Monday, December 29, 2014

NETSTAT command


1. Display routing information maintained by kernel

This information can be retrieved using the -r option along with this command.

Consider the following example :
$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     *               255.255.255.0   U         0 0          0 wlan0
link-local      *               255.255.0.0     U         0 0          0 wlan0
default         192.168.1.1     0.0.0.0         UG        0 0          0 wlan0
So we see that kernel routing table information was displayed using the -r option. The flag 'U' indicates that this entry is up while the flag 'G' indicates that this entry is not a direct entry i.e. the destination indicated in this route entry is not on the same network. A list of flags is given below : 

A Receive all multicast at this interface.
B OK broadcast.
D Debugging ON.
M Promiscuous Mode.
O No ARP at this interface.
P P2P connection at this interface.
R Interface is running.
U Interface is up. 
G Not a direct entry.

2. Display multicast group membership information

This information is displayed for both IPv4 and IPv6 and can be retrieved using -g option with this command.

Consider the following example :
$ netstat -g
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      all-systems.mcast.net
eth0            1      all-systems.mcast.net
wlan0           1      224.0.0.251
wlan0           1      all-systems.mcast.net
lo              1      ip6-allnodes
eth0            1      ip6-allnodes
wlan0           1      ff02::1:ff20:3a8e
wlan0           1      ip6-allnodes
pan0            1      ip6-allnodes
So we see that the multicast information was displayed in the above output.

3. Display information related to all network interfaces

This is made possible using the -i option along with this command.

Consider the following example :
$ netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    166164      0      0 0        152434      0      0      0 BMRU
So we see that all the network information related to individual interfaces was displayed in the output. The RX and TX columns are described as follows : 

RX-OK   : Correct packets received on this interface. 
RX-ERR : Incorrect packets received on this interface 
RX-DRP : Packets that were dropped at this interface.
RX-OVR : Packets that this interface was unable to receive.

Similar definition is for the TX columns that describe the transmitted packets.

4. Display summary statistics for each protocol

This is very handy information that netstat command provides. This information can be retrieved by using -s option with this command.

Consider the following example :
$ netstat -s
Ip:
    167813 total packets received
    1 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    166864 incoming packets delivered
    153028 requests sent out
Icmp:
    12 ICMP messages received
    0 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 12
    12 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 12
IcmpMsg:
        InType3: 12
        OutType3: 12
Tcp:
    3270 active connections openings
    0 passive connection openings
    11 failed connection attempts
    279 connection resets received
    2 connections established
    158262 segments received
    145989 segments send out
    477 segments retransmited
    0 bad segments received.
    1938 resets sent
Udp:
    5418 packets received
    12 packets to unknown port received.
    0 packet receive errors
    5387 packets sent
UdpLite:
TcpExt:
    52 packets pruned from receive queue because of socket buffer overrun
    1661 TCP sockets finished time wait in fast timer
    2 time wait sockets recycled by time stamp
    5 packets rejects in established connections because of timestamp
    3733 delayed acks sent
    1 delayed acks further delayed because of locked socket
    Quick ack mode was activated 890 times
    384 packets directly queued to recvmsg prequeue.
    210504 bytes directly received in process context from prequeue
    83445 packet headers predicted
    153 packets header predicted and directly queued to user
    8241 acknowledgments not containing data payload received
    1732 predicted acknowledgments
    3 congestion windows recovered without slow start by DSACK
    203 congestion windows recovered without slow start after partial ack
    1 timeouts after reno fast retransmit
    9 timeouts after SACK recovery
    2 timeouts in loss state
    9 retransmits in slow start
    428 other TCP timeouts
    1782 packets collapsed in receive queue due to low socket buffer
    861 DSACKs sent for old packets
    22 DSACKs sent for out of order packets
    276 DSACKs received
    407 connections reset due to unexpected data
    272 connections reset due to early user close
    4 connections aborted due to timeout
    TCPDSACKIgnoredOld: 128
    TCPDSACKIgnoredNoUndo: 31
    TCPSackShiftFallback: 2
IpExt:
    InMcastPkts: 2370
    OutMcastPkts: 1199
    InBcastPkts: 2270
    OutBcastPkts: 1331
    InOctets: 194805011
    OutOctets: 15947915
    InMcastOctets: 74161
    OutMcastOctets: 41385
    InBcastOctets: 477074
    OutBcastOctets: 194151
So we see that vital statistical information related to each protocol was displayed in the output.

5. Monitor continuously

Yes, netstat command provides an option -c using which any type of information can be monitored continuously. Here continuously means that same information would be fetched again and again after each second and the netstat output will grow until you choose to stop the command.

Here is an example where the interface information can be monitored continuously :
$ netstat -ic
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167000      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167001      0      0 0        153174      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167001      0      0 0        153175      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167001      0      0 0        153175      0      0      0 BMRU
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0         0      0      0 0             0      0      0      0 BMU
lo        16436 0        44      0      0 0            44      0      0      0 LRU
wlan0      1500 0    167001      0      0 0        153175      0      0      0 BMRU
^C
$
So we see that the interface information (using -i) was displayed continuously again and again using -c option. The figure change (highlighted in bold) in the output above gives us an idea how -c option is useful to see updates in statistics in real time.

6. Display extra information

Apart from the information that netstat produces in output, Extra information can be produced in output using -e option.

Consider an example below :
$ netstat -e
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      
tcp        0      0 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED himanshu   88185      
tcp       38      0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT  himanshu   88182      
tcp       38      0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT  himanshu   247035     
tcp       38      0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT  himanshu   10991      
tcp        0      0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED himanshu   186169     
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    3273     @/org/kernel/udev/udevd
unix  20     [ ]         DGRAM                    4787     /dev/log
unix  3      [ ]         STREAM     CONNECTED     206978   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206977   
unix  3      [ ]         STREAM     CONNECTED     206943   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206942   
unix  3      [ ]         STREAM     CONNECTED     206941   @/tmp/.ICE-unix/1543
unix  3      [ ]         STREAM     CONNECTED     206940   
unix  3      [ ]         STREAM     CONNECTED     206939   @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     206938   
unix  3      [ ]         STREAM     CONNECTED     206937   /tmp/orbit-himanshu/linc-dcf-0-427340219d277
unix  3      [ ]         STREAM     CONNECTED     206936   
unix  3      [ ]         STREAM     CONNECTED     206933   /tmp/orbit-himanshu/linc-630-0-480531b88e2fc
...
...
...
So we see that lots of extra information related to internet connections (like user, Inode etc) was produced in the output.

7. Display network timer related information

This type of information can be produced in output using -o option with this command.

Consider the following example :
$ netstat -o
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       Timer
tcp        0      0 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED off (0.00/0/0)
tcp       38      0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT  off (0.00/0/0)
tcp       38      0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT  off (0.00/0/0)
tcp       38      0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT  off (0.00/0/0)
tcp        0      0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED off (0.00/0/0)
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    3273     @/org/kernel/udev/udevd
unix  20     [ ]         DGRAM                    4787     /dev/log
unix  3      [ ]         STREAM     CONNECTED     206978   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206977   
unix  3      [ ]         STREAM     CONNECTED     206943   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206942   
...
...
...
So we see that the timer related information (highlighted in bold) was produced in the output.

8. Display the PID of the program using socket

The PID of the program using a particular socket can be produced in the output using the option -p with this command.

Consider the following example :
$ netstat -p
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0    195 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED 1643/dropbox    
tcp       38      0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT  1643/dropbox    
tcp       38      0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT  1643/dropbox    
tcp       38      0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT  1643/dropbox    
tcp        0      0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED 1887/firefox    
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ]         DGRAM                    3273     -                   @/org/kernel/udev/udevd
unix  20     [ ]         DGRAM                    4787     -                   /dev/log
unix  3      [ ]         STREAM     CONNECTED     206978   1581/dbus-daemon    @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206977   1627/metacity       
...
...
...
As suggested by the highlighted portion in the output, the PID related information was produced using -p option.

9. Show only listening sockets

This can be made possible by using the -l option with this command.

Consider the following example :
$ netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost:ipp           *:*                     LISTEN     
tcp        0      0 *:17500                 *:*                     LISTEN     
tcp6       0      0 [::]:netbios-ssn        [::]:*                  LISTEN     
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN     
tcp6       0      0 [::]:microsoft-ds       [::]:*                  LISTEN
...
...
...
So we see that only those sockets whose state is LISTEN are produced in the output.

10. Show routing information from route cache

Information from route cache is produced in the output using -C option with this command.

Consider the following example :
$ netstat -C
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 himanshu-laptop.l:46096 sjc-not16.sjc.dropb:www ESTABLISHED
tcp       38      0 himanshu-laptop.l:40156 v-d-1a.sjc.dropbo:https CLOSE_WAIT 
tcp       38      0 himanshu-laptop.l:54501 v-client-5a.sjc.d:https CLOSE_WAIT 
tcp       38      0 himanshu-laptop.l:60738 v-client-2b.sjc.d:https CLOSE_WAIT 
tcp        0      0 himanshu-laptop.l:59610 del01s05-in-f22.1:https ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    3273     @/org/kernel/udev/udevd
unix  20     [ ]         DGRAM                    4787     /dev/log
unix  3      [ ]         STREAM     CONNECTED     206978   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206977   
unix  3      [ ]         STREAM     CONNECTED     206943   @/tmp/dbus-VwQ8GS3QiP
unix  3      [ ]         STREAM     CONNECTED     206942   
...
...
...
The output above is produced using the information from route cache. 

 --
If it says 0.0.0.0 on the Local Address column, it means that port is listening on all 'network interfaces' (i.e. your computer, 
your modem(s) and your network card(s))

0.0.0.0 means the process is bound to all interfaces.
127.0.0.1 means the process is bound only to the 127.0.0.1 interface (loopback).
If you had other interfaces you might have x.y.z.a entries indicating the process was bound to those specific interfaces.
A process will only be told if traffic arrives on the interfaces to which it is bound, so yes, it's kind of a filter, although it's not usually described in those terms.
--
Posted by at No comments:

Tuesday, December 23, 2014

Time mismatch in RHEL with windows v-sphere2012



Source : http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006427

Editing Kernel Configuration

Kernel command line parameters are specified in the /etc/lilo.conf or /boot/grub/grub.conf file, depending on your choice of boot loader.
  • For LILO, put the kernel command line parameters at the end of the append line.

    For example, if the append is similar to:

    append="resume=/dev/hda6 splash=silent"

    and you want to add clock=pmtmr divider=10, the updated text is:

    append="resume=/dev/hda6 splash=silent clock=pmtmr divider=10"

    Run the /sbin/lilo command after editing the lilo.conf file to make the changes take effect.
  • For GRUB, put the kernel command line parameters at the end of the kernel line.

    For example, if the kernel line is similar to:

    kernel /vmlinuz-2.6.18 ro root=/dev/hda2

    and you want to add clock=pmtmr divider=10, the updated text is:

    kernel /vmlinuz-2.6.18 ro root=/dev/hda2 clock=pmtmr divider=10


Example :

 [root@ibsvr ~]# ip a | grep eth0
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
    inet 10.192.168.36/26 brd 10.192.168.63 scope global eth0

[root@ibsvr ~]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You do not have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /, eg.
#          root (hd0,1)
#          kernel /boot/vmlinuz-version ro root=/dev/hda2
#          initrd /boot/initrd-version.img
#boot=/dev/hda
default=0
timeout=5
splashimage=(hd0,1)/boot/grub/splash.xpm.gz
hiddenmenu
title Enterprise Linux (2.6.18-164.el5)
        root (hd0,1)
        kernel /boot/vmlinuz-2.6.18-164.el5 ro root=LABEL=/ rhgb quiet clock=pmtmr divider=10
        initrd /boot/initrd-2.6.18-164.el5.img

OR ,
(From Microsoft suggestion )

The specified parameters should be added to the end of kernel line in boot loader configuration, e.g. for GRUB:
~# cat /boot/grub/menu.lst
default=0
timeout=30

title CentOS (2.6.18-194.el5.x86_64)
   root (hd1,0)
   kernel /boot/vmlinuz-2.6.18-194.el5.x86_64 ro root=UUID=6b3f39b4-8749-4b3b-a873-d8c5a96e2f45 divider=10 nohpet notsc
   initrd /boot/initrd-2.6.18-194.el5.x86_64.img

Microsoft Link :

 > http://support.microsoft.com/kb/2711608
>  http://support.microsoft.com/kb/918461
>  http://kb.sp.parallels.com/en/114810

Posted by at No comments:

Monday, December 22, 2014

Using Telnet to Test Port Functionality 



List of all ports : http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
[root@ibsvr ~]# Telnet tserv 22OR,[root@ibsvr ~]# telnet 192.168.1.12 22
where "tserv" is the target host name of your Terminal Server. 
Note : No need to run TELNET/xinetd service of the TARGET HOST server .  
If telnet is successful, you simply receive the telnet screen and a cursor. On the Terminal Server, Terminal Server Administration will show a blue computer icon with no other information. The Telnet connection will also consume an idle session. 

The Terminal Server should disconnect the connection after a few minutes. Or, you can disconnect using Telnet. 

This test tells you that you can connect over the port. 

If Telnet reports that you cannot connect, there are several possible reasons: 


    

  1. If you can connect by replacing "tserv" with the Terminal Server's IP address but not the host name, you may have a DNS or WINS resolution problem.
    2. 

  2. If you can connect when "tserv" is the host name, but cannot connect when "tserv" is the computer name, then you may have a NetBIOS name resolution issue with WINS or an LMHOSTS file.
    3. 

  3. If you cannot connect when "tserv" is the IP address, the host name, or the computer name, then it is likely that port 3389 is blocked somewhere in your WAN.
    4. 


OR,


[root@pbltest2 dev]# cat < /dev/tcp/192.168.0.89/22
SSH-2.0-OpenSSH_4.3



















Posted by



at





No comments:
  

































        

      









Subscribe to:
Posts (Atom)