How to monitor send/receive bytes

msojka77 · December 1, 2010, 8:06am

Hello,
I need to create a script to monitor sent/received packets for a period of time (the period of time will be a users input) and write the result to some txt file.
Is there any command (don`t want to use any 3rd party sw) what I can use?
I`m using Solaris 10.

Thank you

bartus11 · December 1, 2010, 8:25am

Take a look at "snoop" command.

msojka77 · December 1, 2010, 8:32am

yes that`s what I did, but can you be a more specific please:-]]. What parameters should I use.

fpmurphy · December 1, 2010, 9:14am

Try reading the snoop man page:

man snoop

Come up with suggested parameters and test them out on your system. You will quickly find the correct parameters to use.

msojka77 · December 2, 2010, 9:34am

snoop is not the right command...need something what shows network traffic.Like in XP Activity...total of sent and received packets..Is there something like that?

bartus11 · December 2, 2010, 9:43am

Take a look at "netstat"

msojka77 · December 6, 2010, 3:34am

I found netsat -s. It gives me some info. There is "tcpOutDataBytes"..is it the amount of sent bytes?And also there is "tcpInDupBytes" I assume it is not the amount of received bytes.

jlliagre · December 6, 2010, 3:50am

"netstat -i <interval>" would be better if you are asking about packets like stated in your initial question.

msojka77 · December 6, 2010, 7:18am

yes "netstat - i" gives mi a packets, but I would rather have sent/received bytes..

jlliagre · December 6, 2010, 7:48am

kstat -n interface | grep s64

should print both the packet and byte statistics for the specified interface.

msojka77 · December 6, 2010, 9:18am

Hi jlliagre, thank you,but the command doesn`t do anything. When I use the "netstat" command, there is a row like "tcpOutDataBytes" which I assume are bytes sent out, but dont know which row is "data sent in"...

jlliagre · December 6, 2010, 9:31am

What interface do you use ?
What Solaris 10 release (cat /etc/release) ?
What says

kstat -n interface

(with interface replaced by your interface name)

The closer would be tcpInAckBytes but TCP statistics include local (internal) communication so is probably not what you are looking for.

msojka77 · December 7, 2010, 1:21am

As interface I use TCP
I use Solrais 2009.06 snv_111b X86
when I use "jack@opensolaris:/# kstat -n tcp | grep s64" I can hear HDD runnig for a while and then it prints again "jack@opensolaris:/#"

So can you point me to where (what command) I should look?

Thank you very much

jlliagre · December 7, 2010, 2:25am

"tcp" is hardly a network interface. It should be e1000g0, iwh0 or something similar.
What says

ifconfig -a

?

msojka77 · December 7, 2010, 4:18am

ok you are right "ifconfig -a" says lo0 and e1000g0 plus some other stuff..
Now when I try to run "kstat - n e1000g0 | grep s64" it gives me "obytes64" which I assume are sent bytes and "rbytes64" which I assume are received bytes..and yes there are also ipakets and opakets.