How to use NETSTAT to troubleshoot your iSeries network connections

Do you want to monitor remote users' access to your iSeries? With the Network Status command (NETSTAT) you can check on TCP/IP connections, see how many bytes are going in and out, as well as determine which IP address a device is connected to. In this tip Dan Reusche walks you through Option 3 of the command -- "Work with TCP/IP connection status."

The Work with TCP/IP Network Status command provides a very useful set of tools for viewing information related to your TCP/IP network connections.

To work with this command you can type WRKTCPSTS or NETSTAT on a command line; both commands bring you to the same screen, which is shown in Figure 1.

                        Work with TCP/IP Network Status                         
                                                             System:   SYS1      
 Select one of the following:                                                   
                                                                                
      1. Work with TCP/IP interface status                                      
      2. Display TCP/IP route information                                       
      3. Work with TCP/IP connection status                                     
                                                                                
                                                                       
                                                                                
 Selection or command                                                           
 ===> 3                                                                          
                                                                                
 F3=Exit   F4=Prompt   F9=Retrieve   F12=Cancel                              

Figure 1. The NETSTAT screen

The function of the NETSTAT command is similar to NETSTAT on other platforms (Windows, UNIX, etc.) because it is based on the standards (also known as RFCs) for TCP/IP.

In this article, we are going to focus on option 3 of NETSTAT. You can reach this option by doing a NETSTAT and then selecting option 3 from the menu, as shown in Figure 1. Or you can simply enter NETSTAT *CNN on the command line. You will see a screen similar to the one shown in Figure 2.

                     Work with TCP/IP Connection Status                       
                                                             System:   SYS1    
 Type options, press Enter.                                                     
   3=Enable debug   4=End   5=Display details   6=Disable debug                 
   8=Display jobs                                                               
                                                                                
      Remote           Remote     Local                                         
 Opt  Address          Port       Port       Idle Time  State                   
      *                *          ftp-con >  058:06:38  Listen                  
      *                *          telnet     002:14:51  Listen                  
      *                *          smtp       259:14:54  Listen                  
      *                *          domain     000:02:04  Listen                  
      *                *          domain     000:00:01  *UDP                    
      *                *          www        218:57:03  Listen                  
      *                *          snmp       259:14:54  *UDP                    
      *                *          APPCove >  053:23:39  Listen                  
      *                *          APPCove >  000:02:22  *UDP                    
      *                *          drda       058:26:29  Listen                  
      *                *          ddm        259:15:33  Listen                  
      *                *          ddm-ssl    259:15:33  Listen                  
                                                                        More... 
 F3=Exit   F5=Refresh   F9=Command line   F11=Display byte counts   F12=Cancel  
 F15=Subset   F22=Display entire field    F24=More keys                      

Figure 2. NETSTAT *CNN sample screen

Depending on the number of TCP interfaces you have configured, the number of TCP applications such as FTP, TELNET and SMTP you have enabled, and the number of clients connected to your system (or the number of servers to which your system is connected as a client) there can be many pages of information in the NETSTAT *CNN display. It can be a daunting task to find the connection that is of particular interest to you, but there is help in the form of a couple of function keys. By pressing F13 (shift + F1), you will get a pop-up screen that allows you to sort the display by column in a variety of ways. See Figure 3.

...........................................................
:                  Select Column to Sort                  :
:                                                         :
:  Type option, press Enter.                              :
:    1=Select                                             :
:                                                         :
:  Opt     Column Title                                   :
:  __      *DFTORDER                                      :
:  __      Local Address                                  :
:  __      Local Port                                     :
:  __      Remote Address                                 :
:  __      Remote Port                                    :
:  __      Type                                           :
:  __      State                                          :
:  __      Idle Time                                      :
:  __      User                                           :
:  __      Bytes Out                                      :
:  __      Bytes In                                       :
:                                                         :
:  F12=Cancel                                             :
:                                                         :

Figure 3. Sort by column window

Another option that allows you to quickly focus on the connections of interest is F15 (Shift+F3), the subset function, which is shown in Figure 4. This screen allows you to put in specific IP addresses or ports -- or a range of addresses and ports. According to the help text, you can "specify either a specific single value or a numeric range for any combination of local Internet address, local port number, remote Internet address, and remote port number." So, if you know the local or remote address for the connection in which you are interested, you can quickly zoom in on it.

Let's take an example. Suppose we have a Web server configured at address 11.222.33.44, and this Web server talks to a back-end server at another address in our network using port 1234. Perhaps we want to see all the connections between the two systems that are currently active. We can subset the list by using F15 and entering the information as shown in Figure 4.

                           Subset Connection List                           
                                                                              
 Type choices, press Enter.                                                   
                                                                              
 Local internet address range:                                                
   Lower value  . . . . . . . .   11.222.33.44      IP address, *             
   Upper value  . . . . . . . .   *ONLY             IP address, *ONLY         
 Local port range:                                                            
   Lower value  . . . . . . . .   *                 1-65535, *                
   Upper value  . . . . . . . .   *ONLY             1-65535, *ONLY            
                                                                              
 Remote internet address range:                                               
   Lower value  . . . . . . . .   *                 IP address, *             
   Upper value  . . . . . . . .   *ONLY             IP address, *ONLY         
 Remote port range:                                                           
   Lower value  . . . . . . . .   1234              1-65535, *                
   Upper value  . . . . . . . .   *ONLY             1-65535, *ONLY  

F3=Exit   F4=Prompt   F9=Command line   F12=Cancel

Figure 4. An example of the subset function

When we press Enter, we will see the subsetted list of connections that are currently active. Now let's use another function key, F11, to display the actual byte counts on the various connections in our subsetted list. It may look something like the screen shown in Figure 5.

              Subset of TCP/IP Connections                         
                                                             System:   SYS1     
 Type options, press Enter.                                                    
   3=Enable debug   4=End   5=Display details   6=Disable debug                
   8=Display jobs                                                              
                                                                               
      Remote           Remote     Local                                        
 Opt  Address          Port       Port       User         Bytes Out    Bytes In
      10.20.30.40      1234       5035       USER1          35385       57724
      10.20.30.40      1234       5040       USER1          133641      173052
      10.20.30.40      1234       6549       USER1          1510293     2211912
      10.20.30.40      1234       6765       USER1          2607663     3999556
      10.20.30.40      1234       6833       USER1          36987       41240
      10.20.30.40      1234       6837       USER1          28443       33008
      10.20.30.40      1234       6838       USER1          38589       28892
      10.20.30.40      1234       6840       USER1          10821       20660
      10.20.30.40      1234       6841       USER1          10821       20660
      10.20.30.40      1234       6842       USER1          11355       20660
      10.20.30.40      1234       6844       USER1          29511       24776
      10.20.30.40      1234       6845       USER1          38055       24776
                                                                        More...
 F3=Exit      F5=Refresh   F9=Command line   F11=Display connection type       
 F12=Cancel   F15=Subset   F22=Display entire field   F24=More keys                                 

Figure 5. NETSTAT F11 -- Display byte counts

You could then use F13 to sort the list by the number of bytes into the connection.The sort is always ascending, so if we wanted to see the busiest connection, we would scroll to the bottom of the list. We can then use option 8 against the busiest job to display the iSeries job associated with this connection. We can also use F5 (Refresh) to see how quickly the byte counts are changing. By displaying the byte counts and using F5, we can verify that traffic is actually flowing on the connection, which can be a helpful debug aid.

NETSTAT, and particularly the *CNN option, can give you a lot of information, presented in a variety of ways. If you use TCP/IP connections, you will quickly discover that this is one of the best tools in your toolbox.

---------------------------------------

About the author: Dan Reusche is a senior systems administrator at Think Federal Credit Union in Rochester, Minn. He has worked with the IBM AS/400 and iSeries platform since 1988, when he worked at the IBM Rochester Development Lab and support of AS/400 systems used within IBM. You may contact him at dreusche@chartermi.net.


 

This was first published in October 2005

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchEnterpriseLinux

SearchDataCenter

Close