Visit The New, Modern Unix Linux Community


Amount of Network Traffic info from netstat output


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Amount of Network Traffic info from netstat output
# 1  
Amount of Network Traffic info from netstat output

Hi,

I'm trying to figure out how much traffic has been generated and received from netstat -s output (using Linux). I can see the output shows packet counts and Octet values, how would I correctly calculate how much traffic in and how much out?
My output below:

Ip:
88847576 total packets received
2 with invalid addresses
0 forwarded
0 incoming packets discarded
88847574 incoming packets delivered
52844660 requests sent out
Icmp:
61 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 18
echo requests: 41
echo replies: 2
1183 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 1132
echo request: 10
echo replies: 41
IcmpMsg:
InType0: 2
InType3: 18
InType8: 41
OutType0: 41
OutType3: 1132
OutType8: 10
Tcp:
251019 active connections openings
35110 passive connection openings
1118 failed connection attempts
23126 connection resets received
28 connections established
87528846 segments received
51931529 segments send out
2970 segments retransmited
0 bad segments received.
27487 resets sent
Udp:
1063578 packets received
1135 packets to unknown port received.
0 packet receive errors
1067360 packets sent
UdpLite:
TcpExt:
36 packets pruned from receive queue because of socket buffer overrun
137140 TCP sockets finished time wait in fast timer
703868 delayed acks sent
498 delayed acks further delayed because of locked socket
Quick ack mode was activated 110169 times
12738250 packets directly queued to recvmsg prequeue.
448039148 packets directly received from backlog
6267072197 packets directly received from prequeue
53978991 packets header predicted
15337583 packets header predicted and directly queued to user
3014704 acknowledgments not containing data received
14371452 predicted acknowledgments
469 times recovered from packet loss due to fast retransmit
Detected reordering 1 times using FACK
Detected reordering 1 times using reno fast retransmit
Detected reordering 75 times using time stamp
211 congestion windows fully recovered
639 congestion windows partially recovered using Hoe heuristic
513 congestion windows recovered after partial ack
0 TCP data loss events
20 timeouts after reno fast retransmit
5 timeouts in loss state
506 fast retransmits
169 retransmits in slow start
2065 other TCP timeouts
TCPRenoRecoveryFail: 118
2840 packets collapsed in receive queue due to low socket buffer
1298 DSACKs sent for old packets
3157 connections reset due to unexpected data
13952 connections reset due to early user close
77 connections aborted due to timeout
TCPSackShiftFallback: 32
IpExt:
InMcastPkts: 70545
OutMcastPkts: 2100
InBcastPkts: 342646
InOctets: 98734962532
OutOctets: 14102355880
InMcastOctets: 2257440
OutMcastOctets: 337050
InBcastOctets: 45015868

thanks in advance.

Wilson.

Last edited by wilsonee; 02-01-2012 at 12:01 AM.. Reason: more info
# 2  
I'm not sure what you mean by 'traffic,' so I'll assume total bytes. If not, the technique can be applied to other measurements.

The output from netstat is a total count since 'the beginning of time' which is probably the last boot. The man page I just checked didn't give any indication so that's my assumption.

Regardless, in order to know what your traffic is, you have to capture a baseline value, and then at sometime in the future, capture a second value with the difference being the traffic over that period of time.

A small script like this can present output counts by the minute:

Code:
#!/usr/bin/env ksh

# print two values to stdout: outoctet count and inoctet count
function get_stats
{
    netstat  -s wlan0 | awk '        #<<<< change for your interface or remove for all
    /OutOctets/ { out=$2; next;}
    /InOctets:/ { inp = $2; next} 
    END {print out, inp }
    '
}

get_stats | read baseo basei   # seed the baseline values
while true
do
    sleep 60
    get_stats | read newo newi
    echo "inbound $(( newi - basei ))/min  outbound $(( newo - baseo ))/min"
    basei=$newi               # current becomes the baseline
    baseo=$newo
done

One note: Bash is not able to handle the syntax 'command | read x y' so this isn't a portable script. If you want to use this under bash you'll need to change each get_stats statement to these three:

Code:
values=$(get_stats)                    # bash compatable
baseo=${values% *}
basei=${values#* }

This User Gave Thanks to agama For This Post:

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #508
Difficulty: Easy
A variable is basically a memory location in which a value can be stored.
True or False?

9 More Discussions You Might Find Interesting

1. IP Networking

I would like to monitor network traffic for a computer on my network

My son does homework on a school laptop. I was thinking about setting up a gateway on my home network, so that I can monitor web traffic and know if he is doing his homework without standing over his shoulder. Ideally I would like to use the Raspberry Pi Model b that I already have. However, I... (15 Replies)
Discussion started by: gandolf989
15 Replies

2. Shell Programming and Scripting

Help with netstat traffic server command

Help required for creating a unix shell script using netstat command for retrieving total traffic in Kbytes with the source and destination address. (4 Replies)
Discussion started by: Samee
4 Replies

3. UNIX for Advanced & Expert Users

How to throttle network traffic?

Hi All I am resilience testing an application that is spread across multiple servers. One thing I will need to do soon is throttle the network traffic for specific interfaces within the test cluster. Specifically, maybe make a connection take twice or three times as long to respond.... I... (3 Replies)
Discussion started by: bbq
3 Replies

4. Infrastructure Monitoring

How do I know what traffic is in network port?

If I would like to know what connection , data , traffic in a network port ( eth0 ) , what can I do ? ps. because I always found the network is very slow , so I would like what the network port is doing . Thanks Login ID ust3 is currently in read-only mode for multiple infractions. Creating... (0 Replies)
Discussion started by: ust03
0 Replies

5. HP-UX

Monitoring traffic in the network

I Colleagues, Somebody can say me how to monitoring traffic in the network. also I am interested in monitoring memory. if somebody to know a guide with command advanced in unix welcome for me. Thank you for adcanced. (0 Replies)
Discussion started by: systemoper
0 Replies

6. Solaris

'netstat' info on Solaris

Hello All I just wanted to know if on solaris ,below two commands need to be run separately unlike AIX where "/usr/bin/netstat -an -f inet " gives tcp as well as udp info. /usr/bin/netstat -an -f inet -P tcp /usr/bin/netstat -an -f inet -P udp Also is there any way i can make these two... (10 Replies)
Discussion started by: ak835
10 Replies

7. Infrastructure Monitoring

Network Traffic

Hi all, Got a strange one here, well not so much strange, different :-) I need to work out if a server is particulary chatty, whether its talking / communicating heavily to a particular server, as Im planning to physically move the server to a different server, over a link. Hence the... (6 Replies)
Discussion started by: sbk1972
6 Replies

8. Cybersecurity

How to capture network traffic

Hi, Can someone give me the clue on how to capture network traffic at gateway. Thanx (2 Replies)
Discussion started by: kayode
2 Replies

9. UNIX for Dummies Questions & Answers

monitoring network traffic

there are commands to monitor the memory, paging, io... how about network traffic. i mean commands to see whether the network traffic (LAN) is congested? the closest i got is netstat thanks (6 Replies)
Discussion started by: yls177
6 Replies

Featured Tech Videos