Professional Documents
Culture Documents
When debugging networks problems on a Linux server, ping and traceroute are often helpful, but you
may need to have further network details on hand to help track down an issue and get it fixed. One such
command is netstat, which can offer you details on the networks sockets as well as other helpful
information. As with ping and traceroute, you can simply use netstat from the command line and get
results quickly.
What is Netstat?
The netstat command in Linux is a very useful tool when dealing with networking issues.
Netstat, short for the phrase “network statistics”, is a tool Linux (as well as other operating systems such
as Windows and OS X) can make use of in order to display incoming and outgoing network connections.
In addition to this, it can be used to get information on network statistics, protocol statistics, and routing
tables.
You can use netstat to find network problems and measure the amount of network traffic, so it can be a
really useful tool to help you gather the information you need to solve any outage, slow down, or
bottleneck issues on your network.
Basic Netstat
For a basic listing of all the current connections, you would simply call netstat with the -a option.
> netstat -a
This provides some basic information on connections from different types of protocols like TCP and
UDP, as well as active Unix domain sockets. However, netstat allows you to get more specific
information that can be more helpful in debugging.
> netstat -l
As with the “a” option, you can use netstat -lt and netstat -lu in order to further filter and to get only the
listening TCP or UDP connections. In this way, you can easily see if a particular port is open and
listening and determine whether a website or app is able to be up and running as expected.
Ip:
0 forwarded
Icmp:
As you can see, this offers some statistics that may be useful to you while debugging, such as total,
incoming, and outgoing packets as well as ICMP messages that were received, sent, and failed.
To observe the working of IP protocol. Exploring the routing tables for different routers.
The Internetwork Protocol (IP) provides a best effort network layer service connecting endpoints
(computers, phones, etc) to form a computer network. In IPv4, each endpoint is identified by one or
more gloablly unique IP addresses. The network layer PDUs are known as either "packets" or
"datagrams". Each packet carries the source IP address of the sending endpoint and also the address
of the intended recipient endpoint (or a group destination address). Other protocol information is also
carried.
The IP network service transmits datagrams between routers (intermediate nodes) using IP routers.
The routers themselves can be simple, since no information is stored concerning the datagrams that
are forwarded on a link. The most complex part of an IP router is concerned with determining the
optimum link to use to reach each destination in a network. This process is known as "routing".
Although the routing process is computationally intensive, it is only performed at periodic intervals.
An IP network normally uses a dynamic routing protocol to find alternate routes whenever a link
becomes unavailable. This provides considerable robustness from the failure of either links or
routers, but is unable to guarentee reliable delivery. Some applications are happy with this basic
service and use a simple transport protocol known as the User Datagram Protocol (UDP) to access
this best effort service.
Most Internet users need additional functions such as end-to-end error and sequence control to give a
reliable service (equivalent to that provided by virtual circuits). This reliability is usually provided by
the Transmission Control Protocol (TCP), which is used end-to-end across the Internet.
In a LAN environment, the protocol is normally carried by Ethernet, but for long distance links,
other link protocols using fibre optic links are usually used. Other protocols associated with the IPv4
network layer are the Internet Control Message Protocol (ICMP) and the Address Resolution
Protocol (arp).
To explore Broadcast and Multicast routing. To explore the usage of IGMP in Multicasting.
IP multicast is a method of forwarding the same set of IP packets to a number of hosts within a
network. You can use multicast in both IPv4 and IPv6 networks to provide efficient delivery of data
to multiple destinations.
Multicast involves both a method of delivery and discovery of senders and receivers of multicast
data, which is transmitted on IP multicast addresses called groups. A multicast address that includes
a group and source IP address is often referred to as a channel.
GMP snooping software examines Layer 2 IP multicast traffic within a VLAN to discover the ports
where interested receivers reside. Using the port information, IGMP snooping can reduce bandwidth
consumption in a multi-access LAN environment to avoid flooding the entire VLAN. The IGMP
snooping feature tracks which ports are attached to multicast-capable routers to help the routers
forward IGMP membership reports. The IGMP snooping software responds to topology change
notifications.
• Ethernet switches, parse and intercept all IGMP packets and forward them to a CPU, such as a
Supervisor module, for protocol processing.
• Router ports are learned using IGMP queries. The switch returns IGMP queries, it remembers
which port the query comes from, and marks the port as a router port.
• IGMP membership is learned using IGMP reports. The switch parses IGMP report packets, and
updates its multicast forwarding table to keep track of IGMP membership.
• When the switch receives multicast traffic, it check its multicast table, and forwards the traffic
only to those ports interested in the traffic.