Solaris 11 : How to monitor network traffic using “ipstat”, “tcpstat” and “netstat” commands
Viewing IP Traffic Statistics with ipstat command
Starting with Oracle Solaris 11.2 release, you can use the ipstat command to report statistics about IP traffic. ipstat provides options to gather and report statistics only on IP traffic matching specified source or destination address, interface, and higher layer protocol. For more information, refer to the ipstat man page.
To gather and report statistics on IP traffic based on the selected output mode and sort order, use the “ipstat -l” with command.
# ipstat -l 5 SOURCE DEST PROTO INT BYTES s11-server1.mydomain.com s11-desktop.mydomain.com UDP net0 39.0 s11-desktop.mydomain.com s11-server1.mydomain.com UDP net0 28.0 Total: bytes in: 39.0 bytes out: 28.0
Viewing TCP and UDP Traffic Statistics with tcpstat command
Starting with Oracle Solaris 11.2 release, you can use the tcpstat command to report statistics on TCP and UDP traffic. tcpstat provides options to gather and report statistics only on traffic matching the specified source or destination address, interface, process ID, source or destination port, and zone name. For more information, refer to the tcpstat man page.
To gather and report statistics on TCP and UDP traffic based on the selected output mode and sort order, use the “tcpstat -l” command.
# tcpstat -l 5 ZONE PID PROTO SADDR SPORT DADDR DPORT BYTES global 795 UDP s11-server1.mydo 53 s11-desktop.mydo 42857 20.0 global 795 UDP s11-desktop.mydo 42857 s11-server1.mydo 53 9.0 global 795 UDP s11-desktop.mydo 59127 s11-server1.mydo 53 7.0 global 795 UDP s11-desktop.mydo 38509 s11-server1.mydo 53 7.0 global 795 UDP s11-server1.mydo 53 s11-desktop.mydo 59127 7.0 Total: bytes in: 34.0 bytes uot: 23.0
Viewing User and Process Information
Starting with Oracle Solaris 11.2 release, the netstat command provides the -u option to view information about processes and users in the netstat output. In the example in the slide:
- -a: Displays the state of all sockets, all routing table entries, or all interfaces, both physical and logical
- -n: Displays network addresses as numbers. netstat normally displays addresses as symbols.
- -v: Provides verbose information
In the example, the output includes details of both IPv4 and IPv6, and all active UNIX domain sockets.
# netstat -nauv
UDP: IPv4
Local Address Remote Address User Pid State Command
-------------------- -------------------- -------- ------ ---------- ----------------
*.* root 79 Unbound /lib/inet/in.mpathd
*.* root 79 Unbound /lib/inet/in.mpathd
*.* netadm 308 Unbound /lib/inet/nwadm
*.* netadm 308 Unbound /lib/inet/nwadm
*.631 root 430 Idle /usr/sbin/cupsd -C /etc/cups/cupsd.conf
127.0.0.1.53 root 443 Idle /usr/sbin/named
192.168.0.100.53 root 443 Idle /usr/sbin/named
*.111 daemon 539 Idle /usr/sbin/rpcbind
*.* daemon 539 Unbound /usr/sbin/rpcbind
*.52951 daemon 539 Idle /usr/sbin/rpcbind
*.111 daemon 539 Idle /usr/sbin/rpcbind
*.* daemon 539 Unbound /usr/sbin/rpcbind
*.36871 daemon 539 Idle /usr/sbin/rpcbind
*.* root 585 Unbound /usr/lib/inet/in.ndpd
...
(output truncated)
No comments:
Post a Comment