Some common network tools, like NETSTAT or ARP, are not present in the ESXi Shell and SSH command line interface. However, there are somewhat equivalent tools available through the esxcli command.
Netstat is a classic tool available in almost all operating systems and can display the listening ports as well as the state of TCP sessions. This is often very useful to be able to note if a correct TCP three-way handshake has been setup to some remote server or if a local service is listening to a certain port.
The command in ESXi to “emulate” netstat is:
esxcli network ip connection list
(On ESXi 4.1 the command line was “esxcli network connection list“.)
You could then use filters on the output with “grep”. Use any keyword to search for and include the -i switch for non-case sensitive. For example, to display all listening ports in the hypervisor use:
esxcli network ip connection list | grep -i listen
To verify that the local iSCSI initiator has been able to connect to a certain iSCSI SAN we could filter for the TCP/3260 (default port for iSCSI Target) :
esxcli network ip connection list | grep 3260
In the picture above we can see that the ESXi host has an established connection to the iSCSI SAN with IP address 192.168.100.10.
Another common command found on most TCP/IP implementations is “arp“, which displays the mappings between layer three IP addresses and layer two MAC addresses. The arp command itself is missing in ESXi, but there is also a very similar option available in esxcli.
To get the ESXi version of “arp -a” you could use:
esxcli network ip neighbor list
(Command line in ESXi 4.1 was “esxcli network neighbor list“.)
The esxcli tool in ESXi Shell is very useful and it has been hinted that almost all command line options should move into this command, phasing out the older esxcfg-* commands in future releases.
Q: How to make it real hard to sell an operating system.
A: Rewrite the CLI.
Why: It’s going to take thousands of more dollars to retrain our staff into a way of thinking.
Comments: Thank you engineers at EMC that allowed this to happen. Almost every operating system we have here as well as appliances have a netstat and arp command.
VMware should be ashamed to have broken so much in Linux. Netstat is essential for diagnostics. The belief that netstat is something that is used to see “connections” is missing the “statistics” part of the tool. Give me netstat -s so I can tell what is going on with networking on the box. I mean, VMware could have at least left /proc/netstat alone. Without statistics, connection information is pointless. Speaking of pointless:
This is watching connections that are hanging in the “WAIT” state in Linux for 60 seconds:
for i in {1..30};do echo ‘—–‘$i;netstat -tan|awk ‘{print $6}’|sort|uniq -c;sleep 2;done
An attempt using esxcli produces output once because all they allow is sh.
ESX is not Linux, it just provides a similar environment (via busybox) and some similar directory structure. VMware should be proud to have so closely replicated the Linux experience that it’s mistaken for the same OS.
For the shell issue, you can use the more compatible:
for i in `seq 1 30`; do …. done
It’s not even about it not being Linux — it’s not an O.S., it’s a Hypervisor.
As for “what is going on with networking on the box”, the answer is “very little”, because (almost) all the activity is amongst the VMs — that’s rather the point — and what little activity there *is* on the box itself, is to do with vSphere, for which there are great tools in various forms.
Thinking of ESXi as being some kind of Linux variant is very broken thinking, and will cause no end of headaches.