netstat Command
The first thing to check is raw packet traffic, which we can see using the netstat command and its –i option, which shows the TCP/IP traffic on all active network interfaces – for example,
[root@Fedora /]# netstat –i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 0 0 0 0 0 0 0 0 BMU
lo 16436 0 948 0 0 0 948 0 0 0 LRU
ð The output shows basic TCP/IP packet traffic for two interfaces, the loopback interface (lo0) and Ethernet device (eth0). The following table describes the fields,
| Field | Description |
| Iface | The name of the network interface. |
| MTU | The maximum transmission unit, or packet size of the interface. |
| RX-OK | The number of incoming (received) packets since the interface was started. |
| RX-ERR | The number of errors on incoming packets. |
| RX-DRP | The number of incoming packets dropped. |
| RX-OVR | The number of incoming packets that overran the input buffer. |
| TX-OK | The number of outbound (sent) packets transmitted since the interface was started. |
| TX-ERR | The number of errors on outbound packages since the interface was last started. |
| TX-DRP | The number of outgoing packets dropped. |
| TX-OVR | The number of outgoing packets that overran the output buffer. |
[root@Fedora /]# netstat –r
ð netstat is a powerful utility for monitoring and reporting almost every aspect of the kernel's networking functionality and behavior
| Options | Description |
| -r | Display the kernel routing table |
| -l | Display only listening sockets |
.
[root@Fedora /]# netstat --inet -l
[root@Fedora /]# netstat --unix -l
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 3279 /tmp/orbit-root/linc-7c7-0-3c472d64f06
unix 2 [ ACC ] STREAM LISTENING 3288 /tmp/orbit-root/linc-7c2-0-353fa5f119cf1
unix 2 [ ACC ] STREAM LISTENING 3323 /tmp/orbit-root/linc-7c5-0-61cf8a7e1f164
unix 2 [ ACC ] STREAM LISTENING 2417 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 3626 /dev/log
unix 2 [ ACC ] STREAM LISTENING 2482 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 2755 /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 2780 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 2908 /tmp/ssh-qCoO1782/agent.1782
unix 2 [ ACC ] STREAM LISTENING 2957 /tmp/ksocket-root/kdeinit__0
unix 2 [ ACC ] STREAM LISTENING 2959 /tmp/ksocket-root/kdeinit-:0
unix 2 [ ACC ] STREAM LISTENING 2965 /tmp/.ICE-unix/dcop1885-1152396834
unix 2 [ ACC ] STREAM LISTENING 2984 /tmp/ksocket-root/klauncheriRdTgb.slave-socket
unix 2 [ ACC ] STREAM LISTENING 3065 /tmp/mcop-root/admin_home_com-077e-44b02e31
unix 2 [ ACC ] STREAM LISTENING 3128 /tmp/.ICE-unix/1971
To get a better idea of network saturation, use netstat without any options as showing in the following example,
[root@Fedora /]# netstat
lsof Command
[root@Fedora /]#lsof -i
[root@Fedora /]#lsof -i:x11
[root@Fedora /]#lsof -i:https
