netstat interface statistics

We can use netstat to see interface statistics including errors. This is typically done to verify that you have don’t have layer 1/layer 2 issues. For example if a switch port is configured for 100/Auto and the device expects 1000/Auto it may have issues. Setting both ports to the same speed manually

Netstat Interface Statistics Example:

C:\>netstat -s -e -p IP
Interface Statistics

                           Received            Sent

Bytes                    2894937160      2935058110
Unicast packets            34356272        35599200
Non-unicast packets          532944           58274
Discards                          0               0
Errors                            0               0
Unknown protocols                 0

IPv4 Statistics

  Packets Received                   = 9576234
  Received Header Errors             = 0
  Received Address Errors            = 173
  Datagrams Forwarded                = 0
  Unknown Protocols Received         = 0
  Received Packets Discarded         = 14950
  Received Packets Delivered         = 10960854
  Output Requests                    = 6123051
  Routing Discards                   = 0
  Discarded Output Packets           = 31
  Output Packet No Route             = 18
  Reassembly Required                = 0
  Reassembly Successful              = 0
  Reassembly Failures                = 0
  Datagrams Successfully Fragmented  = 0
  Datagrams Failing Fragmentation    = 0
  Fragments Created                  = 0

Monitor Netstat Interface Statistics (seconds)

What if you want to monitor bytes, errors, or other specific aspects of the netstat interface statistics? Netstat has an interval flag, but it shows you everything so you’ll need to use the findstr command parse out what you want:

C:\>for /L %i in (0,0,0) do @cls && netstat -s -e -p IP 1 | findstr Bytes
Bytes                    2466468600       593496932
Bytes                    2467116792       594040428
Bytes                    2467116792       594040428

This is all well and good for troubleshooting an interface, but you are limited to 1 second intervals. if you are want monitor errors at a different interval, you’ll need to read on…

Monitor Netstat Interface Statistics (Milli Seconds)

By using a for loop you can specify the loop interval in milliseconds. You could do it the fancy pants way with a for loop instead, though the above method is cleaner and easier to remember.

The below for loop method will allow you to run any command, even ones that don’t have a built in interval check (just replace netstat with whatever command you want to test.

The following for loop loops indefinitely, pausing for 100ms to ping the multicast address, dumping the ping results (which are invalid anyway).

C:\>for /L %i in (0,0,0) do @netstat -s -e -p IP | findstr Bytes && @ping -n 1 -w 100 224.0.0.0 >NUL
Bytes                    2470585432       598383438
Bytes                    2470595408       598390590
Bytes                    2470606232       598395950

Looking at Packets, but not Unicast Packets

I wouldn’t particularly need the following filter, but I wanted to expand on how powerful the proper use of ‘find’ or ‘findstr’ can be. In the following example, we look for “packets” but ignore “unicast” packets and specify a 100ms delay between checks.

for /L %i in (0,0,0) do @cls && netstat -s -e -p IP |find "Packets"|find /V "cast" && @ping -n 1 -w 100 224.0.0.0 >NUL
  Packets Received                   = 71742
  Received Packets Discarded         = 456
  Received Packets Delivered         = 102312
  Discarded Output Packets           = 0

Summary of Netstat Error Checking

It’s easiest to find errors and then diagnose them if you use the proper netstat searches. In large volume networks there are more appropriate tools, but for bringing a new server online and diagnosing why it is slow, netstat has a great built in statistics and error checking capability.