Table of Contents
Page 1		  

In the last issue of Profiles, I explained how to use the netstat command to help determine if you have a possible network problem in a UNIX environment. This article looks at using this same command in a Windows NT environment.

Again, we need to start with some basic assumptions. First, both our data and file servers are running on Windows NT 2000 or XP. Second, the network meets three conditions:

  • It is able to transfer data correctly (data integrity).
  • There’s enough bandwidth available to meet the needs of users on the network.
  • Each system on the network is fast enough to handle the network traffic addressed to it.

While there are many good GUI tools available to monitor every aspect of your NT computer, I personally like using the netstat command from the command prompt. It’s clean, reports quickly, and does not need the extra overhead a GUI requires.

The netstat command is used to report a system’s TCP/IP network activity. Using the command without any options, netstat lists all active network connections but no statistics. But throw in an option or two and you can get more information than you care to have. So for simplicity’s sake, we’ll just look at two options here.

From a command prompt, enter “netstat –s –p ip” and review the results. The –s option displays the statistics by protocol. By adding the –p option, we limit the output to one protocol at a time. In this case, we’ll only list the ip statistics or the overall TCP/IP statistics.

Let’s review for errors. Again, we want to compare the number of errors against the number of packets received or output requests. A small number of errors (less than 3%) is OK. If your error levels are higher, you may want to check your network for bad hardware. In the following example, you can see that the network is working pretty well and probably doesn’t present any network-related problems.

C:\>netstat -s -p ip

IPv4 Statistics

Packets Received = 39305
Received Header Errors = 0
Received Address Errors = 61
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 39305
Output Requests = 41814
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

Now enter “netstat –s –p tcp” to get the statistics for the TCP protocol or the connection-oriented data. While this does not provide as much information as the previous command, we still want to look for errors by comparing the total number of segments received and sent against segments that had to be retransmitted. Is the percentage below 3?

C:\>netstat -s -p tcp

TCP Statistics for IPv4

Active Opens = 1916
Passive Opens = 949
Failed Connection Attempts = 4
Reset Connections = 358
Current Connections = 0
Segments Received = 31686
Segments Sent = 30485
Segments Retransmitted = 13

The biggest drawback to netstat is that the counters reflect your system’s activity since the last time it was booted. You can write a script to take and store readings at regular intervals, and then report any changes between the current and previous readings. Alternatively, you can use a GUI application like netmon, a network administrative tool, which can usually be found in %SystemRoot%\System32.

Duane Roach is a senior server engineer at Steelcase, Inc. in Grand Rapids, Michigan, USA. He can be reached by e-mail at droach@steelcase.com.