Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ netstat(1) — IRIX 6.5.3f

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

fuser(1M)

nfsstat(1M)

route(1M)

smtstat(1)

hosts(4)

networks(4)

protocols(4)

services(4)

route(7)



NETSTAT(1)                                                          NETSTAT(1)



NAME
     netstat - show network status

SYNOPSIS
     netstat [ -Aanu ] [ -f address_family ] [ system ] [ core ]
     netstat [ -imnqrstM ] [ -f address_family ] [ system ] [ core ]
     netstat [ -n ] [ -I interface ] interval [ system ] [ core ]
     netstat -C  [ -n ] [ interval ] [ system ]
     netstat [ -p protocol ] [ system ] [ core ]

DESCRIPTION
     The netstat command symbolically displays the contents of various
     network-related data structures.  There are a number of output formats,
     depending on the options for the information presented.  The first form
     of the command displays a list of active sockets for each protocol.  The
     second form presents the contents of one of the other network data
     structures according to the option selected.  Using the third form, with
     an interval specified, netstat will continuously display the information
     regarding packet traffic on the configured network interfaces.  The
     fourth form displays statistics about the named protocol.

     The options have the following meaning:

     -A   With the default display, show the address of any protocol control
          blocks associated with sockets; used for debugging.

     -a   With the default display, show the state of all sockets; normally
          sockets used by server processes are not shown.  If -q is used in
          conjunction with -a, information about pending connections on
          listening endpoints will be displayed.  This includes the number of
          partially-synchronized connections, the number of fully-synchronized
          connections, and the maximum number of pending connections specified
          in the listen(2) call.  Note that system provides some scaling on
          the listen backlog, such that a request for a queue limit of 32 will
          actually result in 49 connections being allowed prior to new
          connection requests being ignored.  This means that it is possible
          for the sum of the two queue lengths to be larger than the limit.

     -l   With the default display, on systems supporting IP security options,
          show the mandatory and discretionary access control attributes
          associated with sockets.  These consist of a mandatory access
          control label, printed at the beginning of each line, and a socket
          uid and acl, printed at the end of each line.  (For AFINET sockets
          only, a second mandatory access control label, SndLabel, is also
          shown.  SndLabel is a copy of the label in the u_area.)  On systems
          not supporting IP security options, -l is silently ignored.

     -C   Display the contents of several of the other formats in dynamic
          "full-screen" forms.  Many of the values can be displayed as simple
          totals (r or "reset"), changes during the previous interval (d or
          "delta"), or changes since a fix moment (z or "zero").  Note that
          turning interfaces off or on or otherwise reseting them can make it



                                                                        Page 1





NETSTAT(1)                                                          NETSTAT(1)



          seem that counters are changing wildly, since that often resets the
          counters to zero.

     -i   Show the state of interfaces which have been auto-configured
          (interfaces statically configured into a system, but not located at
          boot time are not shown).  When -a is also present, show all
          addresses (unicast, multicast and link-level) associated with each
          interface.

     -iq  Show the information for -i with the number of packets currently in
          the output queue, the queue size, and the number of dropped packets
          due to a full queue.

     -I interface
          Show information only about this interface; used with an interval as
          described below.

     -m   Show statistics recorded by the memory management routines (the
          network manages a private pool of memory buffers).

     -n   Show network addresses as numbers (normally netstat interprets
          addresses and attempts to display them symbolically).  This option
          may be used with any of the display formats.

     -p protocol
          Show statistics about protocol, which is either a well-known name
          for a protocol or an alias for it.  Some protocol names and aliases
          are listed in the file /etc/protocols.  A null response typically
          means that there are no interesting numbers to report.  The program
          will complain if protocol is unknown or if there is no statistics
          routine for it.  (This includes counting packets for the HELO
          routing protocol as unknown.)

     -s   Show per-protocol statistics.

     -r   Show the routing tables.  When -s is also present, show routing
          statistics instead.

     -M   Show the kernel multicast routing tables.  When -s is also present,
          show multicast routing statistics instead.

     -f address_family
          Limit statistics or address control block reports to those of the
          specified address family.  The following address families are
          recognized:  inet, for AFINET, and unix, for AFUNIX.  (ns, for
          AFNS is not currently supported.)

     -t   If used in conjunction with -i, displays the value of the interface
          watchdog timer.






                                                                        Page 2





NETSTAT(1)                                                          NETSTAT(1)



     -u   A synonym for -f unix.

     The arguments, system and core allow substitutes for the defaults
     ``/unix'' and ``/dev/kmem''.

     The default display, for active sockets, shows the local and remote
     addresses, send and receive queue sizes (in bytes), protocol, and the
     internal state of the protocol.  Address formats are of the form
     ``host.port'' or ``network.port'' if a socket's address specifies a
     network but no specific host address.  When known the host and network
     addresses are displayed symbolically according to the data bases
     /etc/hosts and /etc/networks, respectively.  If a symbolic name for an
     address is unknown, or if the -n option is specified, the address is
     printed numerically, according to the address family.  For more
     information regarding the Internet ``dot format,'' refer to inet(3N).
     Unspecified, or ``wildcard'', addresses and ports appear as ``*''.

     The interface display provides a table of cumulative statistics regarding
     packets transferred, errors, and collisions.  The network addresses of
     the interface and the maximum transmission unit (``mtu'') are also
     displayed.

     The routing table display indicates the available routes and their
     status.  Each route consists of a destination host or network and a
     gateway to use in forwarding packets.  The flags field shows a collection
     of information about the route stored as binary choices.  The individual
     flags are discussed in more detail in the route(1M) and route(7) manual
     pages.  The mapping between letters and flags is:

     1       RTF_PROTO1       Protocol-specific routing flag #1
     2       RTF_PROTO2       Protocol-specific routing flag #2
     B       RTF_BLACKHOLE    Just discard pkts (during updates)
     C       RTF_CLONING      Generate new routes on use
     D       RTF_DYNAMIC      Created dynamically (by redirect)
     G       RTF_GATEWAY      Destination requires forwarding by intermediary
     H       RTF_HOST         Host entry (net otherwise)
     L       RTF_LLINFO       Valid protocol to link address translation.
     M       RTF_MODIFIED     Modified dynamically (by redirect)
     R       RTF_REJECT       Host or net unreachable
     S       RTF_STATIC       Manually added
     U       RTF_UP           Route usable
     X       RTF_XRESOLVE     External daemon translates proto to link address
     c       RTF_CKSUM        TCP/UDP checksumming done on this route

     Direct routes are created for each interface attached to the local host;
     the gateway field for such entries shows the address of the outgoing
     interface.  The MTU field shows the MTU value set with the route(1M)
     command for that route.  The RTT and RTTvar fields show the estimated
     round-trip time (RTT) and the variance in RTT for routes with large
     amounts of TCP traffic.  The RTT and RTTvar values are in seconds with a
     resolution of .125 seconds.  The use field provides a count of the number
     of packets sent using that route.  The interface entry indicates the



                                                                        Page 3





NETSTAT(1)                                                          NETSTAT(1)



     network interface utilized for the route.

     When netstat is invoked with an interval argument, it displays a running
     count of statistics related to network interfaces.  This display consists
     of a column for the primary interface (the first interface found during
     autoconfiguration) and a column summarizing information for all
     interfaces.  The primary interface may be replaced with another interface
     with the -I option.  The first line of each screen of information
     contains a summary since the system was last rebooted.  Subsequent lines
     of output show values accumulated over the preceding interval.

DETERMINING SERVICE USAGE
     To match a socket to a process, the fuser(1M) command can be used.  For
     example, the command

          fuser 25/tcp


     will display information about any processes listening on TCP port 25.
     Note that fuser requires the numeric value for the port, not the name of
     the service.  The -n option will force netstat to display service
     information numerically.

SEE ALSO
     fuser(1M), nfsstat(1M), route(1M), smtstat(1), hosts(4), networks(4),
     protocols(4), services(4), route(7)

BUGS
     The notion of errors is ill-defined.


























                                                                        Page 4



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026