on sniffed traffic | 7.7.12 | nfsstat | Kstat | For viewing NFS client and server statistics | 7.7.13, 7.7.14 | tcptop | DTrace | For printing a by-process summary of network usages | 7.8.1 | tcpsnoop | DTrace | For tracing network packets by-process | 7.8.2 | dtrace | DTrace | For capturing TCP, IP, and ICMP statistics programmatically | 7.9.4, 7.10.4, 7.11.3 |
|
