Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ netstat(1) — Tru64 UNIX 5.1b

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

Commands:  vmstat(1)

route(8)

netstat(1)  —  Commands

NAME

netstat − Displays network statistics. 

SYNOPSIS

/usr/sbin/netstat [−ARgrn | [−AanXx] [−f address_family] [−p protocol]] [interval]

/usr/sbin/netstat [−abdgHimMnRrstuv] [−f address_family] [−p protocol] [interval]

/usr/sbin/netstat [−dnotz] [−I interface [−c | −s]] [interval]

The netstat command displays network−related data in various formats. 

OPTIONS

−aDisplays the state of sockets related to the Internet protocol. Includes sockets for processes such as servers that are currently listening at a socket but are otherwise inactive. 

−ADisplays either the address of any protocol control blocks associated with sockets or the addresses of routing table entries with bitmasks. Typically, this option is used for debugging. 

−bDisplays the contents of the Mobile IPv6 binding cache. You can use this option with the −s option to display binding cache statistics. 

−dDisplays the number of dropped packets; for use with the −I interface or −i options. You can also specify an interval argument (in seconds). 

−f address_family
Limits reports to the specified address family. The address families that can be specified might include the following:

inetSpecifies reports of the AF_INET family, if present in the kernel. 

inet6
Specifies reports of the AF_INET6 family, if present in the kernel.

unix
Specifies reports of the AF_UNIX family, if present in the kernel.

allLists information about all address families in the system. 

anyLists information about any address families in the system. 

−gDisplays statistics since the system was last booted. By default, the command displays statistics since they were last zeroed. Use this option with the −p and −s options only. 

−HDisplays the current ARP table (behaves like arp −a). 

−iDisplays the state of configured interfaces. (Interfaces that are statically configured into the system, but not located at system startup, are not shown.) 

When used with the −a option, it displays IP (IPv4 and IPv6) and link-level addresses associated with the interfaces. 

You can use the −i option to retrieve your system’s hardware address. 

−I interface
Displays information about the specified interface.

−I interface −c
Displays the current access filter for the specified network interface. See ifaccess.conf(4) for more information. 

−I interface −s
Displays the DNA Data Link Layer counters (64-bit values) for the specified network interface and the adapter’s status and characteristics. See Network Administration: Connections for a description of the display fields. 

−mDisplays information about memory allocated to data structures associated with network operations. 

−M
Displays Internet protocol multicast routing information. When used with the −s option, it displays IP (IPv4 and IPv6) multicast statistics. 

−nDisplays network address in numerical format with network masks in CIDR format. When this option is not specified, the address is displayed as hostname and port number. This option can be used with any of the display formats. 

−oDisplays the DNA Data Link Layer counters (old 32-bit values) for the specified network interface and the adapter’s status and characteristics. Use this options only with the −I interface −s command.  See Network Administration: Connections for a description of the display fields. 

−p protocol
Displays statistics for protocol, which you can specify as a well known name or an alias. To display statistics for all supported protocols, use the −s option instead of the −p option. 

Supported protocol names and their aliases are listed in /etc/protocols. A null listing (0) means that there is no data to report. If routines to report statistics for a specified protocol are not implemented on this system, netstat reports that the protocol is unknown. 

−rDisplays the host’s routing tables. When used with the −s option, shows the host’s routing statistics instead of routing tables. 

−RDisplay’s the host’s routing tables on each Resource Affinity Domain (RAD), if your system has NUMA-capable hardware. 

−sDisplays statistics for all supported protocols. To display statistics for a particular protocol, use the −p protocol option instead of the −s option. 

To display the DNA Data Link Layer counters (64-bit values) for a particular network interface, specify the −I interface option with the −s option. 

−tDisplays timer information; for use with the −I interface or −i options. 

−uDisplays information about domain sockets (UNIX domain). 

−vDisplays more verbose output when specified with the −r, −x, −X options.  In the −r case, route metric values are displayed. In the −x case, details about the error types Security Association (SA) lifetime are displayed. In the −X case, the IKE authentication mode; cipher, hash, and HMAC algorithms; the time the SA was created, last used, and expiration date and time; and the Initiator and Responder cookies are displayed. 

−xDisplays the status of Internet Protocol Security (IPsec) Security Associations (SAs). Status information is updated every 15 seconds. 

−XDisplays the status of Internet Key Exchange  (IKE) Protocol SAs. 

−zDisplays the current network interface statistics or protocol statistics, then sets them to zero. This option must be specified with either the −I interface option or the −p protocol option, and it is not supported for all protocols. In addition, you must be superuser to use this option. 

DESCRIPTION

The interval argument specifies in seconds the interval for updating and displaying information. The first line of the display shows cumulative statistics; subsequent lines show statistics recorded during interval. 

Default Display

When used without options, the netstat command displays a list of active sockets for each protocol. The default display shows the following items:

       •Local and remote addresses

       •Send and receive queue sizes (in bytes)

       •Protocol

       •State

Address formats are of the form host.port or network.port if a socket’s address specifies a network but no specific host address. The host and network address are displayed symbolically unless −n is specified. 

Interface Display

The network interface display format provides a table of cumulative statistics for the following:

       •Interface name

       •Maximum Transmission Unit (MTU)

       •Network Address

       •Packets received (Ipkts)

       •Packets received in error (Ierrs)

       •Packets transferred (Opkts)

       •Outgoing packets in error (Oerrs)

       •Collisions

Note that the collisions item has different meanings for different network interfaces. 

       •Drops (optional with −d)

       •Timers (optional with −t)

Routing Table Display

A route consists of a destination host or network and a gateway to use when forwarding packets. Direct routes are created automatically for each interface attached to the local host when you issue the ifconfig command. In addition, loopback routes are created automatically for each interface address that is configured with the ifconfig command. Routes can be modified automatically in response to the prevailing condition of the network. 

The routing-table display format indicates available routes and the status of each in the following fields:

Flags
Displays the state of the route as one or more of the following:

cThis is a cloned route. 

CThis route is a cloning route that was created by the route command. 

DThis route was dynamically created by a redirect. 

fFragment to path MTU size is disabled on this route. 

GThis route is to a gateway. 

HThis route is to a host. 

IThis route contains valid link-layer information. 

LThis route is a loopback route that was created by the kernel. 

mThis route was created by a Mobile IPv6 binding update. 

MThis route was modified by a redirect. 

pPath MTU discovery is disabled on this route. 

PThis route was created by the Path MTU discovery process. 

RThis is a reject route that was created by the route command. 

SThis is a static route that was created by the route command. 

UUp, or available. 

refcnt
Provides the current number of active uses for the route. Connection-oriented protocols hold on to a single route for the duration of a connection; connectionless protocols obtain routes in the process of sending to a destination.

useProvides a count of the number of packets sent using the route. 

interface
Indicates the network interface used for the route.

When the −v option is specified, the routing table display includes the route metrics. An asterisk (∗) indicates the metric is locked.  See route(8) for additional information on routing. 

Binding Cache Display

The association of a mobile node’s home address with its care-of address is called a binding. Each node that supports IPv6 mobility maintains a cache of all bindings. The binding cache display shows all bindings cached by the local node, including the following information:

Flags
Displays one or more of the following flags supplied in the Binding Update:

AThe mobile node requested a Binding Acknowledgement. 

HThis is a home registration. 

DThe mobile node requested that the home agent perform Duplicate Address Detection (DAD). 

RThe sending mobile node is a router. 

Refs
Provides the current number of active uses for this binding.

Plen
Indicates the prefix length supplied in the Binding Update.

Sequence#
Indicates the sequence number supplied in the last Binding Update.

Lifetime
Indicates the time, in seconds, until this binding expires.

You can also display binding cache statistics with the −s option. 

DIAGNOSTICS

netstat: unable to connect to IPsec: No such file or directory
Verify that IPsec is enabled on the system. If it is, verify that the ipsecd daemon is running. If it is not, start it. See ipsecd(8) for more information. 

no namelist: unable to connect to kloadsrv daemon
Verify that the kloadsrv daemon is running. If it is not, start it. See kloadsrv(8) for more information. 

no namelist: requested symbols not found in kernel
Make sure that you have not replaced the running kernel with a new kernel. You might need to reboot the system to correct this problem.

EXAMPLES

     1.To show the state of the configured interfaces, enter:

$ netstat -i

     2.To show the routing tables, enter:

$ netstat -r

The resulting display looks like the following:

Routing Tables
DestinationGatewayFlagsRefsUseInterface
Netmasks:
Inet255.255.255.0
Route Tree for Protocol Family 2:
default        16.55.5.5    UG   13  38618   ln0
localhost     16.55.5.4    UH    2     29   lo0
ethernet16.55.5.3U9866760ln0

(Output may be formatted differently on your system.) 

     3.To show the routing tables with network addresses, enter:

$ netstat -rn

The resulting display looks like the following:

Routing tables
Destination      Gateway            Flags     Refs     Use  Interface
Netmasks:
Inet             0.0.0.0
Inet             255.0.0.0
Inet             255.255.0.0
Inet             255.255.252.0
Inet             255.255.255.0
Inet             255.255.255.224
Route Tree for Protocol Family 2:
default          16.140.28.1        UG          0  6004465  tu0
16.140.128/24    16.140.128.198     U           4   181451  tu0
127.0.0.1        127.0.0.1          UH          0        0  lo0
194.224/16       127.0.0.1          UG          0        3  lo0
194.226/16       127.0.0.1          UGR         0        0  lo0
198.119.1/24     198.119.19.76      U           1      867  le0
198.119.19.64/27 198.119.19.76      U           0        1  le0
198.119.64.80    198.119.19.24      UGH         0        0  le0
130.200/16       16.140.128.1       UG          0        0  tu0

     4.To produce the default display for network connections, enter:

$ netstat

The resulting display might include the following headings:

Active Internet connections
Proto Recv-Q Send-Q Local Address   Foreign Address   (state)

     5.To display the ee0 interface counters, enter:

$ netstat -Iee0 -s
ee0 Ethernet counters at Fri Jul 12 18:38:21 2002
            2172 seconds since last zeroed
        25056713 bytes received
          245436 bytes sent
          165712 data blocks received
            1901 data blocks sent
        24850070 multicast bytes received
          163482 multicast blocks received
            5670 multicast bytes sent
              39 multicast blocks sent
              44 blocks sent, initially deferred
              10 blocks sent, single collision
               5 blocks sent, multiple collisions
               0 send failures
               0 receive failures

     6.To set the ln0 interface counters to zero, enter:

# netstat -Iln0 -z

     7.To display IPv6 routing entries, enter:

# netstat -rnf inet6
Routing tables
Destination      Gateway            Flags     Refs     Use Interface
Route Tree for Protocol Family 26
default          Link#8             UCL         0        0  ipt0
default          Link#1             UCL         0        0  ln0
default          fe80::a00:2bff:fe2d:2b2 UG     0        0  ln0
3ffe:1200:4110:1::/64 Link#1        UCL         0        0  ln0
3ffe:1200:4110:1:a00:2bff:fe2c:f632 Link#1 UH   1        0  ln0
fe80::/10        Link#8             UCL         0        0  ipt0
fe80::/10        Link#1             UCL         0        0  ln0
fe80::108c:1056  Link#8             UHLc        1        4  ipt0
fe80::108c:80e3  Link#8             UHLc        0        0  ipt0
fe80::a00:2bff:fe2d:2b2 Link#1      UHLc        1        0  ln0
ff02::/16        Link#1             UCL         0        0  ln0
ff02::/16        Link#8             UCL         0        0  ipt0
ff02::1          16.140.128.227     UHLVc       0        8  ipt0
ff02::1          33:33:0:0:0:1      UHLVc       0        3  ln0
ff02::2          33:33:0:0:0:2      UHLVc       0        1  ln0
ff02::2          16.140.128.227     UHLVc       1        2  ipt0
ff02::9          16.140.128.227     UHLVc       0        4  ipt0

     8.To display active IPv6 connections, enter:

# netstat -af inet6
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address             Foreign Address           (state)
tcp        0      0  3ffe:1200:4110:1:a00:2bff:fe2c:f632.1054  host1.corp.com.telnet ESTABLISHED
tcp        0      0  ∗.finger                  ∗.∗                       LISTEN
tcp        0      0  ∗.telnet                  ∗.∗                       LISTEN
tcp        0      0  ∗.ftp                     ∗.∗                       LISTEN

     9.To display binding cache statistics for a node that supports IPv6 mobility, enter:

# netstat -bs
Mobile IPv6:
        0 entries in binding cache
        2 adds
        2 deletes
        0 changes
        2 frees
        4 lookups

     10.To display active IPsec connections, enter:

# netstat -xv
Type     Local Selector           Remote Selector          SPI        Pkts Errs
    AuthErr  CiphErr  Replays Algorithms           Lifetime
ah/tn/o  16.140.64.106            16.140.64.223            aca02157     13 0
          0        0        0 hmac-sha1-96          95/1800 sec 1/204800 KB
ah/tn/i  16.140.64.106            16.140.64.223            1e98997e     13 0
          0        0        0 hmac-sha1-96          95/1800 sec 1/204800 KB
esp/tr/o 10.0.1.106               10.0.1.223                b12e78c    104 0
          0        0        0 3des-cbc/hmac-sha1-96 105/600 sec
esp/tr/i 10.0.1.106               10.0.1.223               45136ea8    104 0
          0        0        0 3des-cbc/hmac-sha1-96 105/600 sec

     11.To display the status of all IKE SAs, enter:

# netstat -Xv
I/R Local identifier              Remote identifier            Bytes
 I  ipv4(udp:500,10.0.1.106)      ipv4(udp:500,0.0.0.0)        788
    Pre-shared Keys / 3des-cbc / sha1 / hmac-sha1
    Created: Mon Oct 16 2000 11:48:14
    Used: Mon Oct 16 2000 11:48:15
    Expires: Mon Oct 16 2000 11:58:14
    I-Cookie: 0x7b8736bbf2000000 R-Cookie: 0x6e3dd6fac7000000
 R  ipv4(udp:500,16.140.64.106)   ipv4(udp:500,16.140.64.223)  1250
    RSA Signature / 3des-cbc / sha1 / hmac-sha1
    Created: Mon Oct 16 2000 11:48:26
    Used: Mon Oct 16 2000 11:48:27
    Expires: Mon Oct 16 2000 12:48:26
    I-Cookie: 0x7708cf3046000001 R-Cookie: 0xdb273e99e3000001

     12.To display the statistics from the IPsec kernel packet processing engine, enter:

# netstat -p ipsec
ipsec:
        13476 total packets processed by IPsec engine
        13467 IP packets processed by IPsec engine
        54 AH headers processed
        246 ESP headers processed
        2 packets triggered an IKE action
        192 packets dropped by IPsec
        13282 packets passed through by IPsec

SEE ALSO

Commands:  vmstat(1), route(8)

Network Administration: Connections

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026