# view received datagrams to FreeBSD 6 UDP socket



## m4rtin (Oct 4, 2011)

I have a machine which is running _FreeBSD 6_. I'm not able to install additional software(for example _lsof_ etc) to this machine. I would like to find out received datagrams to particular UDP socket using _netstat_. Usage of this particular _netstat_ implementation is following:


```
usage: netstat [-Aan] [-f address_family] [-M core] [-N system] 
        [-Jr|-JS -H <handle-id in hex>| -JT]
       netstat [-bdghimnrs] [-f address_family] [-M core] [-N system]
       netstat [-bdn] [-I interface] [-M core] [-N system] [-w wait]
       netstat [-M core] [-N system] [-p protocol]
       netstat -B [ -I interface]       netstat -C 
       netstat -G
       netstat [-Js] [-f address_family]  [-T table_name] [-P prefix/length] 
        [-I interface] [-L stats_locality]
```

The UDP port I'm interested in is 123 and it's listening on the machine:


```
udp4       0      0  127.0.0.1.123                                 *.*
```

I'm able to see datagrams received by all UDP sockets:


```
root@freeBSD% netstat -l -n -f inet -p udp
udp:
        447361757 datagrams received
        0 with incomplete header
        1 with bad data length field
        200 with bad checksum
        1303380 dropped due to no socket
        1035710 broadcast/multicast datagrams dropped due to no socket
        3 dropped due to full socket buffers
        0 not for hashed pcb
        445022463 delivered
        472191145 datagrams output
root@freeBSD%
```

..but how to check something like this for one particular datagram socket? :OOO The reason I'm asking is that _ntpd_ for some reason, despite the restart, does not reply to NTP queries and I would like to make sure, that socket receives those queries.

Is it possible to achieve this using the _netstat_ utility? :OOO


----------



## DutchDaemon (Oct 4, 2011)

Why not just use tcpdump(1) like this
[cmd=]tcpdump -s 0 -pnli nic0 proto UDP and port 123[/cmd]
?
(substitute _nic0_ with what you have in ifconfig)
Add -XX if you want to see more of the payload.


----------



## m4rtin (Oct 5, 2011)

DutchDaemon said:
			
		

> Why not just use tcpdump(1) like this
> [cmd=]tcpdump -s 0 -pnli nic0 proto UDP and port 123[/cmd]
> ?
> (substitute _nic0_ with what you have in ifconfig)
> Add -XX if you want to see more of the payload.



According to tcpdump(1) there are queries made to _localhost_ UDP port 123(I analyzed hex data as well), but there are no replies from the server. _xntpd_ is listening on UDP port 123. _xntpd_ is reloaded, but still nothing. That's the reason I'm wondering if the socket properly receives the data :OOO Is it possible to check datagrams received by one particular datagram socket? Any other ideas?


----------



## DutchDaemon (Oct 5, 2011)

Does [cmd=]sockstat -l4p123[/cmd] actually show a udp4 listener on that port on localhost (or on all interfaces)?

Try an alternative ntp server like net/openntpd otherwise.


----------



## m4rtin (Oct 5, 2011)

DutchDaemon said:
			
		

> Does [cmd=]sockstat -l4p123[/cmd] actually show a udp4 listener on that port on localhost (or on all interfaces)?
> 
> Try an alternative ntp server like net/openntpd otherwise.



yes, it listens on all interfaces(*.123). However, I'll try another NTP server.


----------

