performancewiki.com - Analyzing Network Performance

performance / tuning tips. to the point.

del.icio.us performancewiki.com Latest Items

Analyzing Network Performance

Linux Windows AIX Solaris

Linux

Use 'netstat' with -p option to display PID/Program name for sockets:

# netstat -p 2
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State     PID/Program name
tcp        1      0 pw101.perfwiki.com:56451   pw101.perfwiki.com:9081    CLOSE_WAIT  31901/httpd
tcp        1      0 pw101.perfwiki.com:56460   pw101.perfwiki.com:9081    CLOSE_WAIT  32008/httpd
tcp        1      0 pw101.perfwiki.com:56456   pw101.perfwiki.com:9081    CLOSE_WAIT  32006/httpd
tcp        1      0 pw101.perfwiki.com:56446   pw101.perfwiki.com:9081    CLOSE_WAIT  31898/httpd
tcp        1      0 pw101.perfwiki.com:56447   pw101.perfwiki.com:9081    CLOSE_WAIT  31899/httpd
tcp        1      0 pw101.perfwiki.com:56445   pw101.perfwiki.com:9081    CLOSE_WAIT  31897/httpd
tcp        1      0 pw101.perfwiki.com:35518   pw101.perfwiki.com:9081    CLOSE_WAIT  31900/httpd
tcp        0    196 pw101.perfwiki.com:ssh     9.65.243.110:2708           ESTABLISHED 28120/0
tcp        0      0 pw101.perfwiki.com:56437   legolas.stl.ib:DB2_db2inst1 ESTABLISHED 31903/java
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  6      [ ]         DGRAM                    1879   1766/syslogd        /dev/log
unix  3      [ ]         STREAM     CONNECTED     575699094 31983/db2wdog
unix  3      [ ]         STREAM     CONNECTED     575699093 31983/db2wdog
unix  3      [ ]         STREAM     CONNECTED     575699092 31983/db2wdog
unix  3      [ ]         STREAM     CONNECTED     575699091 31983/db2wdog
unix  3      [ ]         STREAM     CONNECTED     575699090 31983/db2wdog
unix  3      [ ]         STREAM     CONNECTED     575699089 31983/db2wdog
unix  3      [ ]         STREAM     CONNECTED     575699088 31983/db2wdog
unix  3      [ ]         STREAM     CONNECTED     575699087 31983/db2wdog
unix  3      [ ]         STREAM     CONNECTED     575699086 31983/db2wdog
unix  3      [ ]         STREAM     CONNECTED     575699085 31983/db2wdog
...

Looks like db2wdog is a major program using the network (it has active sockets).

Windows

'Perfmon' is a Windows tool that can be configured to monitor (and log to file) system resources. Physical disk counters are one area that can be added to the overall resources to be monitored. You can start 'perfmon' simply by typing 'perfmon' in the "Start->Run..." window:

AIX

A very useful command called 'netpmon' is available on AIX. It uses 'trace' to monitor activity and report statistics on network I/O usage and network-related CPU usage. One can easily determine that if a process is causing high network-related CPU usage, chances are it is causing a lot of network traffice.

# netpmon -o netmon.out; sleep 10; trcstop
# more netmon.out

Sun Dec  4 19:55:40 2005
System: AIX pw101 Node: 5 Machine: 002FBF7D4C00

========================================================================

Process CPU Usage Statistics:
-----------------------------
                                                   Network
Process (top 20)             PID  CPU Time   CPU %   CPU %
----------------------------------------------------------
rcp                       349885    0.7986   0.660   0.522
db2fm                     512122    0.0375   0.073   0.000
rcp                       349882    0.2821   0.234   0.171    
netpmon                   249960    0.0225   0.044   0.000
db2fm                    1962022    0.0136   0.026   0.000
db2set                    516208    0.0096   0.019   0.000
java                     1716352    0.0070   0.014   0.000
db2disp                  1143036    0.0052   0.010   0.000
swapper                        0    0.0040   0.008   0.000
trcstop                   512124    0.0036   0.007   0.000
UNKNOWN                   647338    0.0025   0.005   0.000
db2fmcd                   311516    0.0022   0.004   0.000
java                      536650    0.0019   0.004   0.000
getty                     290960    0.0019   0.004   0.000
db2hmon                  1458184    0.0014   0.003   0.000
gil                        77862    0.0014   0.003   0.003
sshd:                     737282    0.0014   0.003   0.000
ksh                      2027638    0.0012   0.002   0.000
java                      331974    0.0008   0.001   0.000
netpmon                  1470576    0.0007   0.001   0.000
sddsrv                    266388    0.0006   0.001   0.000
sched                      12294    0.0004   0.001   0.000
----------------------------------------------------------
Total (all processes)               0.1216   0.236   0.696

The "Network CPU%" column is the percentage of total time that this process spent executing
network-related code.

Solaris

Use 'netstat' and the following script to determine the PID that is using port(s) which causing the highest network throughput:

#!/bin/ksh
#
# Orf Gelbrich
# 7-30-2003 
# find from a port the pid that started the port
#
# Need to be root to check other folk's PID's out
#
line='-------------------------------------------------------------------------'
pids=$(/usr/bin/ps -ef | sed 1d | awk '{print $2}')


# Prompt users or use 1st cmdline argument
if [ $# -eq 0 ]; then
        read ans?"Enter port you like to know pid for:  "
else
        ans=$1
fi


# Check all pids for this port, then list that process
for f in $pids
do
        /usr/proc/bin/pfiles $f 2>/dev/null | /usr/xpg4/bin/grep -q "port: $ans"
        if [ $? -eq 0 ] ; then 
                echo $line
                echo "Port: $ans is being used by PID:\c"
                /usr/bin/ps -ef -o pid -o args | egrep -v "grep|pfiles" | grep $f
        fi                      
done
exit 0

** from http://sysunconfig.net/unixtips/solaris.html