How to view local and network socket connections and buffer sizes in Red Hat Enterprise Linux
環境
Red Hat Enterprise Linux (RHEL) All Versions
問題
How can I find out what connections are established to local host from external systems?
How can I view local and network socket connections?
How can I view socket buffer sizes?
決議
The
netstat
utility provides many useful statistics and status information on active connections.
The
-s
option will display a cumulative summary of statistics since last boot time. This will include ongoing counts of various error conditions such as dropped packets (at the kernel/application side), buffer overflows, retransmits and more.
The
-nap
options are a very useful combination to see All connections (local socket and tcp/udp), the PID/Program name, and Numeric address instead of DNS name. Looking up network names slows the query considerably, particularly if there are problems with DNS. The options
-t
and
-u
can be used instead of
-a
to view only TCP and/or UDP connections.
These options are explained from the man page (man netstat) as:
Raw
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
-a, --all
Show both listening and non-listening (for TCP this means established connections) sockets. With the --interfaces option, show interfaces that are not
up
-p, --program
Show the PID and name of the program to which each socket belongs.
When viewing the output, the Recv-Q and Send-Q columns are very useful to see the TCP/UDP buffer sizes which can indicate that packets are being queued up due to either the application or far end not being able to accept or process the packets quickly enough. When problems occur, these buffers will eventually overflow, as indicated in the
netstat -s
output and be 'dropped' and retransmitted. This is the classic example of packets being dropped at the Kernel or Application layer.
Note that this is notably different than being dropped at the physical network level (NIC, Switch) or being dropped externally to the host.
The command
ifconfig -a
will show output at the Network Interface Card (NIC) hardware layer indicated Errors, Dropped Packets, or Overruns (ring buffer overflows). This would indicate problems at points of the NIC or external network.
最後兩段的翻譯如下:
請注意,這與在實體網絡級别(nic、交換機)或在外部将其丢棄到主機上明顯不同。
指令ifconfig-a将顯示網絡接口卡(nic)硬體層的輸出,訓示錯誤、丢棄的資料包或溢出(環緩沖區溢出)。這将訓示NIC或外部網絡的點出現問題。
![Generic P2P Architecture, Tutorial and Example - CodeProject[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)