The Work with TCP/IP Network Status command provides a very useful set of tools for viewing information related to your TCP/IP network connections.
To work with this command you can type WRKTCPSTS or NETSTAT on a command line; both commands bring you to the same screen, which is shown in Figure 1.
Work with TCP/IP Network Status System: SYS1 Select one of the following: 1. Work with TCP/IP interface status 2. Display TCP/IP route information 3. Work with TCP/IP connection status Selection or command ===> 3 F3=Exit F4=Prompt F9=Retrieve F12=Cancel
Figure 1. The NETSTAT screen
The function of the NETSTAT command is similar to NETSTAT on other platforms (Windows, UNIX, etc.) because it is based on the standards (also known as RFCs) for TCP/IP.
In this article, we are going to focus on option 3 of NETSTAT. You can reach this option by doing a NETSTAT and then selecting option 3 from the menu, as shown in Figure 1. Or you can simply enter NETSTAT *CNN on the command line. You will see a screen similar to the one shown in Figure 2.
Work with TCP/IP Connection Status System: SYS1 Type options, press Enter. 3=Enable debug 4=End 5=Display details 6=Disable debug 8=Display jobs Remote Remote Local Opt Address Port Port Idle Time State * * ftp-con > 058:06:38 Listen * * telnet 002:14:51 Listen * * smtp 259:14:54 Listen * * domain 000:02:04 Listen * * domain 000:00:01 *UDP * * www 218:57:03 Listen * * snmp 259:14:54 *UDP * * APPCove > 053:23:39 Listen * * APPCove > 000:02:22 *UDP * * drda 058:26:29 Listen * * ddm 259:15:33 Listen * * ddm-ssl 259:15:33 Listen More... F3=Exit F5=Refresh F9=Command line F11=Display byte counts F12=Cancel F15=Subset F22=Display entire field F24=More keys
Figure 2. NETSTAT *CNN sample screen
Depending on the number of TCP interfaces you have configured, the number of TCP applications such as FTP, TELNET and SMTP you have enabled, and the number of clients connected to your system (or the number of servers to which your system is connected as a client) there can be many pages of information in the NETSTAT *CNN display. It can be a daunting task to find the connection that is of particular interest to you, but there is help in the form of a couple of function keys. By pressing F13 (shift + F1), you will get a pop-up screen that allows you to sort the display by column in a variety of ways. See Figure 3.
........................................................... : Select Column to Sort : : : : Type option, press Enter. : : 1=Select : : : : Opt Column Title : : __ *DFTORDER : : __ Local Address : : __ Local Port : : __ Remote Address : : __ Remote Port : : __ Type : : __ State : : __ Idle Time : : __ User : : __ Bytes Out : : __ Bytes In : : : : F12=Cancel : : :
Figure 3. Sort by column window
Another option that allows you to quickly focus on the connections of interest is F15 (Shift+F3), the subset function, which is shown in Figure 4. This screen allows you to put in specific IP addresses or ports -- or a range of addresses and ports. According to the help text, you can "specify either a specific single value or a numeric range for any combination of local Internet address, local port number, remote Internet address, and remote port number." So, if you know the local or remote address for the connection in which you are interested, you can quickly zoom in on it.
Let's take an example. Suppose we have a Web server configured at address 220.127.116.11, and this Web server talks to a back-end server at another address in our network using port 1234. Perhaps we want to see all the connections between the two systems that are currently active. We can subset the list by using F15 and entering the information as shown in Figure 4.
Subset Connection List Type choices, press Enter. Local internet address range: Lower value . . . . . . . . 18.104.22.168 IP address, * Upper value . . . . . . . . *ONLY IP address, *ONLY Local port range: Lower value . . . . . . . . * 1-65535, * Upper value . . . . . . . . *ONLY 1-65535, *ONLY Remote internet address range: Lower value . . . . . . . . * IP address, * Upper value . . . . . . . . *ONLY IP address, *ONLY Remote port range: Lower value . . . . . . . . 1234 1-65535, * Upper value . . . . . . . . *ONLY 1-65535, *ONLY F3=Exit F4=Prompt F9=Command line F12=Cancel
Figure 4. An example of the subset function
When we press Enter, we will see the subsetted list of connections that are currently active. Now let's use another function key, F11, to display the actual byte counts on the various connections in our subsetted list. It may look something like the screen shown in Figure 5.
Subset of TCP/IP Connections System: SYS1 Type options, press Enter. 3=Enable debug 4=End 5=Display details 6=Disable debug 8=Display jobs Remote Remote Local Opt Address Port Port User Bytes Out Bytes In 10.20.30.40 1234 5035 USER1 35385 57724 10.20.30.40 1234 5040 USER1 133641 173052 10.20.30.40 1234 6549 USER1 1510293 2211912 10.20.30.40 1234 6765 USER1 2607663 3999556 10.20.30.40 1234 6833 USER1 36987 41240 10.20.30.40 1234 6837 USER1 28443 33008 10.20.30.40 1234 6838 USER1 38589 28892 10.20.30.40 1234 6840 USER1 10821 20660 10.20.30.40 1234 6841 USER1 10821 20660 10.20.30.40 1234 6842 USER1 11355 20660 10.20.30.40 1234 6844 USER1 29511 24776 10.20.30.40 1234 6845 USER1 38055 24776 More... F3=Exit F5=Refresh F9=Command line F11=Display connection type F12=Cancel F15=Subset F22=Display entire field F24=More keys
Figure 5. NETSTAT F11 -- Display byte counts
You could then use F13 to sort the list by the number of bytes into the connection.The sort is always ascending, so if we wanted to see the busiest connection, we would scroll to the bottom of the list. We can then use option 8 against the busiest job to display the iSeries job associated with this connection. We can also use F5 (Refresh) to see how quickly the byte counts are changing. By displaying the byte counts and using F5, we can verify that traffic is actually flowing on the connection, which can be a helpful debug aid.
NETSTAT, and particularly the *CNN option, can give you a lot of information, presented in a variety of ways. If you use TCP/IP connections, you will quickly discover that this is one of the best tools in your toolbox.
About the author: Dan Reusche is a senior systems administrator at Think Federal Credit Union in Rochester, Minn. He has worked with the IBM AS/400 and iSeries platform since 1988, when he worked at the IBM Rochester Development Lab and support of AS/400 systems used within IBM. You may contact him at firstname.lastname@example.org.