Network Troubleshooting with netstat and ss
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Course
Difficulty
Intermediate
Video Transcription
00:00
>> Hey there's cyberians and welcome back
00:00
to the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Gills.
00:00
In today's lesson we're going to be talking about
00:00
network troubleshooting using netstat and ss.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to explain the types of
00:00
network issues that we can use
00:00
netstat and ss to help us with.
00:00
Then we're going to use the netstat and ss commands to
00:00
troubleshoot network issues during
00:00
our demo at the end of this lesson.
00:00
Netstat and ss have a lot of
00:00
useful options that you can
00:00
use for troubleshooting network issues.
00:00
But primarily netstat and ss are used to look at
00:00
the ports that are open or listening on the system,
00:00
and that can help us when we're trying
00:00
to troubleshoot unresponsive service.
00:00
However, these commands can also be
00:00
used to troubleshoot network performance,
00:00
view network statistics and in
00:00
some cases also view routing information.
00:00
Let's have a look at all of this with some demo time.
00:00
Here we are in our demo environment and today
00:00
let's look at netstat first.
00:00
We're going to be hearing a 12 and let's use netstat,
00:00
so we could do netstat dash a,
00:00
and this will show us all ports on the system.
00:00
Now we can see that that just displays
00:00
a ton of information.
00:00
We can filter that information down by
00:00
specifying the protocol we're want to look at,
00:00
so we could do netstat-au to show just UDP.
00:00
We could do netstat-at to show just TCP.
00:00
Let me clear my screen. I'm going to hit
00:00
"Control L" to clear the screen.
00:00
Likewise, we want to look at just listening ports.
00:00
We can do a netstat and we can specify
00:00
dash l for listening and u for UDP,
00:00
and that will show us just the
00:00
listening connections that are
00:00
listening on UDP protocol and likewise,
00:00
we can change this to t, to listen,
00:00
to see all of the listening connections
00:00
>> looking for TCP.
00:00
>> We see all of those there.
00:00
We see the TCP, TSP 6 protocol column
00:00
and everything that is being listened for.
00:00
One other thing we can do with
00:00
netstat is we can actually display statistics,
00:00
so you do a netstat-s to display statistics.
00:00
We can see all information here.
00:00
Let me actually pipe this. The less I'm going to clear
00:00
the screen and I'm going to pipe this to less.
00:00
Then I'm going to show you some of the
00:00
things that you can find here that are
00:00
helpful for one thing you could
00:00
do a search for a message.
00:00
I'm just hitting forward slash on
00:00
my keyboard and then typing in the word message.
00:00
When I hit "Enter", it'll highlight
00:00
all of those occurrences
00:00
of message as a helpful feature unless that we can use.
00:00
For instance, one of the things that we can
00:00
look for is any message failures.
00:00
Here we can see that it shows us
00:00
0 input ICMP message failed,
00:00
and we see messages that were
00:00
sent and received and we see that
00:00
0 messages were failed here as well.
00:00
That's all good information.
00:00
We could also just look for
00:00
the word failed, for instance.
00:00
We could do a forward slash on failed and hit "Enter".
00:00
We can see that we have four failed
00:00
>> connection attempts.
00:00
>> That's not too bad terms of TCP,
00:00
but something we might want to keep an eye on.
00:00
Likewise, we might also want to look at errors,
00:00
so if you do a search for errors here we can
00:00
see any errors and we can see if we have
00:00
any packet receive errors
00:00
or receive buffer errors or send errors.
00:00
In this case system's pretty clean.
00:00
But let's say, for instance,
00:00
that we did have any issues.
00:00
We might not want to go on and look at
00:00
network statistics on the adapter.
00:00
We can do that by doing netstat-i.
00:00
It's going to display
00:00
any statistics that we want to
00:00
see on the different interfaces on this system,
00:00
I have two interfaces setup,
00:00
ENPN 0S3 and ENPN 0S8.
00:00
That was from back when we were doing
00:00
>> some routing work.
00:00
>> But what we're going to want to look at
00:00
here in terms of error messages,
00:00
is we're going to want to look at RX and TX error and
00:00
RX and TX DRP.
00:00
This is going to show us if you have
00:00
any errors in the system, as I said before,
00:00
the systems clean so we don't really have
00:00
any errors in these fields,
00:00
but we would see errors in this column right here,
00:00
as well as this column and this column and that column.
00:00
We're pretty good there. The other thing we might
00:00
want to look at with netstat is routing information.
00:00
We can do that with netstar-r,
00:00
and that will display all the routing
00:00
table information on the system.
00:00
Now if we don't want it to display host names,
00:00
we could do dash RN and that will just
00:00
display the IP addresses and
00:00
not trying to host name resolution.
00:00
Now let's take a look at the ss comand,
00:00
I'm going to go ahead and clear the screen.
00:00
Ss is actually socket statistics
00:00
>> that's what that command
00:00
>> stands for and ss is the replacement for netstat.
00:00
Now, it works pretty much like netstat.
00:00
In fact, it's almost pretty much a
00:00
drop-in replacement for netstat.
00:00
For example, we can use that same dash
00:00
a flag to display all ports. Again, that's a mess.
00:00
That's just a bunch of information.
00:00
Let's clear the screen and we can do
00:00
dash au to display all the parks
00:00
for UDP and at to display all of the ports for TCP.
00:00
Likewise, we could do listening ports dash lu for
00:00
UDP and lt for TCP.
00:00
We can see this statistics here,
00:00
just like we did before in netstat,
00:00
we can do ss dash S to display statistics.
00:00
I'm going to clear the screen just so
00:00
you can get a little more real estate,
00:00
and there we go and see all the statistics
00:00
just like we saw before.
00:00
But the one thing to notice is that this is
00:00
a lot more summarize than netstat.
00:00
There are two kind of failings,
00:00
so to speak with ss versus netstat.
00:00
One thing is that ss doesn't have facility to look at
00:00
adapter statistics and the second thing that is not
00:00
very good at is it doesn't display routing information.
00:00
It is great at what it does
00:00
and it's a little bit quicker than netstat.
00:00
But if you need to do things like look
00:00
at interface information or view routing,
00:00
you can definitely use the netstat command really,
00:00
I would just tell you to use whichever one is free,
00:00
which everyone is available to
00:00
you, whichever one works better.
00:00
With that, we've reached the end of this lesson.
00:00
In this lesson we covered the types of
00:00
network issues that netstat and ss can help with.
00:00
Then we saw how we could use netstat and ss to
00:00
troubleshoot network issues during our demo.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next
Latency Troubleshooting
Network Performance Troubleshooting
Name Resolution Troubleshooting
Network Security Troubleshooting
Network Mapping and Protocol Analyzers
Instructed By
Similar Content
