You use the netstat command to generate displays that show network status and protocol statistics. You can display the status of TCP, SCTP, and UDP endpoints in table format, as well as display routing table and interface information.
The netstat command displays various types of network data, depending on which command-line option you specify. The information that is displayed is particularly useful for system administration. The options that are used for some of the more commonly performed tasks are described in this chapter. For complete details, see the netstat(1M) man page.
This section contains the following topics:
Displaying Additional Network Status With the netstat Command
You can use the netstat command to display both IPv4 and IPv6 network status. You can choose which protocol information to display by setting the DEFAULT_IP value in the /etc/default/inet_type file or by using the –f option. By permanently setting the DEFAULT_IP value, you can ensure that the netstat command displays only IPv4 information. To override this setting, use the –f option from the command line. For more information about the inet_type file, see the inet_type(4) man page.
Use can also use the –f option to specify the inet, inet6, unix (for UNIX domain sockets that used for internal communication) or sdp (Socket Description Protocol) arguments.
Use the netstat command to view the status of the sockets on a local host. You can specify several netstat command options as a regular user.
Display the status of connect sockets as follows:
% netstat
Display the status of all sockets, including unconnected listener sockets, as follows:
% netstat -aExample 2 Displaying Connected Sockets
The output of the netstat command shows extensive statistics. The following example shows how you would limit the output to IPv4 sockets only.
% netstat -f inet TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ----------- system-1.ssh remote.38474 128872 0 128872 0 ESTABLISHED system2.40721 remote.ldap 49232 0 128872 0 ESTABLISHED
The netstat –s option displays protocol statistics for the UDP, TCP, SCTP, Internet Control Message Protocol (ICMP), and IP protocols.
Display protocol status as follows:
% netstat -s
Use the –P option to filter the output of the netstat command by protocol. This option is not limited to transport protocols.
You can specify the following values with this option:
icmp
icmpv6
igmp
ipv6tcp
rawip
sctp
tcp
udp
For example, you would filter the netstat output by the UDP protocol as follows:
# netstat -aP udp UDP: IPv4 Local Address Remote Address State Send Buf TxOverflows Recv Buf RxOverflows ---------------- ---------------- ------- --------- ------------ -------- -------- *.* Unbound 57344 0 57344 0 *.* Unbound 57344 0 57344 0 *.* Unbound 57344 0 57344 0 *.* Unbound 57344 0 57344 0 ... *.bootpc Idle 57344 0 57344 0 *.dhcpv6-client Idle 57344 0 57344 0 ip-10-134-63-206.bootpc Idle 57344 0 57344 0 *.sunrpc Idle 57344 0 57344 0 *.* Unbound 57344 0 57344 0 *.59730 Idle 57344 0 57344 0 *.sunrpc Idle 57344 0 57344 0 *.* Unbound 57344 0 57344 0 *.47158 Idle 57344 0 57344 0 *.* Unbound 57344 0 57344 0 *.631 Idle 57344 0 57344 0 *.ntp Idle 57344 0 57344 0 *.ntp Idle 57344 0 57344 0 localhost.ntp Idle 57344 0 57344 0 ip-10-134-63-206.ntp Idle 57344 0 57344 0 UDP: IPv6 Local Address Remote Address State If Send Buf TxOverflows Recv Buf RxOverflows ----------------- ------------- ---------- ----- -------- ----------- -------- ------- *.* Unbound 57344 0 57344 0 *.* Unbound 57344 0 57344 0 *.* Unbound 57344 0 57344 0 *.* Unbound 57344 0 57344 0 *.dhcpv6-client Idle 57344 0 57344 0 ... localhost.ntp Idle 57344 0 57344 0
As shown in the previous output, the netstat –P udp command displays the following four additional statistics in Oracle Solaris 11.3:
Displays socket send buffer statistics.
Displays socket receive buffer statistics.
Displays the number of times overflow for transmitting packets occurred. The counter is increased whenever IP cannot send the outgoing packet to the MAC layer due to unavailable space.
Displays the number of times that an overflow for receiving packets occurred. The counter is increased whenever IP cannot send the incoming packet to the socket due to unavailable space The incoming packet is dropped in the case of an Rx overflow.
The following example shows how you would display the results for the TCP protocol by specifying the –P option.
% netstat -P tcp TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State ----------------- -------------------- ----- ------ ----- ------ ------- lhost-1.login abc.local.example.COM.980 49640 0 49640 0 ESTABLISHED lhost.login ghi.local.example.COM.1020 49640 1 49640 0 ESTABLISHED remhost.1014 mno.remote.example.COM.nfsd 49640 0 49640 0 TIME_WAIT TCP: IPv6 Local Address Remote Address Swind Send-Q Rwind Recv-Q State If ---------------- ---------------------- ------ ----- ------ ----------- ----- localhost.38983 localhost.32777 49152 0 49152 0 ESTABLISHED localhost.32777 localhost.38983 49152 0 49152 0 ESTABLISHED localhost.38986 localhost.38980 49152 0 49152 0 ESTABLISHED
Use the –i option of the netstat command to display the state of the network interfaces that are configured on a local system. With this option, you can determine the number of packets a system transmits and receives on each network.
Display the status of the interfaces that are on a network as follows:
% netstat -i
The following example shows how you would use the netstat command with a filtering option to limit the output of a specific interface:
% netstat -i -I net0 -f inet Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue net0 1500 abc.example.com abc.example.com 231001 0 55856 0 0 0Example 4 Displaying Network Interface Status
The following example shows the status of IPv4 and IPv6 packet flow through the system's interfaces. For example, the input packet count (Ipkts) that is displayed for a server can increase each time a client tries to boot, while the output packet count (Opkts) remains steady. This outcome suggests that the server is recognizing the boot request packets from the client. However, the server does not know to respond to them. This confusion might be caused by an incorrect address in the hosts, or ethers database.
If the input packet count is steady over time, then the tem does not see the packets at all. This outcome suggests a different type of failure, possibly a hardware problem.
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue lo0 8232 loopback localhost 142 0 142 0 0 0 net0 1500 host58 host58 1106302 0 52419 0 0 0 Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis lo0 8252 localhost localhost 142 0 142 0 0 net0 1500 fe80::a00:20ff:feb9:4c54/10 fe80::a00:20ff:feb9:4c54 1106305 0 52422 0 0
The netstat command includes a –u option that you can use to obtain information about users and processes on the system that are using specific ports. Use the netstat –u command to display the user, process ID, and the program that created the network endpoint or the program that currently controls the network endpoint.
To produce better alignment of the netstat command output, you can specify the –n option with the –u option. For more information and detailed examples, see the netstat(1M) man page.
Use the –r option with the netstat command to display the routing table for a local tem. This table displays the status of all routes that are known to a stem.
% netstat -rExample 5 Displaying Routing Table Output With the netstat Command
The following example shows the output of the netstat –r command.
Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- host15 myhost U 1 31059 net0 203.0.113.14 myhost U 1 0 net0 default distantrouter UG 1 2 net0 localhost localhost UH 42019361 lo0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --------------------- --------------------------- ----- --- ------ ----- 2002:0a00:3010:2::/64 2002:0a00:3010:2:1b2b:3c4c:5e6e:abcd U 1 0 net0:1 fe80::/10 fe80::1a2b:3c4d:5e6f:12a2 U 1 23 net0 ff00::/8 fe80::1a2b:3c4d:5e6f:12a2 U 1 0 net0 default fe80::1a2b:3c4d:5e6f:12a2 UG 1 0 net0 localhost localhost UH 9 21832 lo0
The following table describes the information that is displayed in the output of the netstat –r command.
|
You can use the netstat command with various other command-line options to display additional network status, beyond what is documented in this chapter. There are 10 forms of the command and each form produces a different table of statistics about the various parts of the networking subsystem.
Some of the additional statistics that you can obtain include the following:
Displays multicast group memberships
Displays net-to-media tables: ARP and NDP mappings
Displays STREAMS memory statistics
Displays the multicast routing table
Displays the status of DHCP leases
Displays the destination cache table
For complete details, see the netstat(1M) man page.