ipstat [-cmnrt] [-a address[,address...]] [-A address[,address...]] [-d d|u] [-i interface[ ,interface...]] [-l nlines] [-p protocol[,protocol... ]] [-s key | -S key] [ -u R|K|M|G|T|P] [-x opt[=val][ ,opt[=val]...]] [interval [count]]
The ipstat utility gathers and reports statistics on IP traffic based on the selected output mode and sort order. ipstat provides options to gather and report statistics only on IP traffic matching specified source or destination address, interface, and higher layer protocol.
The following options are supported:
Filter on source address.
Filter on destination address.
Print new reports below previous reports instead of overprinting them.
Print a timestamp for each report in either standard date format (-d d) or in seconds since epoch, that is, Unix time (-d u).
Filter on interface name.
The number of lines of data to output per report.
Produce machine-parsable output.
Show network addresses as numbers. Do not resolve IP addresses to hostnames.
Filter on protocol name.
Only display data for packets being received.
Sort in ascending (–S) or descending (–s) order by key, where the keys are as follows:
source - source IP address
dest - destination IP address
proto - higher-level protocol
int - interface name
bytes - amount of data
By default, the data is sorted in descending order by bytes.
Only display data for packets being transmitted.
If used, allows choosing the unit in which to display all statistics, for example, R: raw count, K: Kilobits, M:Megabits, T: Terabits, P: Petabits. If not used, then different units, as appropriate, are used to display the statistics, using the format xy.zU, where x, y, and z are numbers and U is the appropriate unit.
Enable or modify a DTrace runtime option or D compiler option. The full list of options is found in dtrace(1M). For this utility, the aggsize and aggrate options will be most useful. The utility will display an error message similar to the following if you need to modify one of these options:
Data dropped. Consider using '-x aggsize=8k' option.
The default for aggsize is 512k. The default for aggrate is 1Hz.
The following list defines the column headings and the meanings of an ipstat report:
The source IP address or hostname associated with this traffic.
The destination IP address or hostname associated with this traffic.
The higher layer protocol associated with this traffic (TCP, UDP, SCTP,).
The name of the interface associated with this traffic.
The rate of IP traffic over the sampling interval. In regular output, the rate is reported in bytes (no suffix), kilobytes (K), megabytes (M), gigabytes(G), terabytes (T), or petabytes(P) per second. In machine-parsable output, the rate is given in bytes per second. The –u option can be used to specify a fixed unit for this number.
The following operands are supported:
Specifies the number of times that the statistics are to be repeated. By default, ipstat reports statistics until a termination signal is received.
Specifies the sampling interval in seconds; the default interval is 5 seconds.
The following exit values are returned:
Successful completion.
An error occurred.
The following command reports the five most active IP traffic flows.
$ ./ipstat -l 5 SOURCE DEST PROTO IFNAME BYTES adc-twvpn-2.oraclevpn.com duff.cs.uni.edu UDP net0 6.6K inet-bip2v-10.oracle.com bud.bang.uni.edu TCP tun0 6.1K duff.cs.uni.edu adc-twvpn-2.oraclevpn.com UDP net0 964.0 bud.bang.uni.edu inet-bip2v-10.oracle.com TCP tun0 563.0 coors.foo.uni.edu 255.255.255.255 UDP net0 66.0 Total: bytes in: 12.6K bytes out: 2.2KExample 2 Displaying a Timestamp
The following command reports the top IP traffic with a timestamp in standard date format. New reports are printed below previous reports, and the interval is set to ten seconds.
$ ./ipstat -d d -c 10 Monday, March 26, 2012 08:34:07 PM EDT SOURCE DEST PROTO IFNAME BYTES adc-twvpn-2.oraclevpn.com duff.cs.uni.edu UDP net0 15.1K inet-bip2v-10.oracle.com bud.bang.uni.edu TCP tun0 13.9K duff.cs.uni.edu adc-twvpn-2.oraclevpn.com UDP net0 2.4K bud.bang.uni.edu inet-bip2v-10.oracle.com TCP tun0 1.5K coors.foo.uni.edu 255.255.255.255 UDP net0 66.0 bigip-stbeehive-adc.oracle bud.bang.uni.edu TCP tun0 29.0 bud.bang.uni.edu bigip-stbeehive-adc.oracle TCP tun0 20.0 Total: bytes in: 29.1K bytes out: 3.8KExample 3 Specifying a DTrace Runtime Option
The following command sets the DTrace runtime option aggsize to 4K. As this is too small for the collected data, an error is displayed to indicate that data has been dropped.
$ ./ipstat -c -x aggsize=4k 10 SOURCE DEST PROTO IFNAME BYTES adc-twvpn-3.oraclevpn.com duff.cs.uni.edu UDP net0 11.1K adc-proxy.oracle.com stella.baz.uni.edu TCP tun0 10.3K duff.cs.uni.edu adc-twvpn-3.oraclevpn.com UDP net0 907.0 stella.baz.uni.edu adc-proxy.oracle.com TCP tun0 505.0 coors.foo.uni.edu 255.255.255.255 UDP net0 66.0 duff-lite.cs.uni.edu 182.168.1.255 UDP net0 22.0 duff.cs.uni.edu adc-twvpn-3.oraclevpn.com TCP net0 7.0 adc-twvpn-3.oraclevpn.com duff.cs.uni.edu TCP net0 7.0 coors.foo.uni.edu 169.254.1.255 UDP net0 2.0 Data dropped. Consider using '-x aggsize=8k' option. Total: bytes in: 21.5K bytes out: 2.1KExample 4 Generating Machine-Parsable Output
The following command displays the data in one-second intervals in a machine-parsable format with a Unix-format timestamp.
$ ./ipstat -d u -m 1 timestamp:1333141886 duff.cs.uni.edu:duff-dry.cs.uni.edu:TCP:net0:144 duff-dry.cs.uni.edu:duff.cs.uni.edu:SCTP:net0:128 duff.cs.uni.edu:duff-dry.cs.uni.edu:SCTP:net0:128 duff-dry.cs.uni.edu:duff.cs.uni.edu:TCP:net0:80 coors.foo.uni.edu:169.254.1.255:UDP:net0:40 total:280:240 timestamp:1333141887 duff.cs.uni.edu:duff-dry.cs.uni.edu:TCP:net0:144 duff.cs.uni.edu:duff-dry.cs.uni.edu:SCTP:net0:128 duff-dry.cs.uni.edu:duff.cs.uni.edu:SCTP:net0:104 duff-dry.cs.uni.edu:duff.cs.uni.edu:TCP:net0:80 total:228:228
See attributes(5) for descriptions of the following attributes:
|
The data presented are not sampled data. The values represent an accurate count of the IP traffic. In the event that data are dropped, an error message will be displayed to indicate this.