Consultor Eletrônico

Status: Verified

GOAL:

How to Troubleshoot Network problems with "NetStat"

FIX:

Netstat is a useful tool for troubleshooting network connectivity issues.

Netstat stands for NETwork STATus and can be used to determine what connections are established on a system, and what ports are spawned by Progress servers and brokers.

Netstat is available on both Windows NT and UNIX operating systems, however there are slight differences in the amount of data presented and the type of data presented.

In both cases you can launch the utility by entering netstat at the command line followed by the enter key. On both systems there is help available on the usage of the command and its associated modifiers or switches by entering the following at the command prompt:

- On UNIX:

man netstat<enter>

- On Windows NT:

netstat /?

In both cases you are provided a list of command modifiers and, on UNIX systems, details on what the command does. By entering the Netstate /? Command in a Windows NT environment, you receive
the following menu:

C:\WINNT\Profiles\tfroburg\Desktop>netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
(Server-side connections are normally not shown).
-e Displays Ethernet statistics. This may be combined
with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto;

proto may be tcp or udp. If used with the -s option
to display per-protocol statistics, proto may be tcp,
udp, or ip.
-r Displays the contents of the routing table.
-s Displays per-protocol statistics. By default,
statistics are shown for TCP, UDP and IP; the -p
option may be used to specify a subset of the default.
interval Redisplays selected statistics, pausing interval
seconds between each display. Press CTRL+C to stop
redisplaying statistics. If omitted, netstat will
print the current configuration information once.

Usage examples:
When you use the command "netstat -a" (on an NT machine) you see a display similar to the following:

Active Connections

Proto Local Address Foreign Address State
TCP nt name:135 0.0.0.0:0 LISTENING
TCP nt name:135 0.0.0.0:0 LISTENING
TCP nt name:1026 0.0.0.0:0 LISTENING
TCP nt name:1028 0.0.0.0:0 LISTENING
TCP nt name:1029 0.0.0.0:0 LISTENING
TCP nt name:1031 0.0.0.0:0 LISTENING
TCP nt name:1032 0.0.0.0:0 LISTENING
TCP nt name:1036 0.0.0.0:0 LISTENING
TCP nt name:1037 0.0.0.0:0 LISTENING
TCP nt name:1038 0.0.0.0:0 LISTENING
TCP nt name:1041 0.0.0.0:0 LISTENING
TCP nt name:1052 0.0.0.0:0 LISTENING
TCP nt name:1053 0.0.0.0:0 LISTENING
TCP nt name:1057 0.0.0.0:0 LISTENING
TCP nt name:1176 0.0.0.0:0 LISTENING
TCP nt name:1178 0.0.0.0:0 LISTENING
TCP nt name:1207 0.0.0.0:0 LISTENING
TCP nt name:1424 0.0.0.0:0 LISTENING
TCP nt name:1474 0.0.0.0:0 LISTENING
TCP nt name:1499 0.0.0.0:0 LISTENING
TCP nt name:1531 0.0.0.0:0 LISTENING
TCP nt name:11487 0.0.0.0:0 LISTENING
TCP nt name:1025 0.0.0.0:0 LISTENING
TCP nt name:1025 localhost:1026 ESTABLISHED
TCP nt name:1026 localhos.t:1025 ESTABLISHED
TCP nt name:1027 0.0.0.0:0 LISTENING
TCP nt name:1027 localhost:1029 ESTABLISHED
TCP nt name:1029 localhost:1027 ESTABLISHED
TCP nt name:1030 0.0.0.0:0 LISTENING
TCP nt name:1030 localhost:1032 ESTABLISHED
TCP nt name:1032 localhost:1030 ESTABLISHED
TCP nt name:1035 0.0.0.0:0 LISTENING
TCP nt name:1035 localhost:1037 ESTABLISHED
TCP nt name:1037 localhost:1035 ESTABLISHED
TCP nt name:137 0.0.0.0:0 LISTENING
TCP nt name:138 0.0.0.0:0 LISTENING
TCP nt name:nbsession 0.0.0.0:0 LISTENING
TCP nt name:427 0.0.0.0:0 LISTENING
TCP nt name:427 0.0.0.0:0 LISTENING
TCP nt name:1038 server.name.com:524 ESTABLISHED
TCP nt name:1041 IPADDRESS ESTABLISHED
TCP nt name:1052 IPADDRESS ESTABLISHED
TCP nt name:1053 IPADDRESS ESTABLISHED
TCP nt name:1057 ntcitrix.host.com:1494 ESTABLISHED
TCP nt name:1176 server.name.com:143 ESTABLISHED
TCP nt name:1178 server.name.com:143 CLOSE_WAIT
TCP nt name:1424 server.name.com:80 CLOSE_WAIT
TCP nt name:1474 server.name.com:143 CLOSE_WAIT
TCP nt name:1499 server.name.com:143 CLOSE_WAIT
TCP nt name:1531 server.name.com:1036 ESTABLISHED
UDP nt name:135 *:*
UDP nt name:11487 *:*
UDP nt name:nbname *:*
UDP nt name:nbdatagram *:*
UDP nt name:427 *:*

However, all of the names and connection numbers are different. If you were to enter the same command on a UNIX machine, you see a file similar to the following:

UDP
Local Address State
-------------------- -------
*.sunrpc Idle
*.* Unbound
*.32771 Idle
*.32773 Idle
*.32775 Idle
*.name Idle
*.biff Idle
*.talk Idle
*.time Idle
*.32778 Idle
*.echo Idle
*.discard Idle
*.daytime Idle
*.chargen Idle
*.32779 Idle
*.lockd Idle
*.32781 Idle
*.32784 Idle
*.32788 Idle
*.32795 Idle
*.32798 Idle
*.32801 Idle
*.32804 Idle
*.syslog Idle
*.32807 Idle
*.32811 Idle
*.32812 Idle
*.32815 Idle
*.32867 Idle
*.nfsd Idle
*.32878 Idle
*.32913 Idle
*.33027 Idle
*.33039 Idle
*.34408 Idle
*.34410 Idle
*.34411 Idle
*.5163 Idle
*.34413 Idle
*.34422 Idle
*.36101 Idle
*.36103 Idle
*.759 Idle
*.46874 Idle
*.46883 Idle
*.46884 Idle
*.46892 Idle
*.46893 Idle
*.* Unbound

TCP
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
----------------- ------------------ ----- ------ ----- ------ -------
*.* *.* 0 0 0 0 IDLE
*.sunrpc *.* 0 0 0 0 LISTEN
*.33042 *.* 0 0 0 0 IDLE
*.32771 *.* 0 0 0 0 LISTEN
*.ftp *.* 0 0 0 0 LISTEN
*.telnet *.* 0 0 0 0 LISTEN
*.shell *.* 0 0 0 0 LISTEN
*.login . *.* 0 0 0 0 LISTEN
*.exec *.* 0 0 0 0 LISTEN
*.uucp *.* 0 0 0 0 LISTEN
*.finger *.* 0 0 0 0 LISTEN
*.time *.* 0 0 0 0 LISTEN
*.echo *.* 0 0 0 0 LISTEN
*.discard *.* 0 0 0 0 LISTEN
*.32772 *.* 0 0 0 0 LISTEN
*.daytime *.* 0 0 0 0 LISTEN
*.chargen *.* 0 0 0 0 LISTEN
*.lockd *.* 0 0 0 0 LISTEN
*.32779 *.* 0 0 0 0 LISTEN
*.32790 *.* 0 0 0 0 LISTEN
*.32792 *.* 0 0 0 0 LISTEN
*.fs *.* 0 0 0 0 LISTEN
*.smtp *.* 0 0 0 0 LISTEN
*.7588 *.* 0 0 0 0 LISTEN
*.nfsd *.* 0 0 0 0 LISTEN
*.32834 *.* 0 0 0 0 LISTEN
*.printer *.* 0 0 0 0 LISTEN
*.listen *.* 0 0 0 0 LISTEN
*.odemosr *.* 0 0 0 0 LISTEN
*.* *.* 0 0 0 0 IDLE
*.* *.* 0 0 0 0 IDLE
*.portdbs *.* 0 0 0 0 LISTEN
*.33547 *.* 0 0 0 0 LISTEN
*.20931 *.* 0 0 0 0 LISTEN
*.7832 *.* 0 0 0 0 LISTEN
*.33554 *.* 0 0 0 0 LISTEN
*.33557 *.* 0 0 0 0 LISTEN
*.3055 *.* 0 0 0 0 LISTEN
*.3203 *.* 0 0 0 0 LISTEN
srvrname.33578 srvrname.33564 32768 0 8192 0
ESTABLISHED
srvrname.33564 srvrname.33578 8192 0 32768 0
ESTABLISHED
srvrname.telnet 192.9.100.158.1163 8693 0 8760 0
ESTABLISHED
srvrname.49197 srvrname.telnet 8760 0 8760 0
ESTABLISHED
srvrname.telnet 192.9.100.42.1427 7478 0 8760 0
ESTABLISHED
srvrname.989 srvrname.nfsd 8760 0 8760 0
ESTABLISHED
*.appdemod *.* 0 0 0 0 LISTEN
srvrname.telnet 192.9.100.1093 17185 0 8760 0
ESTABLISHED
srvrname.telnet 192.9.100.42.1431 8487 0 8760 0
ESTABLISHED
*.1026 *.* 0 0 0 0 LISTEN
srvrname.49319 srvrname.1026 32768 0 8192 0
ESTABLISHED
srvrname.1026 srvrname.49319 8192 0 32768 0
ESTABLISHED
srvrname.49320 srvrname.33547 32768 0 8192 0 TIME_WAIT
srvrname.49321 srvrname.33554 32768 0 8192 0 TIME_WAIT
srvrname.49322 srvrname.33557 32768 0 8192 0 TIME_WAIT
srvrname.telnet 192.9.105.161.1095 17520 0 8760 0
ESTABLISHED
srvrname.49323 srvrname.32771 8760 0 8760 0 TIME_WAIT
*.1027 *.* 0 0 0 0 LISTEN
srvrname.49326srvrname.32771 8760 0 8760 0 TIME_WAIT
srvrname.49324srvrname.appdemod 32768 0 8192 0 TIME_WAIT
srvrname.49327srvrname.1027 32768 0 8192 0
ESTABLISHED
srvrname.1027 srvrname.49327 8192 0 32768 0
ESTABLISHED
*.* *.* 0 0 0 0 IDLE
Active UNIX domain sockets
Address Type Vnode Conn Addr
f63d2d28 stream-ord 253 0 /var/tmp/.oracle/sts81sol
f61651e0 stream-ord 252 0 /var/tmp/.oracle/s#1224.1
f6.165320 stream-ord 250 0 /var/tmp/.oracle/sts732sol
f6165aa0 stream-ord 249 0 /var/tmp/.oracle/s#1156.1

NOTE: The above example was taken from a system with a database
running on it. The database was started with the service name of
appdemodb, and the servers that were spawned from that broker are
on ports 1026 and 1027.

Should the need arise to determine which ports are being used by
Progress, the determination can be made by first identifying the
service name (in this case appdemodb), then examining the results of the netstat command after the first mention of the service name.

Each sever is spawned in sequential order, if possible, by the broker, and the service name is listed in the second column of the results.
However, in the case of multiple databases running on the same machine, it is possible that the ports would alternate between databases. If this is the case, you must examine the second column of the report to locate the service name and then determine the port number.

The alternation of the port number(s) is based entirely on the
sequence of connections to the database. In other words if database A comes up first and spawns all of its servers prior to database B coming up, all of the database A server ports are in sequential order
if at all possible, depending on system loading. Database B servers are also spawned in sequential order.

If both database A and B come up at approximately the same time, the sequence of the servers is based on how you log in and cause servers to spawn. In any case, you should be able to determine which ports are being used by examining the netstat results closely.
Note:


This solution discusses the netstat utility,


Netstat is available on both Windows NT and UNIX operating systems, however there are slight differences in the amount of data presented and the type of data presented.

In both cases you can launch the utility by entering netstat at the command line followed by the enter key. On both systems there is help available on the usage of the command and its associated modifiers or switches by entering the following at the command prompt:

- On UNIX:

man netstat<enter>

- On Windows NT:

netstat /?

In both cases you are provided a list of command modifiers and, on UNIX systems, details on what the command does. By entering the Netstate /? Command in a Windows NT environment, you receive
the following menu:

C:\WINNT\Profiles\tfroburg\Desktop>netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
(Server-side connections are normally not shown).
-e Displays Ethernet statistics. This may be combined
with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto;

proto may be tcp or udp. If used with the -s option
to display per-protocol statistics, proto may be tcp,
udp, or ip.
-r Displays the contents of the routing table.
-s Displays per-protocol statistics. By default,
statistics are shown for TCP, UDP and IP; the -p
option may be used to specify a subset of the default.
interval Redisplays selected statistics, pausing interval
seconds between each display. Press CTRL+C to stop
redisplaying statistics. If omitted, netstat will
print the current configuration information once.

If you enter man netstat on a UNIX machine, you receive a similar
presentation, however it will be more in depth and is really too large to include in this solution.

When you use the command "netstat -a" (on an NT machine) you see a
display similar to th.e following:

Active Connections

Proto Local Address Foreign Address State
TCP nt name:135 0.0.0.0:0 LISTENING
TCP nt name:135 0.0.0.0:0 LISTENING
TCP nt name:1026 0.0.0.0:0 LISTENING
TCP nt name:1028 0.0.0.0:0 LISTENING
TCP nt name:1029 0.0.0.0:0 LISTENING
TCP nt name:1031 0.0.0.0:0 LISTENING
TCP nt name:1032 0.0.0.0:0 LISTENING
TCP nt name:1036 0.0.0.0:0 LISTENING
TCP nt name:1037 0.0.0.0:0 LISTENING
TCP nt name:1038 0.0.0.0:0 LISTENING
TCP nt name:1041 0.0.0.0:0 LISTENING
TCP nt name:1052 0.0.0.0:0 LISTENING
TCP nt name:1053 0.0.0.0:0 LISTENING
TCP nt name:1057 0.0.0.0:0 LISTENING
TCP nt name:1176 0.0.0.0:0 LISTENING
TCP nt name:1178 0.0.0.0:0 LISTENING
TCP nt name:1207 0.0.0.0:0 LISTENING
TCP nt name:1424 0.0.0.0:0 LISTENING
TCP nt name:1474 0.0.0.0:0 LISTENING
TCP nt name:1499 0.0.0.0:0 LISTENING
TCP nt name:1531 0.0.0.0:0 LISTENING
TCP nt name:11487 0.0.0.0:0 LISTENING
TCP nt name:1025 0.0.0.0:0 LISTENING
TCP nt name:1025 localhost:1026 ESTABLISHED
TCP nt name:1026 localhost:1025 ESTABLISHED
TCP nt name:1027 0.0.0.0:0 LISTENING
TCP nt name:1027 localhost:1029 ESTABLISHED
TCP nt name:1029 localhost:1027 ESTABLISHED
TCP nt name:1030 0.0.0.0:0 LISTENING
TCP nt name:1030 localhost:1032 ESTABLISHED
TCP nt name:1032 localhost:1030 ESTABLISHED
TCP nt name:1035 0.0.0.0:0 LISTENING
TCP nt name:1035 localhost:1037 ESTABLISHED
TCP nt name:1037 localhost:1035 ESTABLISHED
TCP nt name:137 0.0.0.0:0 LISTENING
TCP nt name:138 0.0.0.0:0 LISTENING
TCP nt name:nbsession 0.0.0.0:0 LISTENING
TCP nt name:427 0.0.0.0:0 LISTENING
TCP nt name:427 0.0.0.0:0 LISTENING
TCP nt name:1038 server.name.com:524 ESTABLISHED
TCP nt name:1041 IPADDRESS ESTABLISHED
TCP nt name:1052 IPADDRESS ESTABLISHED
TCP nt name:1053 IPADDRESS ESTABLISHED
TCP nt name:1057 ntcitrix.host.com:1494 ESTABLISHED
TCP nt name:1176 server.name.com:143 ESTABLISHED
TCP nt name:1178 server.name.com:143 CLOSE_WAIT
TCP nt name:1424 server.name.com:80 CLOSE_WAIT
TCP nt name:1474 server.name.com:143 CLOSE_WAIT
TCP nt name:1499 server.name.com:143 CLOSE_WAIT
TCP nt name:1531 server.name.com:1036 ESTABLISHED
UDP nt name:135 *:*
UDP nt name:11487 *:*
UDP nt name:nbname *:*
UDP nt name:nbdatagram *:*
UDP nt name:427 *:*

However, all of the names and connection numbers are different. If you
were to enter the same command on a UNIX machine, you see a file similar to the following:

UDP
Local Address State
-------------------- -------
*.sunrpc Idle
*.* Unbound
*.32771 Idle
*.32773 Idle
*.32775 Idle
*.name Idle
*.biff Idle
*.talk Idle
*.time Idle
*.32778 Idle
*.echo Idle
*.discard . Idle
*.daytime Idle
*.chargen Idle
*.32779 Idle
*.lockd Idle
*.32781 Idle
*.32784 Idle
*.32788 Idle
*.32795 Idle
*.32798 Idle
*.32801 Idle
*.32804 Idle
*.syslog Idle
*.32807 Idle
*.32811 Idle
*.32812 Idle
*.32815 Idle
*.32867 Idle
*.nfsd Idle
*.32878 Idle
*.32913 Idle
*.33027 Idle
*.33039 Idle
*.34408 Idle
*.34410 Idle
*.34411 Idle
*.5163 Idle
*.34413 Idle
*.34422 Idle
*.36101 Idle
*.36103 Idle
*.759 Idle
*.46874 Idle
*.46883 Idle
*.46884 Idle
*.46892 Idle
*.46893 Idle
*.* Unbound

TCP
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
----------------- ------------------ ----- ------ ----- ------ -------
*.* *.* 0 0 0 0 IDLE
*.sunrpc *.* 0 0 0 0 LISTEN
*.33042 *.* 0 0 0 0 IDLE
*.32771 *.* 0 0 0 0 LISTEN
*.ftp *.* 0 0 0 0 LISTEN
*.telnet *.* 0 0 0 0 LISTEN
*.shell *.* 0 0 0 0 LISTEN
*.login *.* 0 0 0 0 LISTEN
*.exec *.* 0 0 0 0 LISTEN
*.uucp *.* 0 0 0 0 LISTEN
*.finger *.* 0 0 0 0 LISTEN
*.time *.* 0 0 0 0 LISTEN
*.echo *.* 0 0 0 0 LISTEN
*.discard *.* 0 0 0 0 LISTEN
*.32772 *.* 0 0 0 0 LISTEN
*.daytime *.* 0 0 0 0 LISTEN
*.chargen *.* 0 0 0 0 LISTEN
*.lockd *.* 0 0 0 0 LISTEN
*.32779 *.* 0 0 0 0 LISTEN
*.32790 *.* 0 0 0 0 LISTEN
*.32792 *.* 0 0 0 0 LISTEN
*.fs *.* 0 0 0 0 LISTEN
*.smtp *.* 0 0 0 0 LISTEN
*.7588 *.* 0 0 0 0 LISTEN
*.nfsd *.* 0 0 0 0 LISTEN
*.32834 *.* 0 0 0 0 LISTEN
*.printer *.* 0 0 0 0 LISTEN
*.listen *.* 0 0 0 0 LISTEN
*.odemosr *.* 0 0 0 0 LISTEN
*.* *.* 0 0 0 0 IDLE
*.* *.* 0 0 0 0 IDLE
*.portdbs *.* 0 0 0 0 LISTEN
*.33547 *.* 0 0 0 0 LISTEN
*.20931 *.* 0 0 0 0 LISTEN
*.7832 *.* 0 0 0 0 LISTEN
*.33554 *.* 0 0 0 0 LISTEN
*.33557 *.* 0 0 0 0 LISTEN
*.3055 *.* 0 0 0 0 LISTEN
*.3203 *.* 0 0 0 0 LISTEN
srvrname.33578 srvrname.33564 32768 0 8192 0
ESTABLISHED
srvrname.33564 srvrname.33578 8192 0 32768 0
ESTABLISHED
srvrname.telnet 192.9.100.158.1163 8693 0 876.0 0
ESTABLISHED
srvrname.49197 srvrname.telnet 8760 0 8760 0
ESTABLISHED
srvrname.telnet 192.9.100.42.1427 7478 0 8760 0
ESTABLISHED
srvrname.989 srvrname.nfsd 8760 0 8760 0
ESTABLISHED
*.appdemod *.* 0 0 0 0 LISTEN
srvrname.telnet 192.9.100.1093 17185 0 8760 0
ESTABLISHED
srvrname.telnet 192.9.100.42.1431 8487 0 8760 0
ESTABLISHED
*.1026 *.* 0 0 0 0 LISTEN
srvrname.49319 srvrname.1026 32768 0 8192 0
ESTABLISHED
srvrname.1026 srvrname.49319 8192 0 32768 0
ESTABLISHED
srvrname.49320 srvrname.33547 32768 0 8192 0 TIME_WAIT
srvrname.49321 srvrname.33554 32768 0 8192 0 TIME_WAIT
srvrname.49322 srvrname.33557 32768 0 8192 0 TIME_WAIT
srvrname.telnet 192.9.105.161.1095 17520 0 8760 0
ESTABLISHED
srvrname.49323 srvrname.32771 8760 0 8760 0 TIME_WAIT
*.1027 *.* 0 0 0 0 LISTEN
srvrname.49326srvrname.32771 8760 0 8760 0 TIME_WAIT
srvrname.49324srvrname.appdemod 32768 0 8192 0 TIME_WAIT
srvrname.49327srvrname.1027 32768 0 8192 0
ESTABLISHED
srvrname.1027 srvrname.49327 8192 0 32768 0
ESTABLISHED
*.* *.* 0 0 0 0 IDLE
Active UNIX domain sockets
Address Type Vnode Conn Addr
f63d2d28 stream-ord 253 0 /var/tmp/.oracle/sts81sol
f61651e0 stream-ord 252 0 /var/tmp/.oracle/s#1224.1
f6165320 stream-ord 250 0 /var/tmp/.oracle/sts732sol
f6165aa0 stream-ord 249 0 /var/tmp/.oracle/s#1156.1

NOTE: The above example was taken from a system with a database
running on it. The database was started with the service name of
appdemodb, and the servers that were spawned from that broker are
on ports 1026 and 1027.

Should the need arise to determine which ports are being used by
Progress, the determination can be made by first identifying the
service name (in this case appdemodb), then examining the results of the netstat command after the first mention of the service name.

Each sever is spawned in sequential order, if possible, by the broker, and the service name is listed in the second column of the results.
However, in the case of multiple databases running on the same machine, it is possible that the ports would alternate between databases. If this is the case, you must examine the second column of the report to locate the service name and then determine the port number.

The alternation of the port number(s) is based entirely on the
sequence of connections to the database. In other words if database A comes up first and spawns all of its servers prior to database B coming up, all of the database A server ports are in sequential order
if at all possible, depending on system loading. Database B servers are also spawned in sequential order.

If both database A and B come up at approximately the same time, the sequence of the servers is based on how you log in and cause servers to spawn. In any case, you should be able to determine which ports are being used by examining the netstat results closely..