Re: {bb} monitor ethernet traffic

To: bb@bb4.com
Subject: Re: {bb} monitor ethernet traffic
From: Henrik Storner <henrik-bb@hswn.dk>
Date: Thu, 27 Jan 2005 17:07:37 +0000 (UTC)
Newsgroups: lists.bb
Organization: Linux Users Inc.
References: <ct8qd7$rtn$1@voodoo.hswn.dk> <OFCA94794B.E0A84533-ON86256F96.00576B86-86256F96.00588F62@hormel.com>
Reply-to: bb@bb4.com
Sender: owner-bb@bb4.com
User-agent: nn/6.6.4

In <OFCA94794B.E0A84533-ON86256F96.00576B86-86256F96.00588F62@hormel.com> JRGryskiewicz@hormel.com writes:

>ok, I have started running the netstat with larrd, and I have some graphs
>showing up that look very nice.

>But ... Looking at the netstat tcp graph, which shows "in, "out", and
>"retransmit".  I see in the netstat-bf.sh script is running a netstat -sp
>tcp command.  Could someone explain exactly what the "in","out", and
>"retransmit" means?  Is this the number of packets?  Actual amount of data?

>I'm not real sure about what it is showing me.

That's a really good question :-) Because each OS has a slightly
different way of reporting these statistics, so it can be quite
a challenge to understand the resulting graphs correctly.

The netstat-bf.sh script on AIX runs "netstat -sp tcp" as you say.
But then it does some parsing of the output, and actually ends up
reporting the number of bytes sent and received. (At least that's
how I understand the script).

These numbers are then polled every 5 minutes.

LARRD then does some work with these numbers. Instead of the absolute
byte-counts that the script reports, it keeps track of how many bytes
were sent/received since the last report - thereby figuring out how
much traffic was going on during the past 5 minutes. Then it converts
that from bytes/5minutes into bits/second - ie. multiply by 8, and
divide by 300, and this is the value that is used for the graph.

So the value you see on the graph is directly comparable with the
bandwidth of your network connection to the server - if the graph
shows a value of "307k" and your bandwidth to the server is a 2 Mbit
link, then this server uses (307/2048) = 15% of your bandwidth.

Now - be careful in applying this to reports from other operating
systems. Very few systems actually report the number of bytes sent and
received (only Solaris does, and some AIX and HP-UX versions);
instead, they count packets. And packets vary in size, from the small
ping packet of 64 bytes, to the full datapacket which can be almost
1500 bytes. But LARRD will happily do the bytes-to-bits conversion
anyway, and you end up with numbers that dont really mean a whole lot
- you can view the graph and see when the load is relatively high or
low, but you cannot see how much bandwidth is being used.

Henrik
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, or to subscribe to the bb-digest list
send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
subscribe bb-digest in the BODY of the message.

Follow-Ups:
- Re: {bb} monitor ethernet traffic
  - From: JRGryskiewicz@hormel.com

References:
- Re: {bb} monitor ethernet traffic
  - From: Henrik Storner <henrik-bb@hswn.dk>
- Re: {bb} monitor ethernet traffic
  - From: JRGryskiewicz@hormel.com

Prev by Date: Re: {bb} monitor ethernet traffic
Next by Date: Re: {bb} The bb_rename error problem
Previous by thread: Re: {bb} monitor ethernet traffic
Next by thread: Re: {bb} monitor ethernet traffic
Index(es):
- Date
- Thread

Home | Main Index | Thread Index