Working with the NETSTAT Command on IBM i

Marc Vadeboncoeur, iTech Solutions

Do you want to know, in real-time, who/what is connecting to the TCP/IP environment on your IBM i?  Need to know how much data is going outbound and coming inbound for any specific TCP/IP connection, and have immediate access to a bunch of other cool IP environment metrics and capabilities and control?  Well, the tool to do so is right at the tip of your fingers, and knowing how to use it is absolutely essential to the effective management of your IBM i’s network connectivity.

The NETSTAT command on your IBM i is the de facto go-to resource that you need to get a 360-degree view of what’s going on with all the TCP/IP activity on your system, yet many clients that I work with have never even heard of it, and if they have heard of it they don’t really know what it does and the critical management capabilities that it offers.

When you invoke the NETSTAT command from any command line using the default parameter of OPTION(*SELECT), it will present to you the main menu shown below.

Interesting to note that the title of the menu up top is “Work with TCP/IP Network Status”, and that’s because there are two functionally identical commands that will get you to this main menu, NETSTAT, and WRKTCPSTS, as these menu prompts indicate…

I’ve often wondered why our good friends at IBM gave us two commands that are identical in function, and my best guess is because there is a NETSTAT command-line interface (CLI) command in the Windows operating system world (Windows workstations and Windows servers), that has been around since Bill Gates was a 20-something-year-old, that provides information similar to what WRKTCPSTS provides in the IBM i world. So IBM just threw that same NETSTAT command on the IBM i and made it point to the same menu on the system that the WRKTCPSTS points to.  Just a wild guess on my part so don’t quote me on that one. My own personal preference is to use the NETSTAT command instead of the WRKTCPSTS command simply because it’s two fewer characters for me to type and I have that higher primate tendency to be lazy on occasion!

The most useful option off of the “Work with TCP/IP Network Status” menu is option #3 “Work with IPv4 connection status” which you can also invoke directly with the NETSTAT or WRKTCPSTS commands by simply specifying the OPTION(*CNN) parameter on either of those commands, and it is the functions available with that option that I will focus on in this article.

When you enter into the “Work with IPv4 connection status” screen, it initially appears like this…

What this screen is showing you is every TCP/IP port currently open on your system, and, every connection your system has to a remote host, basically a very comprehensive birds-eye view of what doors your system has open and who has come in through those doors and is currently in-the-house.

When I first invoke this screen, I like to always do two things: (1) display all the port numbers, and (2) set the screen to display in “local” port number sequence.  This can be accomplished easily via the F14 key “Display port numbers” and the F13 key “Sort by column”.  Pressing the F14 key allows you to conveniently toggle between “Display port names” (the default initial view) and “Display port numbers” (my personal preference).  For example, pressing F14 on the initial display shown above results in the port numbers being displayed as shown here…

Then, you can press F13 to sort by a screen column of your choosing and selecting the “Local Port” column with a “1” in the pop-up window as shown here and then pressing the <Enter> key…

The screen now appears like this, with local port numbers being shown and the connections being ordered in ascending sequence by local port number, perfect…

From the screen above, you can immediately ascertain some very useful information with a single glance, for example, local port 21 (FTP) is in a “Listen” state so right away you know that the FTP host server function on your IBM i is currently active.

How about all those telnet users that you currently have attached to your system, who are they and what is their precise source IP address and are they just sitting there at a sign-on screen or are they signed-on to the system as well?  Just look at the “Established” connections for local port 23 (telnet) and you can see that there are currently 4 devices that have an active telnet session to the system, and the IP address of each workstation connected is shown under the “Remote Address” column.  You can then get the down-‘n-dirty details on each telnet session connection by simply taking an option ‘8’ (“Display jobs”) alongside each connection.  For example, taking an option ‘8’ on each of the connections with the remote host IP address of 10.29.6.172 will show that this particular workstation currently has one active session where they are signed-on as user “ITECHSOL” and another telnet session that is currently sitting on a sign-on screen as indicated in these screens…

How about if you see your disk usage percentage climbing rapidly and you can’t find any batch or interactive jobs that may be the likely culprits, and you suspect that the offender is a user logged onto your system’s FTP server who is uploading an enormous file, how do you find that user’s FTP connection and find out their name and kill their FTP connection and save the day?  Well, it’s NETSTAT OPTION(*CNN) to the rescue.  In the example below, you see that there is a user named ITECHSOL with IP address 100.10.38.44 currently logged into your system’s FTP server, press the F11 key (“Display byte counts”) and you can see how much data has been sent/received to/from that user’s FTP session…

If the “Bytes In” count is extraordinarily high, then you’ve found your offender, and you can immediately “kill” that FTP connection by entering an option ‘4’ (“End”) alongside the connection.

The above examples are just the tip of the iceberg of what the NETSTAT command has to offer, and there is so much more.  The TCP/IP network interfaces on your IBM i system are at the very heart and soul of your system’s connectivity to the outside world, whether it is systems connecting to your IBM i from your local network, or your corporate WAN, or a VPN, or the public Internet, NETSTAT will quickly and easily tell you who is connecting, where they are connecting from, what they are connecting to, how long they have been connected, and a whole host of other critical information.  The NETSTAT command is your one-stop deep window into your system’s TCP/IP stack, and being fully conversant in its use in managing your system’s network connectivity is absolutely essential.

 

Tagged with: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*