RHEL6-13-NETSTAT
The netstat "network statistics" command in Linux is a very
useful tool when dealing with networking issues. This command displays
information related to network connections, routing tables, interface
statistics etc.
Ifconfig and netstat are not working in rhel6.
Which package is responsible for ifconfig and netstat.
How to list all connections via netstat?
How to list all connections (listening and non-listening ports) via netstat?
How to list only TCP & UDP connections via netstat?
How to list only listening ports via netstat?
How to list only listening TCP & UDP ports via netstat?
How to list statistics of all ports via netstat?
How to list statistics of tcp & udp ports via netstat?
How to list PID of programs using ports via netstat?
How to list PID of programs using ports (TCP & UDP) via netstat?
How to monitor continuous info via netstat?
How to list routing table via netstat?
How to list information related to all network interfaces via netstat?
How to list multicast group membership information via netstat?
Ifconfig and netstat are not working.
[root@rhel6-server ~]# ifconfig -a
-bash: /sbin/ifconfig: No such file or directory
[root@rhel6-server ~]# netstat -nr
-bash: /bin/netstat: No such file or directory
Now what to do…?
Which package is responsible for ifconfig and netstat.
There is RPM package “net-tools” responsible for ifconfig &
netstat.
[root@rhel6-server ~]# yum whatprovides net-tools
Loaded plugins: refresh-packagekit, security
net-tools-1.60-110.el6_2.x86_64 : Basic networking tools
Repo : localrepo
Matched from:
It’s not installed. No problem, let it install.
[root@rhel6-server ~]# yum install -y net-tools
Verify it,
[root@rhel6-server ~]# yum whatprovides net-tools
Loaded plugins: refresh-packagekit, security
net-tools-1.60-110.el6_2.x86_64 : Basic networking tools
Repo : localrepo
Matched from:
net-tools-1.60-110.el6_2.x86_64 : Basic networking tools
Repo : installed
Matched from:
Other : Provides-match:
net-tools
[root@rhel6-server ~]# ifconfig -a
eth0 Link
encap:Ethernet HWaddr 00:0C:29:80:4E:36
inet
addr:192.168.110.137
Bcast:192.168.110.255
Mask:255.255.255.0
inet6 addr:
fe80::20c:29ff:fe80:4e36/64 Scope:Link
UP BROADCAST RUNNING
MULTICAST MTU:1500 Metric:1
RX packets:2012
errors:0 dropped:0 overruns:0 frame:0
TX packets:16
errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:189740
(185.2 KiB) TX bytes:1070 (1.0 KiB)
[root@rhel6-server ~]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags
MSS Window irtt Iface
192.168.234.144 192.168.110.1
255.255.255.255 UGH 0 0 0 eth3
192.168.234.0 0.0.0.0 255.255.255.0 U
0 0 0 eth2
192.168.234.0 0.0.0.0 255.255.255.0 U
0 0 0 eth1
192.168.110.0
192.168.110.1 255.255.255.0 UG
0 0 0 eth3
192.168.110.0 0.0.0.0 255.255.255.0 U
0 0 0 eth3
192.168.110.0 0.0.0.0 255.255.255.0 U
0 0 0 eth0
192.168.111.0 0.0.0.0 255.255.255.0 U
0 0 0 eth4
169.254.0.0 0.0.0.0 255.255.0.0 U
0 0 0 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U
0 0 0 eth3
169.254.0.0 0.0.0.0 255.255.0.0 U
0 0 0 eth4
0.0.0.0 192.168.110.1 0.0.0.0 UG 0 0 0 eth0
Ok, now problem solved. Let’s move ahead.
How to list all connections via netstat?
[root@rhel6-client1 ~]# netstat |more
Active
Internet connections (w/o servers)
Proto
Recv-Q Send-Q Local Address Foreign Address State
tcp 0
0 192.168.110.137:ssh
192.168.110.1:cvspserver
ESTABLISHED
tcp 0
0 rhel6-client1:ssh
192.168.110.1:ardus-mtrns
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.:taskmaster2000 ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:ott
ESTABLISHED
Active
UNIX domain sockets (w/o servers)
Proto
RefCnt Flags Type State I-Node Path
unix 2
[ ] DGRAM 8698 @/org/kernel/udev/udevd
unix 2
[ ] DGRAM 16637 @/org/freedesktop/hal/udev_event
unix 26
[ ] DGRAM 11921 /dev/log
unix 3
[ ] STREAM CONNECTED
96141
/var/run/dbus/system_bus_socket
unix 3
[ ] STREAM CONNECTED 96140
unix 3
[ ] STREAM CONNECTED 96130
/var/run/dbus/system_bus_socket
unix 3
[ ] STREAM CONNECTED 96129
=============O/P
REMOVED================================================
How to list all connections (listening and non-listening ports) via
netstat?
[root@rhel6-client1 ~]# netstat -a |more
getnameinfo
failed
getnameinfo
failed
getnameinfo
failed
getnameinfo
failed
getnameinfo
failed
getnameinfo
failed
Active
Internet connections (servers and established)
Proto
Recv-Q Send-Q Local Address
Foreign Address State
tcp 0
0 *:60812
*:* LISTEN
tcp 0
0 *:sunrpc
*:* LISTEN
tcp 0
0 *:ftp
*:* LISTEN
tcp 0 0
*:ssh *:* LISTEN
tcp 0
0 localhost:ipp
*:* LISTEN
tcp 0
0 localhost:smtp
*:* LISTEN
tcp 0
0 rhel6-client1:ftp 192.168.110.1:groove ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:cvspserver
ESTABLISHED
tcp 0
0 rhel6-client1:ssh
192.168.110.1:ardus-mtrns
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.:taskmaster2000 ESTABLISHED
tcp 0
0 rhel6-client1:ftp
192.168.110.1:conclave-cpp
TIME_WAIT
tcp 0
0 *:sunrpc
*:* LISTEN
tcp 0
0 *:ssh
*:* LISTEN
tcp 0
0 [UNKNOWN]:ipp
*:* LISTEN
tcp 0
0 *:48456
*:* LISTEN
=============O/P
REMOVED================================================
Look at the "Foreign Address" column to see where the
connection is coming from, and "Local Address" to see what on the
local machine is it connected.
How to list only TCP & UDP connections via netstat?
-t for tcp and –u for udp
[root@rhel6-client1 ~]# netstat -tu
Active
Internet connections (w/o servers)
Proto
Recv-Q Send-Q Local Address
Foreign Address State
tcp 0
0 rhel6-client1:ftp
192.168.110.1:groove
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:cvspserver
ESTABLISHED
tcp 0
0 rhel6-client1:ssh
192.168.110.1:ardus-mtrns
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.:taskmaster2000 ESTABLISHED
all tcp & udp (listening and non-listening ports)
[root@rhel6-client1 ~]# netstat -tua
Active
Internet connections (servers and established)
Proto
Recv-Q Send-Q Local Address
Foreign Address State
tcp 0
0 *:60812
*:* LISTEN
tcp 0
0 *:sunrpc
*:* LISTEN
tcp 0
0 *:ftp *:* LISTEN
tcp 0
0 *:ssh
*:* LISTEN
tcp 0
0 localhost:ipp
*:* LISTEN
tcp 0
0 localhost:smtp *:* LISTEN
tcp 0
0 rhel6-client1:ftp
192.168.110.1:groove
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:cvspserver
ESTABLISHED
tcp 0
0 rhel6-client1:ssh
192.168.110.1:ardus-mtrns
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.:taskmaster2000 ESTABLISHED
tcp 0
0 *:sunrpc
*:* LISTEN
tcp 0
0 *:ssh *:* LISTEN
getnameinfo
failed
tcp 0
0 [UNKNOWN]:ipp
*:* LISTEN
tcp 0
0 *:48456
*:* LISTEN
udp 0
0 *:sunrpc *:*
=============O/P
REMOVED================================================
"Proto" column tell us if the socket listed is TCP or
UDP.
"Recv-Q” and “Send-Q” columns tell us how much data
is in the queue for that socket, waiting to be read (Recv-Q) or sent (Send-Q).
In short: if this is 0, everything’s ok, if there are non-zero values anywhere,
there may be trouble.
“Local Address” and “Foreign Address”
columns tell to which hosts and ports the listed sockets are connected. The
local end is always on the computer on which you’re running netstat, and the
foreign end is about the other computer (could be somewhere in the local
network or somewhere on the internet).
“State” column tells in which state the listed sockets
are. The TCP protocol defines states, including “LISTEN” (wait for some
external computer to contact us) and “ESTABLISHED” (ready for communication).
The stranger among these is the “CLOSE WAIT” state. This means that the foreign
or remote machine has already closed the connection, but that the local program
somehow hasn’t followed suit. Strange states and non-empty queues often go
together.
"PID/Program name” column tells us which pid owns
the listed socket and the name of the program running in the process with that
pid. So you can see which programs are using the network and to whom they are
connecting.
If the Foreign Address is *:* (and, with TCP sockets, the state is
LISTEN), a socket is usually waiting for some remote host to send the first
data. Typical examples: sshd (waits for somebody to open an ssh connection),
apache (waits for somebody to request a web page), cupsd (waits for somebody to
send a print job), and dhclient (waits for the DHCP server to send, for
example, a lease renewal).
When connecting to a foreign host, a program on your computer usually
doesn’t care which local port is used for the connection. That’s why the port
on the local side isn’t usually recognized and translated to a protocol like
“https” or “www”; it is actually picked from a range of unreserved ports to
avoid confusion with other protocols. Examples of such port numbers (from the
example output above): 54744, 32808, and 34354.
How to list only listening ports via netstat?
[root@rhel6-client1 ~]# netstat -l
Active
Internet connections (only servers)
Proto
Recv-Q Send-Q Local Address
Foreign Address State
tcp 0
0 *:60812
*:* LISTEN
tcp 0
0 *:sunrpc
*:* LISTEN
tcp 0
0 *:ftp
*:* LISTEN
tcp 0
0 *:ssh
*:* LISTEN
tcp 0
0 localhost:ipp *:* LISTEN
tcp 0
0 localhost:smtp
*:* LISTEN
tcp 0
0 *:sunrpc
*:* LISTEN
tcp 0
0 *:ssh *:* LISTEN
getnameinfo
failed
tcp 0
0 [UNKNOWN]:ipp
*:* LISTEN
tcp 0
0 *:48456
*:* LISTEN
udp 0
0 *:sunrpc *:*
udp 0
0 *:ipp *:*
udp 0
0 *:57976 *:*
=============O/P
REMOVED================================================
How to list only listening TCP & UDP ports via netstat?
[root@rhel6-client1 ~]# netstat -ltu
Active
Internet connections (only servers)
Proto
Recv-Q Send-Q Local Address
Foreign Address State
tcp 0
0 *:60812
*:* LISTEN
tcp 0 0
*:sunrpc *:* LISTEN
tcp 0
0 *:ftp
*:* LISTEN
tcp 0
0 *:ssh
*:* LISTEN
tcp 0
0 localhost:ipp *:* LISTEN
tcp 0
0 localhost:smtp
*:* LISTEN
tcp 0
0 *:sunrpc
*:* LISTEN
tcp 0
0 *:ssh
*:* LISTEN
getnameinfo
failed
tcp 0
0 [UNKNOWN]:ipp
*:* LISTEN
tcp 0
0 *:48456
*:* LISTEN
udp 0
0 *:sunrpc *:*
udp 0
0 *:ipp *:*
udp 0
0 *:57976 *:*
udp 0
0 rhel6-client1:ntp *:*
udp 0
0 rhel6-client1:ntp *:*
udp 0
0 rhel6-client1:ntp *:*
udp 0
0 192.168.110.137:ntp *:*
=============O/P
REMOVED================================================
How to list statistics of all ports via netstat?
[root@rhel6-client1 ~]# netstat -s
Ip:
20813 total packets received
0 forwarded
0 incoming packets discarded
9786 incoming packets delivered
6762 requests sent out
Icmp:
3 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 1
echo requests: 2
5 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 3
echo replies: 2
IcmpMsg:
InType3: 1
InType8: 2
OutType0: 2
OutType3: 3
Tcp:
10 active connections openings
19 passive connection openings
8 failed connection attempts
0 connection resets received
6 connections established
9001 segments received
6754 segments send out
0 segments retransmited
0 bad segments received.
11 resets sent
Udp:
0 packets received
1 packets to unknown port received.
0 packet receive errors
11 packets sent
UdpLite:
TcpExt:
6 TCP sockets finished time wait in fast
timer
41 delayed acks sent
9 delayed acks further delayed because of
locked socket
Quick ack mode was activated 1 times
17 packets directly queued to recvmsg
prequeue.
2 packets directly received from prequeue
813 packets header predicted
6473 acknowledgments not containing data
received
801 predicted acknowledgments
0 TCP data loss events
1 DSACKs sent for old packets
IpExt:
InBcastPkts: 3292
OutBcastPkts: 10
InOctets: 1462966
OutOctets: 4542304
InBcastOctets: 263270
OutBcastOctets: 710
How to list statistics of tcp & udp ports via netstat?
[root@rhel6-client1 ~]# netstat -stu
IcmpMsg:
InType3: 1
InType8: 2
OutType0: 2
OutType3: 3
Tcp:
10 active connections openings
19 passive connection openings
8 failed connection attempts
0 connection resets received
6 connections established
9020 segments received
6765 segments send out
0 segments retransmited
0 bad
segments received.
11 resets sent
Udp:
0 packets received
1 packets to unknown port received.
0 packet receive errors
11 packets sent
UdpLite:
TcpExt:
6 TCP sockets finished time wait in fast
timer
41 delayed acks sent
9
delayed acks further delayed because of locked socket
Quick ack mode was activated 1 times
17 packets directly queued to recvmsg
prequeue.
2 packets directly received from prequeue
817 packets header predicted
6486 acknowledgments not containing data
received
801 predicted acknowledgments
0 TCP data loss events
1 DSACKs sent for old packets
IpExt:
InBcastPkts: 3292
OutBcastPkts: 10
InOctets: 1464300
OutOctets: 4545788
InBcastOctets: 263270
OutBcastOctets: 710
How to list PID of programs using ports via netstat?
[root@rhel6-client1 ~]# netstat -p
Active
Internet connections (w/o servers)
Proto
Recv-Q Send-Q Local Address
Foreign Address
State PID/Program name
tcp 0
0 192.168.110.137:ssh
192.168.110.1:hpvmmdata
ESTABLISHED 14066/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.1:cvspserver
ESTABLISHED 13453/sshd
tcp 0
0 rhel6-client1:ssh 192.168.110.1:ardus-mtrns ESTABLISHED 18056/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.:taskmaster2000 ESTABLISHED 13477/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.1:nessus
ESTABLISHED 14765/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.1:t1distproc
ESTABLISHED 14791/sshd
Active
UNIX domain sockets (w/o servers)
Proto
RefCnt Flags Type State I-Node PID/Program name Path
unix 2
[ ] DGRAM 8698 453/udevd @/org/kernel/udev/udevd
unix 2
[ ] DGRAM 16637 6828/hald @/org/freedesktop/hal/udev_event
unix 28
[ ] DGRAM 11921 1552/rsyslogd /dev/log
unix 2
[ ] DGRAM 112451 17455/pickup
unix 2
[ ] DGRAM 103779 14791/sshd
unix 2
[ ] DGRAM 103649 14765/sshd
[root@rhel6-client1 ~]# netstat -ap | grep ssh
tcp 0
0 *:ssh
*:* LISTEN 6931/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.1:hpvmmdata
ESTABLISHED 14066/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.1:cvspserver
ESTABLISHED 13453/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.:taskmaster2000 ESTABLISHED 13477/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.1:nessus ESTABLISHED 14765/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.1:t1distproc
ESTABLISHED 14791/sshd
tcp 0
0 *:ssh
*:* LISTEN 6931/sshd
unix 2
[ ACC ] STREAM LISTENING 88815
12297/gnome-keyring /tmp/keyring-RTzHOR/socket.ssh
unix 2
[ ] DGRAM 103779 14791/sshd
unix 2
[ ] DGRAM 103649 14765/sshd
unix 2
[ ] DGRAM 101175 14066/sshd
unix 2
[ ] DGRAM 95479 13477/sshd
unix 2
[ ] DGRAM 95348 13453/sshd
How to list PID of programs using ports (TCP & UDP) via netstat?
[root@rhel6-client1 ~]# netstat -ptu
Active
Internet connections (w/o servers)
Proto
Recv-Q Send-Q Local Address
Foreign Address
State PID/Program name
tcp 0
0 192.168.110.137:ssh
192.168.110.1:hpvmmdata
ESTABLISHED 14066/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.1:cvspserver
ESTABLISHED 13453/sshd
tcp 0
0 rhel6-client1:ssh
192.168.110.1:ardus-mtrns
ESTABLISHED 18056/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.:taskmaster2000 ESTABLISHED 13477/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.1:nessus
ESTABLISHED 14765/sshd
tcp 0
0 192.168.110.137:ssh
192.168.110.1:t1distproc
ESTABLISHED 14791/sshd
If you want to turn off hostnames, or domain names, and display only
IP numbers just add the -n option.
[root@rhel6-client1 ~]# netstat -n
Active
Internet connections (w/o servers)
Proto
Recv-Q Send-Q Local Address
Foreign Address State
tcp 0
0 192.168.110.137:22
192.168.110.1:1126
ESTABLISHED
tcp 0
0 192.168.110.137:22
192.168.110.1:2401
ESTABLISHED
tcp 0
0 192.168.110.135:22
192.168.110.1:1117
ESTABLISHED
tcp 0
0 192.168.110.137:22
192.168.110.1:2402
ESTABLISHED
tcp 0
0 192.168.110.137:22
192.168.110.1:1241
ESTABLISHED
tcp 0
0 192.168.110.137:22
192.168.110.1:1274 ESTABLISHED
Active
UNIX domain sockets (w/o servers)
Proto
RefCnt Flags Type State I-Node Path
unix 2
[ ] DGRAM 8698 @/org/kernel/udev/udevd
unix 2
[ ] DGRAM 16637 @/org/freedesktop/hal/udev_event
unix 28
[ ] DGRAM 11921 /dev/log
unix 2
[ ] DGRAM 112451
[root@rhel6-client1 ~]# netstat -ant
Active
Internet connections (servers and established)
Proto
Recv-Q Send-Q Local Address
Foreign Address State
tcp 0
0 0.0.0.0:60812
0.0.0.0:* LISTEN
tcp 0
0 0.0.0.0:111
0.0.0.0:* LISTEN
tcp 0
0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0
0 0.0.0.0:22
0.0.0.0:* LISTEN
tcp 0
0 127.0.0.1:631
0.0.0.0:* LISTEN
tcp 0
0 127.0.0.1:25
0.0.0.0:* LISTEN
tcp 0
0 192.168.110.137:22
192.168.110.1:1126
ESTABLISHED
tcp 0
0 192.168.110.137:22
192.168.110.1:2401
ESTABLISHED
tcp 0
0 192.168.110.135:22
192.168.110.1:1117
ESTABLISHED
tcp 0
0 192.168.110.137:22
192.168.110.1:2402
ESTABLISHED
tcp 0
0 192.168.110.137:22
192.168.110.1:1241
ESTABLISHED
tcp 0 0
192.168.110.137:22
192.168.110.1:1274
ESTABLISHED
tcp 0
0 :::111
:::* LISTEN
tcp 0
0 :::22
:::* LISTEN
tcp 0
0 ::1:631
:::* LISTEN
tcp 0
0 :::48456
:::* LISTEN
[root@rhel6-client1 ~]# netstat -an | grep ':21'
tcp 0
0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0
0 192.168.110.137:21
192.168.110.1:2408
ESTABLISHED
How to monitor continuous info via netstat?
Here continuously means that same information would be fetched again
and again after each second and the netstat output will grow until you choose
to stop the command.
[root@rhel6-client1 ~]# netstat -c
Active
Internet connections (w/o servers)
Proto
Recv-Q Send-Q Local Address
Foreign Address State
tcp 0
0 192.168.110.137:ssh
192.168.110.1:hpvmmdata
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:cvspserver
ESTABLISHED
tcp 0
0 rhel6-client1:ssh
192.168.110.1:ardus-mtrns
ESTABLISHED
tcp 0 0
192.168.110.137:ssh
192.168.110.:taskmaster2000 ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:nessus
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:t1distproc
ESTABLISHED
Active
UNIX domain sockets (w/o servers)
Proto
RefCnt Flags Type State I-Node Path
unix 2
[ ] DGRAM 8698 @/org/kernel/udev/udevd
unix 2
[ ] DGRAM 16637 @/org/freedesktop/hal/udev_event
unix 29
[ ] DGRAM 11921 /dev/log
unix 2
[ ] DGRAM 113805
unix 2
[ ] DGRAM 112451
unix 2
[ ] DGRAM 103779
unix 2
[ ] DGRAM 103649
[root@rhel6-client1 ~]# netstat -c 10 |grep ssh
tcp 0
0 192.168.110.137:ssh
192.168.110.1:hpvmmdata
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:cvspserver
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.:taskmaster2000 ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:nessus
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:t1distproc
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:hpvmmdata
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:cvspserver ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.:taskmaster2000 ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:nessus
ESTABLISHED
tcp 0
0 192.168.110.137:ssh
192.168.110.1:t1distproc
ESTABLISHED
^C
[root@rhel6-client1 ~]# netstat -ic 5
Kernel
Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500
0 3537 0
0 0 8
0 0 0 BMRU
eth1 1500
0 3546 0
0 0 23
0 0 0 BMRU
eth2 1500
0 3350 0
0 0 18
0 0 0 BMRU
eth3 1500
0 13597 0
0 0 8563
0 0 0 BMRU
lo 16436
0 134 0
0 0 134
0 0 0 LRU
eth0 1500
0 3537 0
0 0 8
0 0 0 BMRU
eth1 1500
0 3546 0
0 0 23
0 0 0 BMRU
eth2 1500
0 3350 0
0 0 18
0 0 0 BMRU
eth3 1500
0 13598 0
0 0 8564
0 0 0 BMRU
lo 16436
0 134 0
0 0 134
0 0 0 LRU
^C
How to list routing table via netstat?
[root@rhel6-client1 ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags
MSS Window irtt Iface
192.168.234.0 * 255.255.255.0 U
0 0 0 eth2
192.168.234.0 * 255.255.255.0 U
0 0 0 eth1
192.168.110.0 * 255.255.255.0 U
0 0 0 eth3
192.168.110.0 * 255.255.255.0 U
0 0 0 eth0
default 192.168.110.1 0.0.0.0 UG 0 0 0 eth0
The “Destination” column indicates the pattern that the
destination of a packet is compared to. When a packet has to be sent over the
network, this table is examined top to bottom, and the first line with a
matching destination is then used to determine where to send the packet. The
zero in 192.168.110.0 means “match anything at this position”, so 192.168.110.145
matches, and 192.168.110.157 also matches, but 192.168.111.254 doesn’t match.
The “link-local” label stands for 169.254.0.0, which is a special range of ip
addresses to be used when there is no other way to determine which ip address
the computer should have (no DHCP or statically configured address). The “default”
label stands for 0.0.0.0 and obviously matches any destination; this last line
is kind of a catch-all for packets.
The “Gateway” column tells the computer where to
send a packet that matches the destination of the same line. An asterisk ( * )
here means “send locally”, because the destination is supposed to be on the
same network.
The “Genmask” column is somewhat advanced (it tells
how many bits from the start of the ip address are used to identify the subnet,
if that means anything to you), but, as a rule of thumb, it is 255 for any
non-zero part of the destination and 0 for parts of the destination that are 0.
The “Flags” column shows which flags apply to the
current table line. “U” means Up, indicating that this is an active line. “G”
means this line uses a Gateway.
A = Receive all multicast at this interface.
B = OK broadcast.
D = Debugging ON.
M = Promiscuous Mode.
O = No ARP at this interface.
P = P2P connection at this interface.
R = Interface is running.
U = Interface is up.
G = Not a direct entry.
The “MSS” column lists the value of the Maximum Segment Size for
this line. The MSS is a TCP parameter and is used to split packets when the
destination has indicated that it somehow can’t handle larger ones. Nowadays,
most computers have no problems with the most commonly used maximum packet
sizes, so this column usually has the value of 0, meaning “no changes”.
The “Window” column is like the MSS column in that
it gives the option of altering a TCP parameter. In this case that parameter is
the default window size, which indicates how many TCP packets can be sent
before at least one of them has to be ACKnowledged. If you don’t know what this
means, don’t worry. Like the MSS, this field is usually 0, meaning “no
changes”.
The “irtt” column stands for Initial Round Trip Time and may be
used by the kernel to guess about the best TCP parameters without waiting for
slow replies. In practice, it’s not used much, so you’ll probably never see
anything else than 0 here.
The “Iface” column tells which network interface
should be used for sending packets that match the destination. If your computer
is connected to multiple subnets on multiple network cards, you may find that
some lines have an Iface of eth0 and others have one of eth1. Heck, even if the
second network card isn’t connected but just available, there may be some
routing rules for it in the table.
Use netstat -rn to display routes in numeric format without resolving
for host-names.
[root@rhel6-client1 ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags
MSS Window irtt Iface
192.168.234.0 0.0.0.0 255.255.255.0 U
0 0 0 eth2
192.168.234.0 0.0.0.0 255.255.255.0 U
0 0 0 eth1
192.168.110.0 0.0.0.0 255.255.255.0 U
0 0 0 eth3
192.168.110.0 0.0.0.0 255.255.255.0 U
0 0 0 eth0
0.0.0.0
192.168.110.1 0.0.0.0 UG 0 0 0 eth0
How to list information related to all network interfaces via
netstat?
[root@rhel6-client1 ~]# netstat -i
Kernel
Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500
0 3531 0
0 0 8
0 0 0 BMRU
eth1 1500
0 3540 0
0 0 23
0 0 0 BMRU
eth2 1500
0 3346 0
0 0 18
0 0 0 BMRU
eth3 1500
0 13414 0
0 0 8435
0 0 0 BMRU
lo 16436
0 134 0
0 0 134
0 0 0 LRU
So we see that all the network information related to individual
interfaces was displayed in the output.
The RX and TX columns are described as follows:
RX-OK :
Correct packets received on this interface.
RX-ERR : Incorrect packets received on this interface
RX-DRP : Packets that were dropped at this interface.
RX-OVR : Packets that this interface was unable to
receive.
Similar definition is for the TX columns that describe the
transmitted packets.
How to list multicast group membership information via netstat?
[root@rhel6-client1 ~]# netstat -g
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 224.0.0.1
eth0 1
224.0.0.1
eth1 1 224.0.0.1
eth2 1 224.0.0.1
eth3 1 224.0.0.1
References & Good Read:
No comments:
Post a Comment