The netstat command supplies a huge total on information and facts on community action. With the -s choice (netstat -s), it will exhibit summaries for many protocols such as packets acquired, energetic connections, unsuccessful connections and a lot much more. When the information is intensive more than enough to make you dizzy, the extra you get utilised to what the command’s output appears to be like, the extra you are going to become common with what to assume and probably even get greater at spotting what is actually strange. In this article, we are heading to look at different portions of the netstat -s command’s output working with crafted aliases to make it much easier.

What type of stats does the netstat -s command give?

To record the numerous styles of statistics the netstat -s command offers, I ran a command like that proven beneath to list the protocols it displays. The grep -v “^ “ portion of the command selects only traces that don’t begin with a blank. Because the details are all indented, this command reveals just the protocols.

$ netstat -s | grep -v "^ "
Ip:
Icmp:
IcmpMsg:
Tcp:
Udp:
UdpLite:
TcpExt:
IpExt:
MPTcpExt:

The adhering to command exhibits the protocol headings with their line figures provided by demanding colons and omitting lines with tabs. The line figures will assist isolate the sections for the aliases.

$ netstat -s | nl | grep "[A-Za-z]:$" | grep -Pv 't '
     1Ip:
    10Icmp:
    19IcmpMsg:
    22Tcp:
    33Udp:
    41UdpLite:
    42TcpExt:
    93IpExt:
   104MPTcpExt:

This command counts the general strains on the output:

$ netstat -s | w -l
104

From the higher than output, I could identify the starting off line and the duration of every single portion and create the aliases for just about every as perfectly.

 begin  segment         strains   head command
 ======================================================
     1Ip:1-9head -9
    10Icmp:10-18head -18 | tail -9
    19IcmpMsg:19-21head -21 | tail -3
    22Tcp:22-32head -32 | tail -11
    33Udp:            33-40head -40 | tail -8
    41UdpLite:41-41head -41 | tail -1
    42TcpExt:        42-92head -88 | tail -47
    93IpExt:        93-103head -99 | tail -11
   104MPTcpExt:104-104        head -100 | tail -1

Soon after this, it was quite straightforward to assemble aliases like these due to the fact I realized where just about every section commenced and ended.

alias Ip='netstat -s | head -9'
alias Icmp='netstat -s | head -18 | tail -9'

On the other hand, recognizing that the selection of traces in every single area might not usually be the identical, I resorted to constructing a script that would assemble the aliases for me. A key component in this script is the situation statement, which has instructions to be run for just about every part of the netstat -s output.

Observe that each and every part of the script collects its starting up point and calculates the ending point for the prior protocol (the line ahead of its beginning). Only MPTcpExt section defines its individual alias and does this by calculating the strains in the file that contains the netstat -s output.

#!/bin/bash

# conserve netstat -s output in file
netstat -s > netstat-s
# depend lines
lines=`wc -l netstat-s | awk 'print $1'`

n=

although IFS= read -r line
do
    ((n=n+1))
    w=`echo $line | wc -w`
    if [ $w == 1 ] then
        # echo $line $n
protocol=`echo $line | sed 's/://'`
case $protocol in
  Ip) Ip=$n
  Icmp) Icmp=$n Ip2=`expr $n - 1`
    echo alias IP="'netstat -s | head -$Ip2'"
  IcmpMsg) IcmpMsg=$n Icmp2=`expr $n - 1`
    len=`expr $IcmpMsg - $Icmp`
    echo alias Icmp="'netstat -s | head -$Icmp2 | tail -$len'"
  Tcp) Tcp=$n IcmpMsg2=`expr $n - 1`
    len=`expr $Tcp - $IcmpMsg`
    echo alias IcmpMsg="'netstat -s | head -$IcmpMsg2 | tail -$len'"
  Udp) Udp=$n Tcp2=`expr $n - 1`
    len=`expr $Udp - $Tcp`
    echo alias Tcp="'netstat -s | head -$Tcp2 | tail -$len'"
  UdpLite) UdpLite=$n Udp2=`expr $n - 1`
    len=`expr $UdpLite - $Udp`
    echo alias Udp="'netstat -s | head -$Udp2 | tail -$len'"
  TcpExt) TcpExt=$n UdpLite2=`expr $n - 1`
    len=`expr $TcpExt - $UdpLite`
    echo alias UdpLite="'netstat -s | head -$UdpLite2 | tail -$len'"
  IpExt) IpExt=$n TcpExt2=`expr $n - 1`
    len=`expr $IpExt - $TcpExt`
    echo alias TcpExt="'netstat -s | head -$TcpExt2 | tail -$len'"
  MPTcpExt) MPTcpExt=$n IpExt2=`expr $n - 1`
    len=`expr $MPTcpExt - $IpExt`
    echo alias IpExt="'netstat -s | head -$IpExt2 | tail -$len'"
    len=`expr $n - $MPTcpExt + 1`
    echo alias MPTcpExt="'netstat -s | head -$MPTcpExt | tail -$len'"
    # relaxation=`expr $traces - $MPTcpExt` echo $rest
esac
    fi
done < netstat-s

On running the script, I got the following output – a list of the aliases that I then added to my ~/.bashrc file and regenerate as needed. They could have been added to a separate file that I sourced whenever I wanted to used them.

alias IP='netstat -s | head -9'
alias Icmp='netstat -s | head -18 | tail -9'
alias IcmpMsg='netstat -s | head -21 | tail -3'
alias Tcp='netstat -s | head -32 | tail -11'
alias Udp='netstat -s | head -40 | tail -8'
alias UdpLite="netstat -s | head -41 | tail -1"
alias TcpExt="netstat -s | head -92 | tail -51"
alias IpExt="netstat -s | head -103 | tail -11"
alias MPTcpExt="netstat -s | head -104 | tail -1"

Using the aliases will allow me to look at any section of the netstat -s command very easily. Note that you should expect to see considerable changes every time you use these aliases, because the number of connections and packets grows very quickly. In addition, since the number of lines in the netstat -s will not necessarily remain the same, regenerating the aliases from time to time is a good idea.

Here are some examples of the output the aliases will provide:

$ Ip
Ip:
    Forwarding: 2
    511618 total packets received
    159 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    502163 incoming packets delivered
    247145 requests sent out
    2 outgoing packets dropped
$ Tcp
Tcp:
    5124 active connection openings
    26 passive connection openings
    0 failed connection attempts
    6 connection resets received
    1 connections established
    333116 segments received
    235631 segments sent out
    519 segments retransmitted
    6 bad segments received
    3558 resets sent
$ Udp
Udp:
    111008 packets received
    6 packets to unknown port received
    0 packet receive errors
    12794 packets sent
    0 receive buffer errors
    0 send buffer errors
    IgnoredMulti: 58026

Wrap-up

The netstat command provides a huge number of network stats. With the -s option, it displays network statistics in nine different categories. The aliases included in this post should make becoming familiar with these statistics easier.