test

System Administration Guide: IP Services

netstat Command

The netstat command generates displays that show network status and protocol statistics. You can display the status of TCP and UDP endpoints in table format, routing table information, and interface information.

netstat displays various types of network data, depending on the command-line option that is selected. These displays are the most useful for system administration. The syntax for this form follows:

netstat [-m] [-n] [-s] [-i | -r] [-f address_family]

The most frequently used options for determining network status are s, r, and i. See the netstat(1M) man page for a description of the options.

netstat Command Task Map

Table 4–8 netstat Command Task Map

Task 

Description 

For Instructions, Go To ... 

Display statistics by protocol 

Involves using the -s option of the netstat command

How to Display Statistics by Protocol

Display network interface status 

Involves using the -i option of the netstat command

How to Display Network Interface Status

Display routing table status 

Involves using the -r option of the netstat command

How to Display Routing Table Status

How to Display Statistics by Protocol

The netstat -s option displays by protocol statistics for the UDP, TCP, ICMP, and IP protocols.

    On the command line, type the following command.


    % netstat -s

The result resembles the display that is shown in the following example. (Parts of the output have been truncated.) The information can indicate areas where a protocol is having problems. For example, statistical information from ICMP can indicate where this protocol has found errors. 


UDP
 
      udpInDatagrams      =  39228     udpOutDatagrams     =  2455  
      udpInErrors         =     0
 
TCP
 
      tcpRtoAlgorithm     =     4      tcpMaxConn          =    -1
      tcpRtoMax           = 60000      tcpPassiveOpens     =     2
      tcpActiveOpens      =     4      tcpEstabResets      =     1
      tcpAttemptFails     =     3      tcpOutSegs          =   315
			.
			.
IP
 
      ipForwarding        =     2      ipDefaultTTL        =   255
      ipInReceives        =  4518      ipInHdrErrors       =     0
			.
			. 
ICMP
 
      icmpInMsgs          =     0      icmpInErrors        =     0
      icmpInCksumErrs     =     0      icmpInUnknowns      =     0
			.
			. 
 
IGMP:
 
0 messages received
0 messages received with too few bytes
0 messages received with bad checksum
0 membership queries received
0 membership queries received with invalid field(s)
0 membership reports received
0 membership reports received with invalid field(s)
0 membership reports received for groups to which we belong
0 membership reports sent

How to Display Network Interface Status

The i option of netstat shows the state of the network interfaces that are configured with the machine where you ran the command.

    On the command line, type the following command:


    % netstat -i

netstat -i produced the following sample display: 


 
Name Mtu  Net/Dest     Address   Ipkts    Ierrs Opkts    Oerrs  Collis  Queue
le0  1500 b5-spd-2f-cm tatra     14093893 8492  10174659 1119   2314178   0
lo0  8232 loopback     localhost 92997622 5442  12451748 0      775125    0

Using this display, you can determine the number of packets a machine transmits and receives on each network. For example, the input packet count (Ipkts) that are displayed for a server can increase each time a client tries to boot, while the output packet count (Opkts) remains steady. This outcome suggests that the server is seeing the boot request packets from the client, but does not realize that the server is supposed to respond to them. This confusion might be caused by an incorrect address in the hosts, ipnodes, or ethers database.

However, if the input packet count is steady over time, then the machine does not see the packets at all. This outcome suggests a different type of failure, possibly a hardware problem.

How to Display Routing Table Status

The -r option of netstat displays the IP routing table.

    On the command line, type the following command.


    % netstat -r

netstat -r produces the following sample display on machine tenere:


Routing tables
Destination   Gateway Flags Refcnt Use   Interface
temp8milptp   elvis   UGH   0      0	
irmcpeb1-ptp0 elvis   UGH   0      0	
route93-ptp0  speed   UGH   0      0	
mtvb9-ptp0    speed   UGH   0      0	
	              .
mtnside       speed   UG    1      567	
ray-net       speed   UG    0      0	
mtnside-eng   speed   UG    0      36	
mtnside-eng   speed   UG    0      558	
mtnside-eng   tenere  U     33     190248  le0

The first column shows the destination network, the second the router through which packets are forwarded. The U flag indicates that the route is up. The G flag indicates that the route is to a gateway. The H flag indicates that the destination is a fully qualified host address, rather than a network.

The Refcnt column shows the number of active uses per route, and the Use column shows the number of packets sent per route. Finally, the Interface column shows the network interface that the route uses.