Amount of Network Traffic info from netstat output

Hi,

I'm trying to figure out how much traffic has been generated and received from netstat -s output (using Linux). I can see the output shows packet counts and Octet values, how would I correctly calculate how much traffic in and how much out?
My output below:

Ip:
88847576 total packets received
2 with invalid addresses
0 forwarded
0 incoming packets discarded
88847574 incoming packets delivered
52844660 requests sent out
Icmp:
61 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 18
echo requests: 41
echo replies: 2
1183 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 1132
echo request: 10
echo replies: 41
IcmpMsg:
InType0: 2
InType3: 18
InType8: 41
OutType0: 41
OutType3: 1132
OutType8: 10
Tcp:
251019 active connections openings
35110 passive connection openings
1118 failed connection attempts
23126 connection resets received
28 connections established
87528846 segments received
51931529 segments send out
2970 segments retransmited
0 bad segments received.
27487 resets sent
Udp:
1063578 packets received
1135 packets to unknown port received.
0 packet receive errors
1067360 packets sent
UdpLite:
TcpExt:
36 packets pruned from receive queue because of socket buffer overrun
137140 TCP sockets finished time wait in fast timer
703868 delayed acks sent
498 delayed acks further delayed because of locked socket
Quick ack mode was activated 110169 times
12738250 packets directly queued to recvmsg prequeue.
448039148 packets directly received from backlog
6267072197 packets directly received from prequeue
53978991 packets header predicted
15337583 packets header predicted and directly queued to user
3014704 acknowledgments not containing data received
14371452 predicted acknowledgments
469 times recovered from packet loss due to fast retransmit
Detected reordering 1 times using FACK
Detected reordering 1 times using reno fast retransmit
Detected reordering 75 times using time stamp
211 congestion windows fully recovered
639 congestion windows partially recovered using Hoe heuristic
513 congestion windows recovered after partial ack
0 TCP data loss events
20 timeouts after reno fast retransmit
5 timeouts in loss state
506 fast retransmits
169 retransmits in slow start
2065 other TCP timeouts
TCPRenoRecoveryFail: 118
2840 packets collapsed in receive queue due to low socket buffer
1298 DSACKs sent for old packets
3157 connections reset due to unexpected data
13952 connections reset due to early user close
77 connections aborted due to timeout
TCPSackShiftFallback: 32
IpExt:
InMcastPkts: 70545
OutMcastPkts: 2100
InBcastPkts: 342646
InOctets: 98734962532
OutOctets: 14102355880
InMcastOctets: 2257440
OutMcastOctets: 337050
InBcastOctets: 45015868

thanks in advance.

Wilson.

I'm not sure what you mean by 'traffic,' so I'll assume total bytes. If not, the technique can be applied to other measurements.

The output from netstat is a total count since 'the beginning of time' which is probably the last boot. The man page I just checked didn't give any indication so that's my assumption.

Regardless, in order to know what your traffic is, you have to capture a baseline value, and then at sometime in the future, capture a second value with the difference being the traffic over that period of time.

A small script like this can present output counts by the minute:

#!/usr/bin/env ksh

# print two values to stdout: outoctet count and inoctet count
function get_stats
{
    netstat  -s wlan0 | awk '        #<<<< change for your interface or remove for all
    /OutOctets/ { out=$2; next;}
    /InOctets:/ { inp = $2; next} 
    END {print out, inp }
    '
}

get_stats | read baseo basei   # seed the baseline values
while true
do
    sleep 60
    get_stats | read newo newi
    echo "inbound $(( newi - basei ))/min  outbound $(( newo - baseo ))/min"
    basei=$newi               # current becomes the baseline
    baseo=$newo
done

One note: Bash is not able to handle the syntax 'command | read x y' so this isn't a portable script. If you want to use this under bash you'll need to change each get_stats statement to these three:

values=$(get_stats)                    # bash compatable
baseo=${values% *}
basei=${values#* }
1 Like