The netstat command delivers a remarkable total on info on community exercise. With the -s possibility (netstat -s), it will display screen summaries for a variety of protocols these kinds of as packets gained, active connections, unsuccessful connections and a good deal much more. While the info is substantial ample to make you dizzy, the much more you get applied to what the command’s output seems to be like, the a lot more you can turn into familiar with what to hope and probably even get improved at spotting what’s uncommon. In this put up, we are heading to seem at various portions of the netstat -s command’s output employing crafted aliases to make it less complicated.

What variety of stats does the netstat -s command offer?

To record the different sorts of figures the netstat -s command delivers, I ran a command like that revealed down below to listing the protocols it displays. The grep -v “^ “ part of the command selects only traces that never start off with a blank. Given that the details are all indented, this command demonstrates just the protocols.

$ netstat -s | grep -v "^ "

The adhering to command shows the protocol headings with their line numbers involved by demanding colons and omitting lines with tabs. The line quantities will assist isolate the sections for the aliases.

$ netstat -s | nl | grep "[A-Za-z]:$" | grep -Pv 't '

This command counts the overall strains on the output:

$ netstat -s | w -l

From the higher than output, I could decide the starting up line and the size of every single part and build the aliases for every single as nicely.

 start  part         traces   head command
     1Ip:1-9head -9
    10Icmp:10-18head -18 | tail -9
    19IcmpMsg:19-21head -21 | tail -3
    22Tcp:22-32head -32 | tail -11
    33Udp:            33-40head -40 | tail -8
    41UdpLite:41-41head -41 | tail -1
    42TcpExt:        42-92head -88 | tail -47
    93IpExt:        93-103head -99 | tail -11
   104MPTcpExt:104-104        head -100 | tail -1

After this, it was fairly simple to build aliases like these for the reason that I realized wherever each portion began and ended.

alias Ip='netstat -s | head -9'
alias Icmp='netstat -s | head -18 | tail -9'

On the other hand, figuring out that the number of traces in every part could possibly not often be the identical, I resorted to making a script that would build the aliases for me. A important ingredient in this script is the case assertion, which includes commands to be operate for each portion of the netstat -s output.

Be aware that each and every area of the script collects its starting point and calculates the ending position for the prior protocol (the line right before its commencing). Only MPTcpExt section defines its own alias and does this by calculating the strains in the file that contains the netstat -s output.


# conserve netstat -s output in file
netstat -s > netstat-s
# count strains
lines=`wc -l netstat-s | awk 'print $1'`


while IFS= examine -r line
    w=`echo $line | wc -w`
    if [ $w == 1 ] then
        # echo $line $n
protocol=`echo $line | sed 's/://'`
situation $protocol in
  Ip) Ip=$n
  Icmp) Icmp=$n Ip2=`expr $n - 1`
    echo alias IP="'netstat -s | head -$Ip2'"
  IcmpMsg) IcmpMsg=$n Icmp2=`expr $n - 1`
    len=`expr $IcmpMsg - $Icmp`
    echo alias Icmp="'netstat -s | head -$Icmp2 | tail -$len'"
  Tcp) Tcp=$n IcmpMsg2=`expr $n - 1`
    len=`expr $Tcp - $IcmpMsg`
    echo alias IcmpMsg="'netstat -s | head -$IcmpMsg2 | tail -$len'"
  Udp) Udp=$n Tcp2=`expr $n - 1`
    len=`expr $Udp - $Tcp`
    echo alias Tcp="'netstat -s | head -$Tcp2 | tail -$len'"
  UdpLite) UdpLite=$n Udp2=`expr $n - 1`
    len=`expr $UdpLite - $Udp`
    echo alias Udp="'netstat -s | head -$Udp2 | tail -$len'"
  TcpExt) TcpExt=$n UdpLite2=`expr $n - 1`
    len=`expr $TcpExt - $UdpLite`
    echo alias UdpLite="'netstat -s | head -$UdpLite2 | tail -$len'"
  IpExt) IpExt=$n TcpExt2=`expr $n - 1`
    len=`expr $IpExt - $TcpExt`
    echo alias TcpExt="'netstat -s | head -$TcpExt2 | tail -$len'"
  MPTcpExt) MPTcpExt=$n IpExt2=`expr $n - 1`
    len=`expr $MPTcpExt - $IpExt`
    echo alias IpExt="'netstat -s | head -$IpExt2 | tail -$len'"
    len=`expr $n - $MPTcpExt + 1`
    echo alias MPTcpExt="'netstat -s | head -$MPTcpExt | tail -$len'"
    # relaxation=`expr $lines - $MPTcpExt` echo $relaxation
performed < netstat-s

On running the script, I got the following output – a list of the aliases that I then added to my ~/.bashrc file and regenerate as needed. They could have been added to a separate file that I sourced whenever I wanted to used them.

alias IP='netstat -s | head -9'
alias Icmp='netstat -s | head -18 | tail -9'
alias IcmpMsg='netstat -s | head -21 | tail -3'
alias Tcp='netstat -s | head -32 | tail -11'
alias Udp='netstat -s | head -40 | tail -8'
alias UdpLite="netstat -s | head -41 | tail -1"
alias TcpExt="netstat -s | head -92 | tail -51"
alias IpExt="netstat -s | head -103 | tail -11"
alias MPTcpExt="netstat -s | head -104 | tail -1"

Using the aliases will allow me to look at any section of the netstat -s command very easily. Note that you should expect to see considerable changes every time you use these aliases, because the number of connections and packets grows very quickly. In addition, since the number of lines in the netstat -s will not necessarily remain the same, regenerating the aliases from time to time is a good idea.

Here are some examples of the output the aliases will provide:

$ Ip
    Forwarding: 2
    511618 total packets received
    159 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    502163 incoming packets delivered
    247145 requests sent out
    2 outgoing packets dropped
$ Tcp
    5124 active connection openings
    26 passive connection openings
    0 failed connection attempts
    6 connection resets received
    1 connections established
    333116 segments received
    235631 segments sent out
    519 segments retransmitted
    6 bad segments received
    3558 resets sent
$ Udp
    111008 packets received
    6 packets to unknown port received
    0 packet receive errors
    12794 packets sent
    0 receive buffer errors
    0 send buffer errors
    IgnoredMulti: 58026


The netstat command provides a huge number of network stats. With the -s option, it displays network statistics in nine different categories. The aliases included in this post should make becoming familiar with these statistics easier.

Copyright © 2023 IDG Communications, Inc.


Source link