netstat
NAME
netstat - show network statusSYNOPSIS
netstat [ -anv ] [ -f address_family ] netstat [ -g | -p | -s ] [ -n ] [ -f address_family ] [ -P protocol ] netstat -m netstat -i [ -I interface ] [ -an ] [ -f address_family ] [ interval ] netstat -r [ -anv ] [ -f address_family ] netstat -M [ -ns ] [ -f address_family ] netstat -D [ -I interface ] [ -f address_family ]DESCRIPTION
netstat displays the contents of certain network-related data structures in various formats, depending on the options you select. The first form of the command displays a list of active sockets for each protocol. The second form selects one from among various other network data structures. The third form shows the state of the interfaces. The fourth form displays the routing table, the fifth form displays the multicast routing table, and the sixth form displays the state of DHCP on one or all interfaces. With no arguments, netstat prints connected sockets for PF_INET, PF_INET6, and PF_UNIX, unless modified otherwise by the -f option.OPTIONS
-a Show the state of all sockets, all routing table entries, or all interfaces, both physical and logical. Normally, sockets used by server processes are not shown. Only interface, host, network, and default routes are shown. Also, only the status of physical interfaces are shown. -f address_family Limit all displays to those of the specified address_family. The value of address_family can be one of the following: inet For the AF_INET address family showing IPv4 information. inet6 For the AF_INET6 address family showing IPv6 information. unix For the AF_UNIX address family. -g Show the multicast group memberships for all inter- faces. -i Show the state of the interfaces that are used for IP traffic. Normally this shows status and statistics for the physical interfaces. When combined with the -a option, this will also report information for the log- ical interfaces. See ifconfig(1M). -m Show the STREAMS statistics. -n Show network addresses as numbers. netstat normally displays addresses as symbols. This option may be used with any of the display formats. -p Show the net to media tables. -r Show the routing tables. Normally, only interface, host, network, and default routes are shown, but when this option is combined with the -a option, all routes will be printed, including cache. -s Show per-protocol statistics. When used with the -M option, show multicast routing statistics instead. When used with the -a option, per-interface statistics will be displayed, when available, in addition to statistics global to the system. -v Verbose. Show additional information for the sockets and the routing table. -I interface Show the state of a particular interface. interface can be any valid interface such as hme0 or le0. Nor- mally, the status and statistics for physical inter- faces are displayed. When this option is combined with the -a option, information for the logical interfaces is also reported. -M Show the multicast routing tables. When used with the -s option, show multicast routing statistics instead. -P protocol Limit display of statistics or state of all sockets to those applicable to protocol. The protocol can be one of ip, ipv6, icmp, icmpv6, igmp, udp, tcp, rawip. The command accepts protocol options only as all lower- case. -D Show the status of DHCP configured interfaces.OPERANDS
interval If interval is specified, netstat displays interface information over the last interval seconds, repeating forever. DISPLAYS Active Sockets (First Form) The display for each active socket shows the local and remote address, the send and receive queue sizes (in bytes), the send and receive windows (in bytes), and the internal state of the protocol. The symbolic format normally used to display socket addresses is either hostname.port when the name of the host is specified, or network.port if a socket address specifies a network but no specific host. The numeric host address or network number associated with the socket is used to look up the corresponding symbolic hostname or network name in the hosts or network database. If the network or hostname for an address is not known, or if the -n option is specified, the numerical network address is shown. Unspecified, or "wildcard", addresses and ports appear as "*". For more information regarding the Internet naming conventions, refer to inet(7P) and inet6(7P). TCP Sockets The possible state values for TCP sockets are as follows: BOUND Bound, ready to connect or listen. CLOSED Closed. The socket is not being used. CLOSING Closed, then remote shutdown; awaiting acknowledgment. CLOSE_WAIT Remote shutdown; waiting for the socket to close. ESTABLISHED Connection has been established. FIN_WAIT_1 Socket closed; shutting down connection. FIN_WAIT_2 Socket closed; waiting for shutdown from remote. IDLE Idle, opened but not bound. LAST_ACK Remote shutdown, then closed; awaiting acknowledgment. LISTEN Listening for incoming connections. SYN_RECEIVED Initial synchronization of the connection under way. SYN_SENT Actively trying to establish connection. TIME_WAIT Wait after close for remote shutdown retransmission. Network Data Structures (Second Form) The form of the display depends upon which of the -g, -m, -p, or -s options you select. -g Displays the list of multicast group membership. -m Displays the memory usage, for example, STREAMS mblks. -p Displays the net to media mapping table. For IPv4, the address resolution table is displayed. See arp(1M). For IPv6, the neighbor cache is displayed. -s Displays the statistics for the various protocol layers. The statistics use the MIB specified variables. The defined values for ipForwarding are: forwarding(1) Acting as a gateway. not-forwarding(2) Not acting as a gateway. The IPv6 and ICMPv6 protocol layers maintain per-interface statistics. If the -a option is specified with the -s option, then the per-interface statistics as well as the total sums are displayed. Otherwise, just the sum of the statistics are shown. If you specify more than one of these options, netstat displays the information for each one of them. Interface Status (Third Form) The interface status display lists information for all current interfaces, one interface per line. If an interface is specified using the -I option, it displays information for only the specified interface. The list consists of the interface name, mtu (maximum transmission unit, or maximum packet size)(see ifconfig(1M)), the network to which the interface is attached, addresses for each interface, and counter associ- ated with the interface. The counters show the number of input packets, input errors, output packets, output errors, and collisions, respectively. For Point-to-Point interfaces, the Net/Dest field is the name or address on the other side of the link. If the -a optionis specified with either the -i option or the -I option, then the output includes additional informa- tion about the physical interface(s), input packets, input packets and output packets for each logical interface, for example the local IP address, associated with the physical interface(s). If the -n option is specified, the list displays the IP address instead of the interface name. If an optional interval is specified, the output will be continuously displayed in interval seconds until inter- rupted by the user. The input interface is specified using the -I option. In this case, the list only displays traffic information in columns; the specified interface is first, the total count is second. This column list has the format of: input le0 output input (Total) output packets errs packets errs colls packets errs packets errs colls 227681 0 659471 1 502 261331 0 99597 1 502 10 0 0 0 0 10 0 0 0 0 8 0 0 0 0 8 0 0 0 0 10 0 2 0 0 10 0 2 0 0 If the input interface is not specified, the first interface of address family inet or inet6 will be displayed. Routing Table (Fourth Form) The routing table display lists the available routes and the status of each. Each route consists of a destination host or network, and a gateway to use in forwarding packets. The flags column shows the status of the route (U if "up"), whether the route is to a gateway (G), and whether the route was created dynamically by a redirect (D). If the -a option is specified, there will be routing entries with flags for combined routing and address resolution entries (A), broad- cast addresses (B), and the local addresses for the host (L). Interface routes are created for each interface attached to the local host; the gateway field for such entries shows the address of the outgoing interface. The use column displays the number of packets sent using a combined routing and address resolution (A) or a broadcast (B) route. For a local (L) route, this count is the number of packets received, and for all other routes it is the number of times the routing entry has been used to create a new combined route and address resolution entry. The interface entry indicates the network interface utilized for the route. Multicast Routing Tables (Fifth Form) The multicast routing table consists of the virtual inter- face table and the actual routing table. DHCP Interface Information (Sixth Form) The DHCP interface information consists of the interface name, its current state, lease information, packet counts, and a list of flags. The states correlate with the specifications set forth in RFC 2131. Lease information includes: + when the lease began; + when lease renewal will begin; and + when the lease will expire. The flags currently defined include: BOOTP The interface has a lease obtained through BOOTP. BUSY The interface is busy with a DHCP transaction. PRIMARY The interface is the primary interface. See dhcpinfo(1). FAILED The interface is in failure state and must be manually restarted. Packet counts are maintained for the number of packets sent, the number of packets received, and the number of lease offers declined by the DHCP client. All three counters are initialized at zero and then incremented while obtaining a lease. The counters are reset when the period of lease renewal begins for the interface. Thus, the counters represent either the number of packets sent, received, and declined while obtaining the current lease, or the number of packets sent, received, and declined while attempting to obtain a future lease.FILES
/etc/default/inet_type DEFAULT_IP settingATTRIBUTES
See attributes(5) for descriptions of the following attri- butes: ____________________________________________________________ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | |_____________________________|_____________________________| | Availability | SUNWcsu | |_____________________________|_____________________________|SEE ALSO
dhcpinfo(1),arp(1M), crash(1M), dhcpagent(1M), ifconfig(1M), iostat(1M), mibiisa(1M), savecore(1M), vmstat(1M), hosts(4), inet_type(4), network(4), protocols(4), services(4), attri- butes(5), inet(7P), inet6(7P) Droms, R., RFC 2131, Dynamic Host Configuration Protocol, Network Working Group, March 1997.NOTES
When printing interface information, netstat honors the DEFAULT_IP setting in /etc/default/inet_type. If it is set to IP_VERSION4, then netstat will omit information relating to IPv6 interfaces, statistics, connections, routes and the like. However you can override the DEFAULT_IP setting in /etc/default/inet_type on the command-line. For example, if you have used the command-line to explicitly request IPv6 information by using the inet6 address family or one of the IPv6 protocols, it will override the DEFAULT_IP setting. If you need to examine network status information following a kernel crash, use the crash(1M) utility on the savecore(1M) output. SunOS 5.8 Last change: 22 Jun 1999 8