Hello,

As the "netstat" command is deprecated since a long time (1), I suggest to replace it with other commands like ss and ip.

I've made a first patch for this. As the number of columns is higher than the 80 standard, I've made a second patch with less long lines ... but that don't fit inside 80 chars and if I remove more spaces that don't looks good.

(1) https://en.wikipedia.org/wiki/Netstat

Regards,

--
[Alain Belkadi / LinuxBeach]
From 0678b8610ee5931cd31edb66091a09faf21dc1ad Mon Sep 17 00:00:00 2001
From: Alain Belkadi <xigulor...@linuxbeach.be>
Date: Mon, 8 Jul 2019 16:17:17 +0200
Subject: [PATCH 1/2] DOC: Replace the deprecated "netstat" command with more
 recent tools

---
 doc/management.txt | 33 ++++++++++++++++-----------------
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/doc/management.txt b/doc/management.txt
index 93bee671..59ffb1ed 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -103,16 +103,14 @@ connections and to initiate outgoing connections. An immediate effect of this is
 that there is no relation between packets observed on the two sides of a
 forwarded connection, which can be of different size, numbers and even family.
 Since a connection may only be accepted from a socket in LISTEN state, all the
-sockets it is listening to are necessarily visible using the "netstat" utility
+sockets it is listening to are necessarily visible using the "ss" utility
 to show listening sockets. Example :
 
-  # netstat -ltnp
-  Active Internet connections (only servers)
-  Proto Recv-Q Send-Q Local Address   Foreign Address   State    PID/Program name
-  tcp        0      0 0.0.0.0:22      0.0.0.0:*         LISTEN   1629/sshd
-  tcp        0      0 0.0.0.0:80      0.0.0.0:*         LISTEN   2847/haproxy
-  tcp        0      0 0.0.0.0:443     0.0.0.0:*         LISTEN   2847/haproxy
-
+  # ss -ltnp
+  State            Recv-Q           Send-Q                     Local Address:Port                      Peer Address:Port
+  LISTEN           0                128                              0.0.0.0:80                             0.0.0.0:*              users:(("haproxy",pid=29687,fd=10))
+  LISTEN           0                128                              0.0.0.0:22                             0.0.0.0:*              users:(("sshd",pid=18594,fd=3))
+  LISTEN           0                128                                 [::]:22                                [::]:*              users:(("sshd",pid=18594,fd=4))
 
 3. Starting HAProxy
 -------------------
@@ -2779,7 +2777,7 @@ is ignored. The reason is that in fact even the new process is restarted with a
 new configuration, the old one also gets some incoming connections and
 processes them, returning unexpected results. When in doubt, just stop the new
 process and try again. If it still works, it very likely means that an old
-process remains alive and has to be stopped. Linux's "netstat -lntp" is of good
+process remains alive and has to be stopped. Linux's "ss -lntp" is of good
 help here.
 
 When adding entries to an ACL from the command line (eg: when blacklisting a
@@ -2953,14 +2951,15 @@ not noticeable at the naked eye. If they appear a lot in the traces, it is
 worth investigating exactly what happens and where the packets are lost. HTTP
 doesn't cope well with TCP losses, which introduce huge latencies.
 
-The "netstat -i" command will report statistics per interface. An interface
-where the Rx-Ovr counter grows indicates that the system doesn't have enough
-resources to receive all incoming packets and that they're lost before being
-processed by the network driver. Rx-Drp indicates that some received packets
-were lost in the network stack because the application doesn't process them
-fast enough. This can happen during some attacks as well. Tx-Drp means that
-the output queues were full and packets had to be dropped. When using TCP it
-should be very rare, but will possibly indicate a saturated outgoing link.
+The "ip -s link" command will report statistics per interface. An interface
+where the 'RX overrun' counter grows indicates that the system doesn't have
+enough resources to receive all incoming packets and that they're lost before
+being processed by the network driver. 'RX dropped' indicates that some
+received packets were lost in the network stack because the application doesn't
+process them fast enough. This can happen during some attacks as well.
+TX dropped means that the output queues were full and packets had to be
+dropped. When using TCP it should be very rare, but will possibly indicate a
+saturated outgoing link.
 
 
 13. Security considerations
-- 
2.11.0

From c94d7f2bd58947e220a560e0a7f42318051dc5db Mon Sep 17 00:00:00 2001
From: Alain Belkadi <xigulor...@linuxbeach.be>
Date: Mon, 8 Jul 2019 16:40:00 +0200
Subject: [PATCH 2/2] DOC: Replace the deprecated "netstat" command with more
 recent tools

---
 doc/management.txt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/management.txt b/doc/management.txt
index 59ffb1ed..e7f7b5d4 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -107,10 +107,10 @@ sockets it is listening to are necessarily visible using the "ss" utility
 to show listening sockets. Example :
 
   # ss -ltnp
-  State            Recv-Q           Send-Q                     Local Address:Port                      Peer Address:Port
-  LISTEN           0                128                              0.0.0.0:80                             0.0.0.0:*              users:(("haproxy",pid=29687,fd=10))
-  LISTEN           0                128                              0.0.0.0:22                             0.0.0.0:*              users:(("sshd",pid=18594,fd=3))
-  LISTEN           0                128                                 [::]:22                                [::]:*              users:(("sshd",pid=18594,fd=4))
+  State   Recv-Q  Send-Q   Local Address:Port  Peer Address:Port
+  LISTEN  0       128      0.0.0.0:80          0.0.0.0:*          users:(("haproxy",pid=29687,fd=10))
+  LISTEN  0       128      0.0.0.0:22          0.0.0.0:*          users:(("sshd",pid=18594,fd=3))
+  LISTEN  0       128      [::]:22             [::]:*             users:(("sshd",pid=18594,fd=4))
 
 3. Starting HAProxy
 -------------------
-- 
2.11.0

Reply via email to