unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



netstat(1)							   netstat(1)
Patchkit 6							   Patchkit 6



NAME

  netstat - Displays network statistics.

SYNOPSIS

  /usr/sbin/netstat [-ARgrn  | [-AanXx]	[-f address_family] [-p	protocol]]
  [interval]

  /usr/sbin/netstat [-abdgHimMnRrstuv] [-f address_family] [-p protocol]
  [interval]

  /usr/sbin/netstat [-dnotz] [-I interface [-c | -s]] [interval]

  The netstat command displays network-related data in various formats.

OPTIONS

  -a  Displays the state of sockets related to the Internet protocol.
      Includes sockets for processes such as servers that are currently
      listening	at a socket but	are otherwise inactive.

  -A  Displays either the address of any protocol control blocks associated
      with sockets or the addresses of routing table entries with bitmasks.
      Typically, this option is	used for debugging.

  -b  Displays the contents of the Mobile IPv6 binding cache. You can use
      this option with the -s option to	display	binding	cache statistics.

  -d  Displays the number of dropped packets; for use with the -I interface
      or -i options. You can also specify an interval argument (in seconds).

  -f address_family
      Limits reports to	the specified address family. The address families
      that can be specified might include the following:

      inet
	  Specifies reports of the AF_INET family, if present in the kernel.

      inet6
	  Specifies reports of the AF_INET6 family, if present in the kernel.

      unix
	  Specifies reports of the AF_UNIX family, if present in the kernel.

      all Lists	information about all address families in the system.

      any Lists	information about any address families in the system.

  -g  Displays statistics since	the system was last booted. By default,	the
      command displays statistics since	they were last zeroed. Use this
      option with the -p and -s	options	only.

  -H  Displays the current ARP table (behaves like arp -a).

  -i  Displays the state of configured interfaces. (Interfaces that are	stat-
      ically configured	into the system, but not located at system startup,
      are not shown.)

      When used	with the -a option, it displays	IP (IPv4 and IPv6) and link-
      level addresses associated with the interfaces.

      You can use the -i option	to retrieve your system's hardware address.

  -I interface
      Displays information about the specified interface.

  -I interface -c
      Displays the current access filter for the specified network interface.
      See ifaccess.conf(4) for more information.

  -I interface -s
      Displays the DNA Data Link Layer counters	(64-bit	values)	for the
      specified	network	interface and the adapter's status and characteris-
      tics.  See Network Administration: Connections for a description of the
      display fields.

  -m  Displays information about memory	allocated to data structures associ-
      ated with	network	operations.

  -M  Displays Internet	protocol multicast routing information.	When used
      with the -s option, it displays IP (IPv4 and IPv6) multicast statis-
      tics.

  -n  Displays network address in numerical format with	network	masks in CIDR
      format. When this	option is not specified, the address is	displayed as
      hostname and port	number.	This option can	be used	with any of the
      display formats.

  -o  Displays the DNA Data Link Layer counters	(old 32-bit values) for	the
      specified	network	interface and the adapter's status and characteris-
      tics. Use	this options only with the -I interface	-s command.  See Net-
      work Administration: Connections for a description of the	display
      fields.

  -p protocol
      Displays statistics for protocol,	which you can specify as a well	known
      name or an alias.	To display statistics for all supported	protocols,
      use the -s option	instead	of the -p option.

      Supported	protocol names and their aliases are listed in
      /etc/protocols. A	null listing (0) means that there is no	data to
      report. If routines to report statistics for a specified protocol	are
      not implemented on this system, netstat reports that the protocol	is
      unknown.

  -r  Displays the host's routing tables. When used with the -s	option,	shows
      the host's routing statistics instead of routing tables.

  -R  Display's	the host's routing tables on each Resource Affinity Domain
      (RAD), if	your system has	NUMA-capable hardware.

  -s  Displays statistics for all supported protocols. To display statistics
      for a particular protocol, use the -p protocol option instead of the -s
      option.

      To display the DNA Data Link Layer counters (64-bit values) for a	par-
      ticular network interface, specify the -I	interface option with the -s
      option.

  -t  Displays timer information; for use with the -I interface	or -i
      options.

  -u  Displays information about domain	sockets	(UNIX domain).

  -v  Displays more verbose output when	specified with the -r, -x, -X
      options.	In the -r case,	route metric values are	displayed. If you
      specify the -v option twice on the command line, the current maximum
      speeds for the route are displayed. In the -x case, details about	the
      error types Security Association (SA) lifetime are displayed. In the -X
      case, the	IKE authentication mode; cipher, hash, and HMAC	algorithms;
      the time the SA was created, last	used, and expiration date and time;
      and the Initiator	and Responder cookies are displayed.

  -x  Displays the status of Internet Protocol Security	(IPsec)	Security
      Associations (SAs). Status information is	updated	every 15 seconds.

  -X  Displays the status of Internet Key Exchange  (IKE) Protocol SAs.

  -z  Displays the current network interface statistics	or protocol statis-
      tics, then sets them to zero. This option	must be	specified with either
      the -I interface option or the -p	protocol option, and it	is not sup-
      ported for all protocols.	In addition, you must be superuser to use
      this option.

DESCRIPTION

  The interval argument	specifies in seconds the interval for updating and
  displaying information. The first line of the	display	shows cumulative
  statistics; subsequent lines show statistics recorded	during interval.

  Default Display


  When used without options, the netstat command displays a list of active
  sockets for each protocol. The default display shows the following items:

    +  Local and remote	addresses

    +  Send and	receive	queue sizes (in	bytes)

    +  Protocol

    +  State

  Address formats are of the form host.port or network.port if a socket's
  address specifies a network but no specific host address. The	host and net-
  work address are displayed symbolically unless -n is specified.

  Interface Display


  The network interface	display	format provides	a table	of cumulative statis-
  tics for the following:

    +  Interface name

    +  Maximum Transmission Unit (MTU)

    +  Network Address

    +  Packets received	(Ipkts)

    +  Packets received	in error (Ierrs)

    +  Packets transferred (Opkts)

    +  Outgoing	packets	in error (Oerrs)

    +  Collisions

       Note that the collisions	item has different meanings for	different
       network interfaces.

    +  Drops (optional with -d)

    +  Timers (optional	with -t)

  Routing Table	Display


  A route consists of a	destination host or network and	a gateway to use when
  forwarding packets. Direct routes are	created	automatically for each inter-
  face attached	to the local host when you issue the ifconfig command. In
  addition, loopback routes are	created	automatically for each interface
  address that is configured with the ifconfig command.	Routes can be modi-
  fied automatically in	response to the	prevailing condition of	the network.

  The routing-table display format indicates available routes and the status
  of each in the following fields:

  Flags
      Displays the state of the	route as one or	more of	the following:

      c	  This is a cloned route.

      C	  This route is	a cloning route	that was created by the	route com-
	  mand.

      D	  This route was dynamically created by	a redirect.

      f	  Fragment to path MTU size is disabled	on this	route.

      G	  This route is	to a gateway.

      H	  This route is	to a host.

      I	  This route contains valid link-layer information.

      L	  This route is	a loopback route that was created by the kernel.

      m	  This route was created by a Mobile IPv6 binding update.

      M	  This route was modified by a redirect.

      p	  This is a permanent route; it	cannot be modified by a	redirect.

      R	  This is a reject route that was created by the route command.

      S	  This is a static route that was created by the route command.

      U	  Up, or available.

  refcnt
      Provides the current number of active uses for the route.	Connection-
      oriented protocols hold on to a single route for the duration of a con-
      nection; connectionless protocols	obtain routes in the process of	send-
      ing to a destination.

  use Provides a count of the number of	packets	sent using the route.

  interface
      Indicates	the network interface used for the route.

  When the -v option is	specified, the routing table display includes the
  route	metrics. If you	specify	the -v option twice on the command line,
  maximum speed	for the	route and the current speed for	the given interval
  are displayed. An asterisk (*) indicates the metric is locked. See route(8)
  for additional information on	routing.

  Binding Cache	Display


  The association of a mobile node's home address with its care-of address is
  called a binding. Each node that supports IPv6 mobility maintains a cache
  of all bindings. The binding cache display shows all bindings	cached by the
  local	node, including	the following information:

  Flags
      Displays one or more of the following flags supplied in the Binding
      Update:

      A	  The mobile node requested a Binding Acknowledgement.

      H	  This is a home registration.

      D	  The mobile node requested that the home agent	perform	Duplicate
	  Address Detection (DAD).

      R	  The sending mobile node is a router.

  Refs
      Provides the current number of active uses for this binding.

  Plen
      Indicates	the prefix length supplied in the Binding Update.

  Sequence#
      Indicates	the sequence number supplied in	the last Binding Update.

  Lifetime
      Indicates	the time, in seconds, until this binding expires.

  You can also display binding cache statistics	with the -s option.

DIAGNOSTICS

  netstat: unable to connect to	IPsec: No such file or directory
      Verify that IPsec	is enabled on the system. If it	is, verify that	the
      ipsecd daemon is running.	If it is not, start it.	See ipsecd(8) for
      more information.

  no namelist: unable to connect to kloadsrv daemon
      Verify that the kloadsrv daemon is running. If it	is not,	start it. See
      kloadsrv(8) for more information.

  no namelist: requested symbols not found in kernel
      Make sure	that you have not replaced the running kernel with a new ker-
      nel.  You	might need to reboot the system	to correct this	problem.








EXAMPLES

   1.  To show the state of the	configured interfaces, enter:
	    $ netstat -i

   2.  To show the routing tables, enter:
	    $ netstat -r

       The resulting display looks like	the following:
	    Routing Tables
	    Destination	    Gateway	    Flags   Refs    Use	    Interface
	    Netmasks:
	    Inet	    255.255.255.0

	    Route Tree for Protocol Family 2:
	    default	    16.55.5.5		UG   13	 38618	 ln0
	    localhost		 16.55.5.4    UH    2	  29   lo0
	    ethernet	    16.55.5.3	    U	    98	    66760   ln0

       (Output may be formatted	differently on your system.)

   3.  To show the routing tables with network addresses, enter:
	    $ netstat -rn

       The resulting display looks like	the following:
	    Routing tables
	    Destination	     Gateway		Flags	  Refs	   Use	Interface
	    Netmasks:
	    Inet	     0.0.0.0
	    Inet	     255.0.0.0
	    Inet	     255.255.0.0
	    Inet	     255.255.252.0
	    Inet	     255.255.255.0
	    Inet	     255.255.255.224

	    Route Tree for Protocol Family 2:
	    default	     16.140.28.1	UG	    0  6004465	tu0
	    16.140.128/24    16.140.128.198	U	    4	181451	tu0
	    127.0.0.1	     127.0.0.1		UH	    0	     0	lo0
	    194.224/16	     127.0.0.1		UG	    0	     3	lo0
	    194.226/16	     127.0.0.1		UGR	    0	     0	lo0
	    198.119.1/24     198.119.19.76	U	    1	   867	le0
	    198.119.19.64/27 198.119.19.76	U	    0	     1	le0
	    198.119.64.80    198.119.19.24	UGH	    0	     0	le0
	    130.200/16	     16.140.128.1	UG	    0	     0	tu0

   4.  To produce the default display for network connections, enter:
	    $ netstat

       The resulting display might include the following headings:
	    Active Internet connections
	    Proto Recv-Q Send-Q	Local Address	Foreign	Address	  (state)

   5.  To display the ee0 interface counters, enter:
	    $ netstat -Iee0 -s
	    ee0	Ethernet counters at Fri Jul 12	18:38:21 2002

			2172 seconds since last	zeroed
		    25056713 bytes received
		      245436 bytes sent
		      165712 data blocks received
			1901 data blocks sent
		    24850070 multicast bytes received
		      163482 multicast blocks received
			5670 multicast bytes sent
			  39 multicast blocks sent
			  44 blocks sent, initially deferred
			  10 blocks sent, single collision
			   5 blocks sent, multiple collisions
			   0 send failures
			   0 receive failures


   6.  To set the ln0 interface	counters to zero, enter:
	    # netstat -Iln0 -z

   7.  To display IPv6 routing entries,	enter:
	    # netstat -rnf inet6

	    Routing tables
	    Destination	     Gateway		Flags	  Refs	   Use Interface

	    Route Tree for Protocol Family 26
	    default	     Link#8		UCL	    0	     0	ipt0
	    default	     Link#1		UCL	    0	     0	ln0
	    default	     fe80::a00:2bff:fe2d:2b2 UG	    0	     0	ln0
	    3ffe:1200:4110:1::/64 Link#1	UCL	    0	     0	ln0
	    3ffe:1200:4110:1:a00:2bff:fe2c:f632	Link#1 UH   1	     0	ln0
	    fe80::/10	     Link#8		UCL	    0	     0	ipt0
	    fe80::/10	     Link#1		UCL	    0	     0	ln0
	    fe80::108c:1056  Link#8		UHLc	    1	     4	ipt0
	    fe80::108c:80e3  Link#8		UHLc	    0	     0	ipt0
	    fe80::a00:2bff:fe2d:2b2 Link#1	UHLc	    1	     0	ln0
	    ff02::/16	     Link#1		UCL	    0	     0	ln0
	    ff02::/16	     Link#8		UCL	    0	     0	ipt0
	    ff02::1	     16.140.128.227	UHLVc	    0	     8	ipt0
	    ff02::1	     33:33:0:0:0:1	UHLVc	    0	     3	ln0
	    ff02::2	     33:33:0:0:0:2	UHLVc	    0	     1	ln0
	    ff02::2	     16.140.128.227	UHLVc	    1	     2	ipt0
	    ff02::9	     16.140.128.227	UHLVc	    0	     4	ipt0

   8.  To display active IPv6 connections, enter:
	    # netstat -af inet6

	    Active Internet connections	(including servers)
	    Proto Recv-Q Send-Q	 Local Address		   Foreign Address	     (state)
	    tcp	       0      0	 3ffe:1200:4110:1:a00:2bff:fe2c:f632.1054  host1.corp.com.telnet ESTABLISHED
	    tcp	       0      0	 *.finger		   *.*			     LISTEN
	    tcp	       0      0	 *.telnet		   *.*			     LISTEN
	    tcp	       0      0	 *.ftp			   *.*			     LISTEN

   9.  To display binding cache	statistics for a node that supports IPv6
       mobility, enter:
	    # netstat -bs

	    Mobile IPv6:
		    0 entries in binding cache
		    2 adds
		    2 deletes
		    0 changes
		    2 frees
		    4 lookups

   10. To display active IPsec connections, enter:
	    # netstat -xv
	    Type     Local Selector	      Remote Selector	       SPI	  Pkts Errs
		AuthErr	 CiphErr  Replays Algorithms	       Lifetime
	    ah/tn/o  16.140.64.106	      16.140.64.223	       aca02157	    13 0
		      0	       0	0 hmac-sha1-96		95/1800	sec 1/204800 KB
	    ah/tn/i  16.140.64.106	      16.140.64.223	       1e98997e	    13 0
		      0	       0	0 hmac-sha1-96		95/1800	sec 1/204800 KB
	    esp/tr/o 10.0.1.106		      10.0.1.223		b12e78c	   104 0
		      0	       0	0 3des-cbc/hmac-sha1-96	105/600	sec
	    esp/tr/i 10.0.1.106		      10.0.1.223	       45136ea8	   104 0
		      0	       0	0 3des-cbc/hmac-sha1-96	105/600	sec

   11. To display the status of	all IKE	SAs, enter:
	    # netstat -Xv
	    I/R	Local identifier	      Remote identifier		   Bytes
	     I	ipv4(udp:500,10.0.1.106)      ipv4(udp:500,0.0.0.0)	   788
		Pre-shared Keys	/ 3des-cbc / sha1 / hmac-sha1
		Created: Mon Oct 16 2000 11:48:14
		Used: Mon Oct 16 2000 11:48:15
		Expires: Mon Oct 16 2000 11:58:14
		I-Cookie: 0x7b8736bbf2000000 R-Cookie: 0x6e3dd6fac7000000
	     R	ipv4(udp:500,16.140.64.106)   ipv4(udp:500,16.140.64.223)  1250
		RSA Signature /	3des-cbc / sha1	/ hmac-sha1
		Created: Mon Oct 16 2000 11:48:26
		Used: Mon Oct 16 2000 11:48:27
		Expires: Mon Oct 16 2000 12:48:26
		I-Cookie: 0x7708cf3046000001 R-Cookie: 0xdb273e99e3000001

   12. To display the statistics from the IPsec	kernel packet processing
       engine, enter:
	    # netstat -p ipsec
	    ipsec:
		    13476 total	packets	processed by IPsec engine
		    13467 IP packets processed by IPsec	engine
		    54 AH headers processed
		    246	ESP headers processed
		    2 packets triggered	an IKE action
		    192	packets	dropped	by IPsec
		    13282 packets passed through by IPsec



SEE ALSO

  Commands:  vmstat(1),	route(8)

  Network Administration: Connections