To explore the working of netstat command.

Observing network messages like ICMP and

TCP. Debugging the network to find down links.

When debugging networks problems on a Linux server, ping and traceroute are often helpful, but you
may need to have further network details on hand to help track down an issue and get it fixed. One such
command is netstat, which can offer you details on the networks sockets as well as other helpful
information. As with ping and traceroute, you can simply use netstat from the command line and get
results quickly.

What is Netstat?

The netstat command in Linux is a very useful tool when dealing with networking issues.

Netstat, short for the phrase “network statistics”, is a tool Linux (as well as other operating systems such
as Windows and OS X) can make use of in order to display incoming and outgoing network connections.
In addition to this, it can be used to get information on network statistics, protocol statistics, and routing
tables.
You can use netstat to find network problems and measure the amount of network traffic, so it can be a
really useful tool to help you gather the information you need to solve any outage, slow down, or
bottleneck issues on your network.

Basic Netstat
For a basic listing of all the current connections, you would simply call netstat with the -a option.

> netstat -a

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 localhost:ipp *:* LISTEN

tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN

udp 0 0 *:bootpc *:*

udp 0 0 localhost:ntp *:*

udp 0 0 *:ntp *:*

udp6 0 0 ip6-localhost:ntp [::]:*

udp6 0 0 [::]:ntp [::]:*

udp6 0 0 [::]:mdns [::]:*

Active UNIX domain sockets (servers and established)

Proto RefCnt Flags Type State I-Node Path

unix 1 [ ACC ] STREAM LISTENING 11091 @/tmp/XX

unix 1 [ ACC ] STREAM LISTENING 39045 @/tmp/Cx

This provides some basic information on connections from different types of protocols like TCP and
UDP, as well as active Unix domain sockets. However, netstat allows you to get more specific
information that can be more helpful in debugging.

Filter by Connection Type

Sometimes filtering the results based on the connection type can be useful when trying to find the
information you need. For example, if you want to see only the TCP connections, you can add the “t”
option in addition to the “a” option, as shown below:

> netstat -at

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 host:domain *:* LISTEN

tcp 0 0 localhost:ipp *:* LISTEN

tcp 0 0 host.local:45789 host-:http ESTABLISHED

Similarly, by using netstat -au, you can list only the UDP connections.

Filter by Listening Connections

If you want to only see the connections that are listening, you can do so by using the “l” option and
remove the “a” option. Here is an example of this:

> netstat -l

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 localhost:80 0.0.0.0:* LISTEN

tcp 0 0 localhost:443 0.0.0.0:* LISTEN

As with the “a” option, you can use netstat -lt and netstat -lu in order to further filter and to get only the
listening TCP or UDP connections. In this way, you can easily see if a particular port is open and
listening and determine whether a website or app is able to be up and running as expected.

See Network Statistics

> netstat -s

Ip:

73419 total packets received

0 forwarded

0 incoming packets discarded

73419 incoming packets delivered

37098 requests sent out

 45 outgoing packets dropped

Icmp:

119 ICMP messages received

0 input ICMP message failed.

ICMP input histogram:

destination unreachable: 119

102 ICMP messages sent

0 ICMP messages failed

ICMP output histogram:

destination unreachable: 102

... OUTPUT TRUNCATED ...

As you can see, this offers some statistics that may be useful to you while debugging, such as total,
incoming, and outgoing packets as well as ICMP messages that were received, sent, and failed.
To observe the working of IP protocol. Exploring the routing tables for different routers.

The IP (Internet Protocol) is a protocol that uses datagrams to communicate over a packet-switched

network, such as the Internet. The IP protocol operates at the network layer protocol of the OSI
reference model and is a part of a suite of protocols known as TCP/IP. Today, with over 1.5 billion
users worldwide, the current Internet is a great success in terms of connecting people and
communities. Even though the current Internet continues to work and is capable of fulfilling its
current missions, it also suffers from a relative condition where technological innovation meets
natural resistance, as exemplified by the current lack of wide deployment of technologies such as
multicast or Internet Protocol version 6 (IPv6).

The Internetwork Protocol (IP) provides a best effort network layer service connecting endpoints
(computers, phones, etc) to form a computer network. In IPv4, each endpoint is identified by one or
more gloablly unique IP addresses. The network layer PDUs are known as either "packets" or
"datagrams". Each packet carries the source IP address of the sending endpoint and also the address
of the intended recipient endpoint (or a group destination address). Other protocol information is also
carried.

The IP network service transmits datagrams between routers (intermediate nodes) using IP routers.
The routers themselves can be simple, since no information is stored concerning the datagrams that
are forwarded on a link. The most complex part of an IP router is concerned with determining the
optimum link to use to reach each destination in a network. This process is known as "routing".
Although the routing process is computationally intensive, it is only performed at periodic intervals.

An IP network normally uses a dynamic routing protocol to find alternate routes whenever a link
becomes unavailable. This provides considerable robustness from the failure of either links or
routers, but is unable to guarentee reliable delivery. Some applications are happy with this basic
service and use a simple transport protocol known as the User Datagram Protocol (UDP) to access
this best effort service.

Most Internet users need additional functions such as end-to-end error and sequence control to give a
reliable service (equivalent to that provided by virtual circuits). This reliability is usually provided by
the Transmission Control Protocol (TCP), which is used end-to-end across the Internet.

In a LAN environment, the protocol is normally carried by Ethernet, but for long distance links,
other link protocols using fibre optic links are usually used. Other protocols associated with the IPv4
network layer are the Internet Control Message Protocol (ICMP) and the Address Resolution
Protocol (arp).
 To explore Broadcast and Multicast routing. To explore the usage of IGMP in Multicasting.

in computer networking, broadcasting refers to transmitting a packet that will be received

by every device on the network.  Broadcasting a message is in contrast to unicast
addressing in which a host sends datagrams to another single host identified by a unique IP
address.

Multicast IP Routing protocols are used to distribute data (for example, audio/video streaming

broadcasts) to multiple recipients. Using multicast, a source can send a single copy of data to a
single multicast address, which is then distributed to an entire group of recipients.

IGMP is an integral part of IP multicast. IGMP can be used for one-to-many networking

applications such as online streaming video and gaming, and allows more efficient use of resources
when supporting these types of applications. IGMP is used on IPv4 networks.

IP multicast is a method of forwarding the same set of IP packets to a number of hosts within a
network. You can use multicast in both IPv4 and IPv6 networks to provide efficient delivery of data
to multiple destinations.

Multicast involves both a method of delivery and discovery of senders and receivers of multicast
data, which is transmitted on IP multicast addresses called groups. A multicast address that includes
a group and source IP address is often referred to as a channel.

GMP snooping software examines Layer 2 IP multicast traffic within a VLAN to discover the ports
where interested receivers reside. Using the port information, IGMP snooping can reduce bandwidth
consumption in a multi-access LAN environment to avoid flooding the entire VLAN. The IGMP
snooping feature tracks which ports are attached to multicast-capable routers to help the routers
forward IGMP membership reports. The IGMP snooping software responds to topology change
notifications.

In general, IGMP snooping works as follows:

• Ethernet switches, parse and intercept all IGMP packets and forward them to a CPU, such as a
Supervisor module, for protocol processing.

• Router ports are learned using IGMP queries. The switch returns IGMP queries, it remembers
which port the query comes from, and marks the port as a router port.

• IGMP membership is learned using IGMP reports. The switch parses IGMP report packets, and
updates its multicast forwarding table to keep track of IGMP membership.

• When the switch receives multicast traffic, it check its multicast table, and forwards the traffic
only to those ports interested in the traffic.

• IGMP queries are flooded to the whole VLAN.

• IGMP reports are forwarded to the uplink port (the router ports).

• Multicast data traffic is forwarded to uplink ports (the router ports).