Today's Obscure Command You Should Know: netstat -s

There are any number of operating system (OS) commands that are VERY handy when performing initial troubleshooting or 'drilling down' on a suspected issue.  However, many of the most useful instances are either obscure commands or obscure options to well-known commands,  What?  You say that sounds like a good idea for a blog series?  Why, I think you're right!  Thus, it's time for today's obscure command!

Most of you have used the netstat command to check your current network connections from time to time, but the IP stack also keeps track of a (sometimes) dizzying variety of per-protocol statistics.  These are available to you via the -s option, and they can be an important indicator of "network problems."  The image to the right is a subsection of the Windows output for TCP/IPv4, but--depending upon your OS and the protocols installed--you can also gather the numbers for UDP, ICMP, and even protocols like GRE.  If IPv6 is installed, you'll see those statistics as well.

Now, keep in mind that these statistics are "since last boot," so you'll want to consider them something of a baseline for your investigations.  When I'm looking for intermittent network problems, I use a batch file (or shell script, or even a cronjob) to gather these on a regular basis, which may range from "every 5 minutes" to "once per hour," depending upon the nature of the problem under investigation.  You can then look for 'spikes' in a particular sample and correlate them to the timestamped log/debug entries made by applications or the OS itself (such as the Windows event log or /var/log/messages).  The tie-in to network packet analysis (e.g. Wireshark, Microsoft Network Monitor, et al.) is obvious...

Take a look at netstat -s - it may just bail you out of a jam one day...