Man Pages (1M): Maintenance and Administration Commands

netstat(1M)

NAME

netstat- Show network status

SYNOPSIS

netstat

-anv

netstat

-g

-m

-p

-s

-f

address_family

-n

-P

protocol

netstat

-i

-I

interface

interval

netstat

-r

-anv

netstat

-R

-anv

system

core

netstat

-M

-ns

netstat

-D

-I

interface

DESCRIPTION

netstat displays the contents of various network-related data structures in various formats, depending on the options you select.

The first form of the command displays a list of active sockets for each protocol. The second form selects one from among various other network data structures. The third form shows the state of the interfaces. The fourth form displays the routing table, the fifth form displays the routing table with extended metric information, the sixth form displays the multicast routing table, and the seventh form displays the state of DHCP on one or all interfaces.

OPTIONS

-a

Show the state of all sockets and all routing table entries; normally, sockets used by server processes are not shown and only interface, host, network, and default routes are shown.

-f address_family

Limit statistics or address control block reports to those of the specified address_family, which can be one of:

inet: For the AF_INET address family
unix: For the AF_UNIX address family

-g

Show the multicast group memberships for all interfaces.

-i

Show the state of the interfaces that are used for TCP/IP traffic. See ifconfig(1M).

-m

Show the STREAMS statistics.

-n

Show network addresses as numbers. netstat normally displays addresses as symbols. This option may be used with any of the display formats.

-p

Show the address resolution (ARP) tables.

-r

Show the routing tables.

-s

Show per-protocol statistics. When used with the -M option, show multicast routing statistics instead.

-v

Verbose. Show additional information for the sockets and the routing table.

-I interface

Show the state of a particular interface. interface can be any valid interface such as ie0 or le0.

-M

Show the multicast routing tables. When used with the -s option, show multicast routing statistics instead.

-P protocol

Limit display of statistics or state of all sockets to those applicable to protocol.

-d

Show the state of all interfaces that are under Dynamic Host Configuration Protocol (DHCP) control.

-D

Show the status of DHCP configured interfaces.

OPERANDS

interval: If interval is specified, netstat displays interface information over the last interval seconds, repeating forever.

DISPLAYS

Active Sockets (First Form)

netstat [ -anv ] [ system ] [ core ]

The display for each active socket shows the local and remote address, the send and receive queue sizes (in bytes), the send and receive windows (in bytes), and the internal state of the protocol.

The symbolic format normally used to display socket addresses is either

hostname.port

when the name of the host is specified, or

network.port

if a socket address specifies a network but no specific host.

The numeric host address or network number associated with the socket is used to look up the corresponding symbolic hostname or network name in the hosts or networks database.

If the network or hostname for an address is not known (or if the -n option is specified), the numerical network address is shown. Unspecified, or "wildcard", addresses and ports appear as "*". For more information regarding the Internet naming conventions, refer to inet(7P).

`TCP Sockets`

The possible state values for TCP sockets are as follows:

BOUND: Bound, ready to connect or listen.
CLOSED: Closed. The socket is not being used.
CLOSING: Closed, then remote shutdown; awaiting acknowledgment.
CLOSE_WAIT: Remote shutdown; waiting for the socket to close.
ESTABLISHED: Connection has been established.
FIN_WAIT_1: Socket closed; shutting down connection.
FIN_WAIT_2: Socket closed; waiting for shutdown from remote.
IDLE: Idle, opened but not bound.
LAST_ACK: Remote shutdown, then closed; awaiting acknowledgment.
LISTEN: Listening for incoming connections.
SYN_RECEIVED: Initial synchronization of the connection under way.
SYN_SENT: Actively trying to establish connection.
TIME_WAIT: Wait after close for remote shutdown retransmission.

Network Data Structures (Second Form)

netstat [ -s | -g | -m | -p | -f address_family ] [ -P protocol ] [ -n ] [ system ] [ core ]

The form of the display depends upon which of the -g, -m, -p, or -s options you select.

-g: Displays the list of multicast group membership.
-m: Displays the memory usage, for example, STREAMS mblks.
-p: Displays the address resolution table. This is similar to arp(1M).
-s: Displays the statistics for the various protocol layers.

The statistics use the MIB specified variables. The defined values for ipForwarding are:

forwarding(1): Acting as a gateway.
not-forwarding(2): Not acting as a gateway.

If you specify more than one of these options, netstat displays the information for each one of them.

Interface Status (Third Form)

netstat -i | -I interface [ interval ] [ system ] [ core]

The interface status display lists information for all current interfaces, one interface per line. If an interface is specified using the -I option, it displays information for only the specified interface.

The list consists of the interface name, mtu (maximum transmission unit, or maximum packet size) (see ifconfig(1M)), the network to which the interface is attached, addresses for each interface, and counter associated with the interface. The counters show the number of input packets, input errors, output packets, output errors, and collisions, respectively. For Point-to-Point interfaces, the Net/Dest field is the name or address on the other side of the link.

If the -n option is specified, the list displays the IP address instead of the interface name.

If an optional interval is specified, the output will be continuously displayed in interval seconds until interrupted by the user.

The input interface is specified using the -I option. In this case, the list only displays traffic information in columns; the specified interface is first, the total count is second. This column list has the format of:

    input   le0      output         input  (Total)   output
packets errs packets errs colls packets errs packets errs colls
227681  0    65947   1    502   261331  0    99597   1     502
10      0    0       0    0     10      0    0       0     0
8       0    0       0    0     8       0    0       0     0
10      0    2       0    0     10      0    2       0     0

If the input interface is not specified, the first interface of address family inet will be displayed.

Routing Table (Fourth Form)

netstat -r [ -anv ] [ system ] [ core ]

The routing table display lists the available routes and the status of each. Each route consists of a destination host or network, and a gateway to use in forwarding packets. The flags column shows the status of the route (U if "up"), whether the route is to a gateway (G), and whether the route was created dynamically by a redirect (D). If the -a option is specified, there will be routing entries with flags for combined routing and address resolution entries (A), broadcast addresses (B), and the local addresses for the host (L).

Interface routes are created for each interface attached to the local host; the gateway field for such entries shows the address of the outgoing interface.

The refcnt column gives the current number of routes that share the same link layer address.

The use column displays the number of packets sent using a combined routing and address resolution (A) or a broadcast (B) route. For a local (L) route, this count is the number of packets received, and for all other routes it is the number of times the routing entry has been used to create a new combined route and address resolution entry.

The interface entry indicates the network interface utilized for the route.

Routing Table with Extended Metric Information (Fifth Form)

netstat -R [ -anv ] [ system ] [ core ]

This form is the same as that of -r with the following additional information. If a route displayed has extended metric (emetric) information, it is displayed in the next line indented by a tab. Since a route may have multiple emetrics, each is displayed one line at a time. The format of display is the same as the format of specification in route(1M); that is, each field includes a keyword and, if there is value to follow, an equal sign (=) and the value. The fields are separated by commas (,). Depending on the nature of the route (that is, local or remote) and how it was entered into the routing table, there may be no emetric available for a particular route. In that case, no emetric is displayed.

Multicast Routing Tables (Sixth Form)

netstat -M [ -ns ] [ system ] [ core ]

The multicast routing table consists of the virtual interface table and the actual routing table.

DHCP Interface Information (Seventh Form)

netstat -D [ -I interface ]

The DHCP interface information consists of the interface name, its current state, lease information (when the lease began, when it will expire, and when renewal begins), and counts of the number of protocol exchanges done on behalf of the interface.

Below is a sample command line and output from a host with five interfaces under DHCP control:

# netstat -D
Interface  Status       Sent Received  Rejects
le0        BOUND           1        1        0
         (Began,Expires,Renew) = (12/04/1996 18:08, 12/04/1996 19:08,
12/04/1996 18:38) qe0        BOUND           1        1        0
         (Began,Expires,Renew) = (12/04/1996 18:08, 12/04/1996 19:08,
12/04/1996 18:38) qe1        BOUND           1        1        0
         (Began,Expires,Renew) = (12/04/1996 18:08, 12/04/1996 19:08,
12/04/1996 18:38) qe2        BOUND           1        1        0
         (Began,Expires,Renew) = (12/04/1996 18:08, 12/04/1996 19:08,
12/04/1996 18:38) qe3        SELECTING        4        0        0
#

SUMMARY OF TRUSTED SOLARIS CHANGES

The -R option requires the net_rawaccess privilege. The -R option must also run with a uid of 0, or have the file_dac_read and file_dac_write privileges.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWcsu

Trusted Solaris 7 Reference Manual

ifconfig(1M)

SunOS 5.7 Reference Manual

iostat(1M), vmstat(1M), hosts(4), networks(4), protocols(4), services(4), attributes(5)

NOTES

The kernel's tables can change while netstat is examining them, creating incorrect or partial displays.

If you need to examine network status information following a kernel crash, use the crash(1M) utility on the savecore(1M) output.

Trusted Solaris 7 Last Revised 30 Sep 1999

netstat(1M)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

OPERANDS

DISPLAYS

Active Sockets (First Form)

TCP Sockets

Network Data Structures (Second Form)

Interface Status (Third Form)

Routing Table (Fourth Form)

Routing Table with Extended Metric Information (Fifth Form)

Multicast Routing Tables (Sixth Form)

DHCP Interface Information (Seventh Form)

SUMMARY OF TRUSTED SOLARIS CHANGES

ATTRIBUTES

SEE ALSO

Trusted Solaris 7 Reference Manual

SunOS 5.7 Reference Manual

NOTES

`TCP Sockets`