How to view local and network socket connections and buffer sizes in Red Hat Enterprise Linux
环境
Red Hat Enterprise Linux (RHEL) All Versions
问题
How can I find out what connections are established to local host from external systems?
How can I view local and network socket connections?
How can I view socket buffer sizes?
决议
The
netstat
utility provides many useful statistics and status information on active connections.
The
-s
option will display a cumulative summary of statistics since last boot time. This will include ongoing counts of various error conditions such as dropped packets (at the kernel/application side), buffer overflows, retransmits and more.
The
-nap
options are a very useful combination to see All connections (local socket and tcp/udp), the PID/Program name, and Numeric address instead of DNS name. Looking up network names slows the query considerably, particularly if there are problems with DNS. The options
-t
and
-u
can be used instead of
-a
to view only TCP and/or UDP connections.
These options are explained from the man page (man netstat) as:
Raw
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
-a, --all
Show both listening and non-listening (for TCP this means established connections) sockets. With the --interfaces option, show interfaces that are not
up
-p, --program
Show the PID and name of the program to which each socket belongs.
When viewing the output, the Recv-Q and Send-Q columns are very useful to see the TCP/UDP buffer sizes which can indicate that packets are being queued up due to either the application or far end not being able to accept or process the packets quickly enough. When problems occur, these buffers will eventually overflow, as indicated in the
netstat -s
output and be 'dropped' and retransmitted. This is the classic example of packets being dropped at the Kernel or Application layer.
Note that this is notably different than being dropped at the physical network level (NIC, Switch) or being dropped externally to the host.
The command
ifconfig -a
will show output at the Network Interface Card (NIC) hardware layer indicated Errors, Dropped Packets, or Overruns (ring buffer overflows). This would indicate problems at points of the NIC or external network.
最后两段的翻译如下:
请注意,这与在物理网络级别(nic、交换机)或在外部将其丢弃到主机上明显不同。
命令ifconfig-a将显示网络接口卡(nic)硬件层的输出,指示错误、丢弃的数据包或溢出(环缓冲区溢出)。这将指示NIC或外部网络的点出现问题。