Commands to help identify Lan interface errors



  • Hi PFSense Board,

    I am running PFSense 2.0.1-RELEASE (i386) directly on an intel atom board, with a dual nic Intel card.
    Everything seems to be running fine, except that i have quite a lot of errors on the Lan interface.

    Which commands can i use to help identify what is causing these errors ?

    $ netstat -s -s
    tcp:
    103754 packets sent
    83602 data packets (29328524 bytes)
    186 data packets (148521 bytes) retransmitted
    45 data packets unnecessarily retransmitted
    18706 ack-only packets (0 delayed)
    12 window update packets
    1248 control packets
    60601 packets received
    41025 acks (for 29281769 bytes)
    688 duplicate acks
    17333 packets (7511731 bytes) received in-sequence
    13 completely duplicate packets (3811 bytes)
    6 out-of-order packets (2214 bytes)
    120 window update packets
    3 packets received after close
    11 discarded for bad checksums
    122 connection requests
    1132 connection accepts
    720 ignored RSTs in the windows
    1240 connections established (including accepts)
    1263 connections closed (including 720 drops)
    1039 connections updated cached RTT on close
    1039 connections updated cached RTT variance on close
    742 connections updated cached ssthresh on close
    13 embryonic connections dropped
    20598 segments updated rtt (of 20754 attempts)
    217 retransmit timeouts
    13 keepalive timeouts
    13 connections dropped by keepalive
    343 correct ACK header predictions
    14714 correct data packet header predictions
    1133 syncache entries added
    1 retransmitted
    6 dupsyn
    1132 completed
    1 reset
    1133 cookies sent
    25 SACK recovery episodes
    42 segment rexmits in SACK recovery episodes
    44386 byte rexmits in SACK recovery episodes
    274 SACK options (SACK blocks) received
    2 SACK options (SACK blocks) sent
    udp:
    777315 datagrams received
    2 with bad checksum
    112037 dropped due to no socket
    190151 broadcast/multicast datagrams undelivered
    475125 delivered
    810175 datagrams output
    sctp:
    Packet drop statistics:
    Timeouts:
    ip:
    71983607 total packets received
    1299466 packets for this host
    66927492 packets forwarded
    3387 packets not forwardable
    1388818 packets sent from this host
    10 packets sent with fabricated ip header
    15 output datagrams fragmented
    31 fragments created
    icmp:
    2406 calls to icmp_error
    Output histogram:
    echo reply: 28
    destination unreachable: 2405
    time exceeded: 1
    34 messages with bad checksum
    Input histogram:
    echo reply: 461514
    destination unreachable: 8
    echo: 28
    28 message responses generated
    ICMP address mask responses are disabled
    igmp:
    ipsec:
    ah:
    esp:
    ipcomp:
    pim:
    carp:
    pfsync:
    arp:
    1014 ARP requests sent
    33396 ARP replies sent
    574552 ARP requests received
    255 ARP replies received
    574807 ARP packets received
    727 total packets dropped due to no ARP entry
    456 ARP entrys timed out
    ip6:
    16814 total packets received
    12 packets sent from this host
    42 output packets discarded due to no route
    Input histogram:
    hop by hop: 576
    UDP: 16114
    ICMP6: 124
    Mbuf statistics:
    0 one mbuf
    16814 one ext mbuf
    0 two or more ext mbuf
    Source addresses selection rule applied:
    icmp6:
    Output histogram:
    neighbor solicitation: 3
    MLDv2 listener report: 9
    Histogram of error messages to be generated:
    ipsec6:
    rip6:
    pfkey:
    4 requests sent from userland
    64 bytes sent from userland
    histogram by message type:
    flush: 2
    x_spdflush: 2
    4 requests sent to userland
    64 bytes sent to userland
    histogram by message type:
    flush: 2
    x_spdflush: 2



  • New to this but what about "netstat -sl <lan interface="">"? Seems to give more specifics and with regard to that iface.</lan>



  • Finally found out that it was my switch that caused all the errors. Not going to buy a SRW2008 ever again :-)



  • Ditto on that.  Those SRW switches cause an unreasonable amount of trouble.  And half the time, upgrading firmware bricks it.


Locked