Netstat results - quick question

StickyMcGinty

Lads,

I'm after running netstat over our local LAN here this morning whilst constantly "pinging" the server with performance issues and am currently analysing the results. From the netstat log (using the netstat -s switch) there are a couple of results that I'm worried about....

IPv4 Statistics

  Packets Received                   = 168615
  Received Header Errors             = 0
[B]  Received Address Errors            = 760[/B]
  Datagrams Forwarded                = 0
  Unknown Protocols Received         = 0
  Received Packets Discarded         = 0
  Received Packets Delivered         = 62244
  Output Requests                    = 28472
  Routing Discards                   = 0
  Discarded Output Packets           = 0
  Output Packet No Route             = 0
  Reassembly Required                = 108678
  Reassembly Successful              = 2415
[B]  Reassembly Failures                = 3[/B]
  Datagrams Successfully Fragmented  = 2419
  Datagrams Failing Fragmentation    = 0
  Fragments Created                  = 108855

ICMPv4 Statistics

                            Received       Sent
  Messages                  2485        2535      
  Errors                         0             0         
[B]Destination Unreachable   3           49   [/B]     
  Time Exceeded             0           0         
  Parameter Problems       0           0         
  Source Quenches          0           0         
  Redirects                    0           0         
  Echos                        0           2486      
  Echo Replies              2482        0         
  Timestamps                0           0         
  Timestamp Replies        0           0         
  Address Masks             0           0         
  Address Mask Replies     0           0         

TCP Statistics for IPv4

  Active Opens                        =   201
  Passive Opens                       =    0
[B]  Failed Connection Attempts        = 7[/B]
  Reset Connections                   = 57
  Current Connections                 = 0
  Segments Received                   = 42124
  Segments Sent                       = 25420
  Segments Retransmitted              = 4

UDP Statistics for IPv4

  Datagrams Received    = 16720
  No Ports              = 4105
  Receive Errors        = 65
  Datagrams Sent        = 447

can anyone shed some light on what "Received Address Errors" actually means? is there some dodgy cabling on my network or what can i take from this?

Cheers

axer

Could be a number of things. Have you tried using a packet sniffer to see what type of traffic is clogging your network?

Received Address Errors means that datagrams received had an incorrect address e.g. 0.0.0.0 or a class e address etc

_CreeD_

Reassembly Required = 108678
Reassembly Successful = 2415
Fragments Created = 108855


You have a lot of fragmentation happening, and this will affect performance. I'd check the MTU settings and do some testing from various points in your network (try this http://help.expedient.com/broadband/mtu_ping_test.shtml). It is also sometimes used as an IDS evasion and DOS technique so don't rule out malware.

Snaga

Theres the possibility of an ethernet duplex mismatch here. Have you a host with its NIC hard set to 100/full with auto neg off and a switch port with auto-neg enabled? (Or switch to switch if you have more than one) between the two end devices?

That will cause the port with Auto Neg enabled to fall back to half duplex which will have the impact of killing ethernet frames at random, leading to fragmented IP packets, and ultimately poor throughput and terrible jitter.

Note: An unmanaged switch always has Auto negotiate enabled - if your Server is plugged into an unmanaged switch - always leave Auto negotiate on the server NIC.