netstat - Displays network statistics.
/usr/sbin/netstat [-ARgrn | [-AanXx] [-f address_family]
[-p protocol]] [interval]
/usr/sbin/netstat [-abdgHimMnRrstuv] [-f address_family]
[-p protocol] [interval]
/usr/sbin/netstat [-dnotz] [-I interface [-c | -s]]
[interval]
The netstat command displays network-related data in various
formats.
Displays the state of sockets related to the Internet protocol.
Includes sockets for processes such as servers that
are currently listening at a socket but are otherwise
inactive. Displays either the address of any protocol
control blocks associated with sockets or the addresses of
routing table entries with bitmasks. Typically, this
option is used for debugging. Displays the contents of
the Mobile IPv6 binding cache. You can use this option
with the -s option to display binding cache statistics.
Displays the number of dropped packets; for use with the
-I interface or -i options. You can also specify an interval
argument (in seconds). Limits reports to the specified
address family. The address families that can be
specified might include the following: Specifies reports
of the AF_INET family, if present in the kernel. Specifies
reports of the AF_INET6 family, if present in the
kernel. Specifies reports of the AF_UNIX family, if present
in the kernel. Lists information about all address
families in the system. Lists information about any
address families in the system. Displays statistics since
the system was last booted. By default, the command displays
statistics since they were last zeroed. Use this
option with the -p and -s options only. Displays the current
ARP table (behaves like arp -a). Displays the state
of configured interfaces. (Interfaces that are statically
configured into the system, but not located at system
startup, are not shown.)
When used with the -a option, it displays IP (IPv4
and IPv6) and link-level addresses associated with
the interfaces.
You can use the -i option to retrieve your system's
hardware address. Displays information about the
specified interface. Displays the current access
filter for the specified network interface. See
ifaccess.conf(4) for more information. Displays
the DNA Data Link Layer counters (64-bit values)
for the specified network interface and the
adapter's status and characteristics. See Network
Administration: Connections for a description of
the display fields. Displays information about
memory allocated to data structures associated with
network operations. Displays Internet protocol
multicast routing information. When used with the
-s option, it displays IP (IPv4 and IPv6) multicast
statistics. Displays network address in numerical
format with network masks in CIDR format. When this
option is not specified, the address is displayed
as hostname and port number. This option can be
used with any of the display formats. Displays the
DNA Data Link Layer counters (old 32-bit values)
for the specified network interface and the
adapter's status and characteristics. Use this
options only with the -I interface -s command. See
Network Administration: Connections for a description
of the display fields. Displays statistics
for protocol, which you can specify as a well known
name or an alias. To display statistics for all
supported protocols, use the -s option instead of
the -p option.
Supported protocol names and their aliases are
listed in /etc/protocols. A null listing (0) means
that there is no data to report. If routines to
report statistics for a specified protocol are not
implemented on this system, netstat reports that
the protocol is unknown. Displays the host's routing
tables. When used with the -s option, shows the
host's routing statistics instead of routing
tables. Display's the host's routing tables on
each Resource Affinity Domain (RAD), if your system
has NUMA-capable hardware. Displays statistics for
all supported protocols. To display statistics for
a particular protocol, use the -p protocol option
instead of the -s option.
To display the DNA Data Link Layer counters (64-bit
values) for a particular network interface, specify
the -I interface option with the -s option. Displays
timer information; for use with the -I interface
or -i options. Displays information about
domain sockets (UNIX domain). Displays more verbose
output when specified with the -r, -x, -X
options. In the -r case, route metric values are
displayed. If you specify the -v option twice on
the command line, the current maximum speeds for
the route are displayed. In the -x case, details
about the error types Security Association (SA)
lifetime are displayed. In the -X case, the IKE
authentication mode; cipher, hash, and HMAC algorithms;
the time the SA was created, last used, and
expiration date and time; and the Initiator and
Responder cookies are displayed. Displays the status
of Internet Protocol Security (IPsec) Security
Associations (SAs). Status information is updated
every 15 seconds. Displays the status of Internet
Key Exchange (IKE) Protocol SAs. Displays the
current network interface statistics or protocol
statistics, then sets them to zero. This option
must be specified with either the -I interface
option or the -p protocol option, and it is not
supported for all protocols. In addition, you must
be superuser to use this option.
The interval argument specifies in seconds the interval
for updating and displaying information. The first line of
the display shows cumulative statistics; subsequent lines
show statistics recorded during interval.
Default Display [Toc] [Back]
When used without options, the netstat command displays a
list of active sockets for each protocol. The default display
shows the following items: Local and remote addresses
Send and receive queue sizes (in bytes) Protocol State
Address formats are of the form host.port or network.port
if a socket's address specifies a network but no specific
host address. The host and network address are displayed
symbolically unless -n is specified.
Interface Display [Toc] [Back]
The network interface display format provides a table of
cumulative statistics for the following: Interface name
Maximum Transmission Unit (MTU) Network Address Packets
received (Ipkts) Packets received in error (Ierrs) Packets
transferred (Opkts) Outgoing packets in error (Oerrs) Collisions
Note that the collisions item has different meanings
for different network interfaces. Drops
(optional with -d) Timers (optional with -t)
Routing Table Display [Toc] [Back]
A route consists of a destination host or network and a
gateway to use when forwarding packets. Direct routes are
created automatically for each interface attached to the
local host when you issue the ifconfig command. In addition,
loopback routes are created automatically for each
interface address that is configured with the ifconfig
command. Routes can be modified automatically in response
to the prevailing condition of the network.
The routing-table display format indicates available
routes and the status of each in the following fields:
Displays the state of the route as one or more of the following:
This is a cloned route. This route is a cloning
route that was created by the route command. This route
was dynamically created by a redirect. Fragment to path
MTU size is disabled on this route. This route is to a
gateway. This route is to a host. This route contains
valid link-layer information. This route is a loopback
route that was created by the kernel. This route was created
by a Mobile IPv6 binding update. This route was modified
by a redirect. This is a permanent route; it cannot
be modified by a redirect. This is a reject route that
was created by the route command. This is a static route
that was created by the route command. Up, or available.
Provides the current number of active uses for the route.
Connection-oriented protocols hold on to a single route
for the duration of a connection; connectionless protocols
obtain routes in the process of sending to a destination.
Provides a count of the number of packets sent using the
route. Indicates the network interface used for the
route.
When the -v option is specified, the routing table display
includes the route metrics. If you specify the -v option
twice on the command line, maximum speed for the route and
the current speed for the given interval are displayed. An
asterisk (*) indicates the metric is locked. See route(8)
for additional information on routing.
Binding Cache Display [Toc] [Back]
The association of a mobile node's home address with its
care-of address is called a binding. Each node that supports
IPv6 mobility maintains a cache of all bindings. The
binding cache display shows all bindings cached by the
local node, including the following information: Displays
one or more of the following flags supplied in the Binding
Update: The mobile node requested a Binding Acknowledgement.
This is a home registration. The mobile node
requested that the home agent perform Duplicate Address
Detection (DAD). The sending mobile node is a router.
Provides the current number of active uses for this binding.
Indicates the prefix length supplied in the Binding
Update. Indicates the sequence number supplied in the
last Binding Update. Indicates the time, in seconds,
until this binding expires.
You can also display binding cache statistics with the -s
option.
Verify that IPsec is enabled on the system. If it is, verify
that the ipsecd daemon is running. If it is not, start
it. See ipsecd(8) for more information. Verify that the
kloadsrv daemon is running. If it is not, start it. See
kloadsrv(8) for more information. Make sure that you have
not replaced the running kernel with a new kernel. You
might need to reboot the system to correct this problem.
To show the state of the configured interfaces, enter: $
netstat -i To show the routing tables, enter: $ netstat -r
The resulting display looks like the following:
Routing Tables Destination Gateway
Flags Refs Use Interface Netmasks:
Inet 255.255.255.0
Route Tree for Protocol Family 2: default
16.55.5.5 UG 13 38618 ln0 localhost
16.55.5.4 UH 2 29 lo0 ethernet
16.55.5.3 U 98 66760 ln0
(Output may be formatted differently on your system.)
To show the routing tables with network
addresses, enter: $ netstat -rn
The resulting display looks like the following:
Routing tables Destination Gateway
Flags Refs Use Interface Netmasks: Inet
0.0.0.0 Inet 255.0.0.0 Inet
255.255.0.0 Inet 255.255.252.0 Inet
255.255.255.0 Inet 255.255.255.224
Route Tree for Protocol Family 2: default
16.140.28.1 UG 0 6004465 tu0
16.140.128/24 16.140.128.198 U 4
181451 tu0 127.0.0.1 127.0.0.1 UH
0 0 lo0 194.224/16 127.0.0.1
UG 0 3 lo0 194.226/16
127.0.0.1 UGR 0 0 lo0
198.119.1/24 198.119.19.76 U 1
867 le0 198.119.19.64/27 198.119.19.76 U
0 1 le0 198.119.64.80 198.119.19.24
UGH 0 0 le0 130.200/16
16.140.128.1 UG 0 0 tu0 To
produce the default display for network connections,
enter: $ netstat
The resulting display might include the following
headings: Active Internet connections Proto Recv-Q
Send-Q Local Address Foreign Address (state) To
display the ee0 interface counters, enter: $ netstat
-Iee0 -s ee0 Ethernet counters at Fri Jul 12
18:38:21 2002
2172 seconds since last zeroed
25056713 bytes received
245436 bytes sent
165712 data blocks received
1901 data blocks sent
24850070 multicast bytes received
163482 multicast blocks received
5670 multicast bytes sent
39 multicast blocks sent
44 blocks sent, initially deferred
10 blocks sent, single collision
5 blocks sent, multiple collisions
0 send failures
0 receive failures
To set the ln0 interface counters to zero, enter: #
netstat -Iln0 -z To display IPv6 routing entries,
enter: # netstat -rnf inet6
Routing tables Destination Gateway
Flags Refs Use Interface
Route Tree for Protocol Family 26 default
Link#8 UCL 0 0 ipt0
default Link#1 UCL 0
0 ln0 default fe80::a00:2bff:fe2d:2b2 UG
0 0 ln0 3ffe:1200:4110:1::/64 Link#1
UCL 0 0 ln0
3ffe:1200:4110:1:a00:2bff:fe2c:f632 Link#1 UH 1
0 ln0 fe80::/10 Link#8 UCL
0 0 ipt0 fe80::/10 Link#1
UCL 0 0 ln0 fe80::108c:1056 Link#8
UHLc 1 4 ipt0 fe80::108c:80e3
Link#8 UHLc 0 0 ipt0
fe80::a00:2bff:fe2d:2b2 Link#1 UHLc 1
0 ln0 ff02::/16 Link#1 UCL
0 0 ln0 ff02::/16 Link#8
UCL 0 0 ipt0 ff02::1
16.140.128.227 UHLVc 0 8 ipt0
ff02::1 33:33:0:0:0:1 UHLVc 0
3 ln0 ff02::2 33:33:0:0:0:2 UHLVc
0 1 ln0 ff02::2 16.140.128.227
UHLVc 1 2 ipt0 ff02::9
16.140.128.227 UHLVc 0 4 ipt0 To
display active IPv6 connections, enter: # netstat
-af inet6
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign
Address (state) tcp 0 0
3ffe:1200:4110:1:a00:2bff:fe2c:f632.1054
host1.corp.com.telnet ESTABLISHED tcp 0
0 *.finger *.*
LISTEN tcp 0 0 *.telnet
*.* LISTEN tcp 0
0 *.ftp *.*
LISTEN To display binding cache statistics for a
node that supports IPv6 mobility, enter: # netstat
-bs
Mobile IPv6:
0 entries in binding cache
2 adds
2 deletes
0 changes
2 frees
4 lookups To display active IPsec connections,
enter: # netstat -xv Type Local Selector
Remote Selector SPI Pkts Errs
AuthErr CiphErr Replays Algorithms
Lifetime ah/tn/o 16.140.64.106
16.140.64.223 aca02157 13 0
0 0 0 hmac-sha1-96
95/1800 sec 1/204800 KB ah/tn/i 16.140.64.106
16.140.64.223 1e98997e 13 0
0 0 0 hmac-sha1-96
95/1800 sec 1/204800 KB esp/tr/o 10.0.1.106
10.0.1.223 b12e78c 104 0
0 0 0 3des-cbc/hmac-sha1-96
105/600 sec esp/tr/i 10.0.1.106
10.0.1.223 45136ea8 104 0
0 0 0 3des-cbc/hmac-sha1-96
105/600 sec To display the status of all IKE SAs,
enter: # netstat -Xv I/R Local identifier
Remote identifier Bytes
I ipv4(udp:500,10.0.1.106)
ipv4(udp:500,0.0.0.0) 788
Pre-shared Keys / 3des-cbc / sha1 / hmac-sha1
Created: Mon Oct 16 2000 11:48:14
Used: Mon Oct 16 2000 11:48:15
Expires: Mon Oct 16 2000 11:58:14
I-Cookie: 0x7b8736bbf2000000 R-Cookie:
0x6e3dd6fac7000000
R ipv4(udp:500,16.140.64.106)
ipv4(udp:500,16.140.64.223) 1250
RSA Signature / 3des-cbc / sha1 / hmac-sha1
Created: Mon Oct 16 2000 11:48:26
Used: Mon Oct 16 2000 11:48:27
Expires: Mon Oct 16 2000 12:48:26
I-Cookie: 0x7708cf3046000001 R-Cookie:
0xdb273e99e3000001 To display the statistics from
the IPsec kernel packet processing engine, enter: #
netstat -p ipsec ipsec:
13476 total packets processed by IPsec
engine
13467 IP packets processed by IPsec engine
54 AH headers processed
246 ESP headers processed
2 packets triggered an IKE action
192 packets dropped by IPsec
13282 packets passed through by IPsec
Commands: vmstat(1), route(8)
Network Administration: Connections
netstat(1)
[ Back ] |
