netstat(1m) - osol9

1netstat(1M)             System Administration Commands             netstat(1M)
2
3
4

NAME

6       netstat - show network status
7

SYNOPSIS

9       netstat [-anvR] [-f address_family] [-P protocol]
10
11
12       netstat -g [-nv] [-f address_family]
13
14
15       netstat -p [-n] [-f address_family]
16
17
18       netstat -s [-f address_family] [-P protocol]
19            [-T u | d ] [interval [count]]
20
21
22       netstat -m [-T u | d ] [-v] [interval [count]]
23
24
25       netstat -i [-I interface] [-an] [-f address_family]
26            [-T u | d ] [interval [count]]
27
28
29       netstat -r [-anvR] [-f address_family | filter]
30
31
32       netstat -M [-ns] [-f address_family]
33
34
35       netstat -D [-I interface] [-f address_family]
36
37

DESCRIPTION

39       The  netstat  command  displays the contents of certain network-related
40       data structures in  various  formats,  depending  on  the  options  you
41       select.
42
43
44       The  netstat  command  has the several forms shown in the SYNOPSIS sec‐
45       tion, above, listed as follows:
46
47           o      The first form of the command (with no  required  arguments)
48                  displays a list of active sockets for each protocol.
49
50           o      The second, third, and fourth forms (-g, -p, and -s options)
51                  display information from various network data structures.
52
53           o      The fifth form (-m option) displays STREAMS  memory  statis‐
54                  tics.
55
56           o      The  sixth  form  (-i  option) shows the state of the inter‐
57                  faces.
58
59           o      The seventh form (-r option) displays the routing table.
60
61           o      The eighth form (-M option) displays the  multicast  routing
62                  table.
63
64           o      The ninth form (-D option) displays the state of DHCP on one
65                  or all interfaces.
66
67
68       These forms are described in greater detail below.
69
70
71       With no arguments (the first form), netstat displays connected  sockets
72       for PF_INET, PF_INET6, and PF_UNIX, unless modified otherwise by the -f
73       option.
74

OPTIONS

76       -a
77
78           Show the state of all sockets, all routing table  entries,  or  all
79           interfaces,  both  physical and logical. Normally, listener sockets
80           used by server processes are not shown. Under most conditions, only
81           interface, host, network, and default routes are shown and only the
82           status of physical interfaces is shown.
83
84
85       -f address_family
86
87           Limit all displays to those of the  specified  address_family.  The
88           value of address_family can be one of the following:
89
90           inet     For the AF_INET address family showing IPv4 information.
91
92
93           inet6    For the AF_INET6 address family showing IPv6 information.
94
95
96           unix     For the AF_UNIX address family.
97
98
99
100       -f filter
101
102           With  -r  only,  limit  the display of routes to those matching the
103           specified filter. A filter rule consists of a  keyword:value  pair.
104           The known keywords and the value syntax are:
105
106           af:{inet|inet6|unix|number}
107
108               Selects an address family. This is identical to -f address_fam‐
109               ily and both syntaxes are supported.
110
111
112           outif:{name|ifIndex|any|none}
113
114               Selects an output interface. You can specify the  interface  by
115               name  (such  as hme0) or by ifIndex number (for example, 2). If
116               any is used, the filter matches all routes having  a  specified
117               interface (anything other than null). If none is used, the fil‐
118               ter matches all routes having a null interface. Note  that  you
119               can  view  the index number (ifIndex) for an interface with the
120               -a option of ifconfig(1M).
121
122
123           dst:{ip-address[/mask]|any|none}
124
125               Selects a destination IP address.  If  specified  with  a  mask
126               length, then any routes with matching or longer (more specific)
127               masks are selected. If any is used, then all but addresses  but
128               0 are selected. If none is used, then address 0 is selected.
129
130
131           flags:[+ -]?[ABDGHLMSU]+
132
133               Selects routes tagged with the specified flags. By default, the
134               flags as specified must be set in order to match. With a  lead‐
135               ing  +, the flags specified must be set but others are ignored.
136               With a leading -, the flags specified must not be set and  oth‐
137               ers are permitted.
138
139           You  can  specify multiple instances of -f to specify multiple fil‐
140           ters. For example:
141
142             % netstat -nr -f outif:hme0 -f outif:hme1 -f dst:10.0.0.0/8
143
144
145           The preceding command displays routes  within  network  10.0.0.0/8,
146           with  mask  length  8 or greater, and an output interface of either
147           hme0 or hme1, and excludes all other routes.
148
149
150       -g
151
152           Show the multicast group memberships for all interfaces. If the  -v
153           option  is included, source-specific membership information is also
154           displayed. See DISPLAYS, below.
155
156
157       -i
158
159           Show the state of the interfaces that are used for IP traffic. Nor‐
160           mally  this shows statistics for the physical interfaces. When com‐
161           bined with the -a option, this will also report information for the
162           logical interfaces. See ifconfig(1M).
163
164
165       -m
166
167           Show the STREAMS memory statistics.
168
169
170       -n
171
172           Show  network  addresses  as  numbers.  netstat  normally  displays
173           addresses as symbols. This option may be used with any of the  dis‐
174           play formats.
175
176
177       -p
178
179           Show the net to media tables. See DISPLAYS, below.
180
181
182       -r
183
184           Show  the  routing tables. Normally, only interface, host, network,
185           and default routes are shown, but when this option is combined with
186           the  -a  option,  all routes will be displayed, including cache. If
187           you have not set up a multicast route, -ra might not show any  mul‐
188           ticast  routing  entries,  although  the kernel will derive such an
189           entry if needed.
190
191
192       -s
193
194           Show per-protocol statistics. When used with the  -M  option,  show
195           multicast routing statistics instead. When used with the -a option,
196           per-interface statistics will  be  displayed,  when  available,  in
197           addition to statistics global to the system. See DISPLAYS, below.
198
199
200       -T u | d
201
202           Display a time stamp.
203
204           Specify  u for a printed representation of the internal representa‐
205           tion of time. See time(2). Specify d for standard date format.  See
206           date(1).
207
208
209       -v
210
211           Verbose.  Show additional information for the sockets, STREAMS mem‐
212           ory statistics, routing table, and multicast group memberships.
213
214
215       -I interface
216
217           Show the state of a particular  interface.  interface  can  be  any
218           valid interface such as hme0 or eri0. Normally, the status and sta‐
219           tistics for physical interfaces are displayed. When this option  is
220           combined with the -a option, information for the logical interfaces
221           is also reported.
222
223
224       -M
225
226           Show the multicast routing tables. When used with  the  -s  option,
227           show multicast routing statistics instead.
228
229
230       -P protocol
231
232           Limit display of statistics or state of all sockets to those appli‐
233           cable to protocol. The protocol can  be  one  of  ip,  ipv6,  icmp,
234           icmpv6,  icmp,  icmpv6,  igmp,  udp,  tcp, rawip. rawip can also be
235           specified as raw. The command accepts protocol options only as  all
236           lowercase.
237
238
239       -D
240
241           Show the status of DHCP configured interfaces.
242
243
244       -R
245
246           This modifier displays extended security attributes for sockets and
247           routing table entries. The -R modifier is  available  only  if  the
248           system is configured with the Solaris Trusted Extensions feature.
249
250           With  -r  only,  this  option displays the routing entries' gateway
251           security attributes. See route(1M) for more information on security
252           attributes.
253
254           When displaying socket information using the first form of the com‐
255           mmand, this option displays additional information for  Multi-Level
256           Port(MLP) sockets. This includes:
257
258               o      The label for the peer if the socket is connected.
259
260               o      The  following  flags  can  be  appended to the socket's
261                      "State" output:
262
263
264                      P    The socket is a MLP on zone-private IP addresses.
265
266
267                      S    The socket is a MLP on IP addresses shared  between
268                           zones.
269
270
271
272

OPERANDS

274       interval    Display  statistics  accumulated  since  last display every
275                   interval seconds, repeating forever, unless count is speci‐
276                   fied.  When invoked with interval, the first row of netstat
277                   output shows statistics accumulated since last reboot.
278
279                   The following options support interval: -i, -m, -s and -Ms.
280                   Some  values  are  configuration  parameters  and  are just
281                   redisplayed at each interval.
282
283
284       count       Display interface statistics the number of times  specified
285                   by count, at the interval specified by interval.
286
287

DISPLAYS

289   Active Sockets (First Form)
290       The  display for each active socket shows the local and remote address,
291       the send and receive queue sizes (in bytes), the send and receive  win‐
292       dows (in bytes), and the internal state of the protocol.
293
294
295       The  symbolic  format  normally  used  to  display  socket addresses is
296       either:
297
298         hostname.port
299
300
301
302
303       when the name of the host is specified, or
304
305         network.port
306
307
308
309
310       if a socket address specifies a network but no specific host.
311
312
313       The numeric host address or network number associated with  the  socket
314       is  used to look up the corresponding symbolic hostname or network name
315       in the hosts or networks database.
316
317
318       If the network or hostname for an address is not known, or  if  the  -n
319       option  is  specified, the numerical network address is shown. Unspeci‐
320       fied, or "wildcard", addresses and ports appear as an asterisk (*). For
321       more  information  regarding  the Internet naming conventions, refer to
322       inet(7P) and inet6(7P).
323
324
325       For SCTP sockets, because an endpoint can be  represented  by  multiple
326       addresses,  the  verbose option (-v) displays the list of all the local
327       and remote addresses.
328
329   TCP Sockets
330       The possible state values for TCP sockets are as follows:
331
332       BOUND           Bound, ready to connect or listen.
333
334
335       CLOSED          Closed. The socket is not being used.
336
337
338       CLOSING         Closed, then remote shutdown; awaiting acknowledgment.
339
340
341       CLOSE_WAIT      Remote shutdown; waiting for the socket to close.
342
343
344       ESTABLISHED     Connection has been established.
345
346
347       FIN_WAIT_1      Socket closed; shutting down connection.
348
349
350       FIN_WAIT_2      Socket closed; waiting for shutdown from remote.
351
352
353       IDLE            Idle, opened but not bound.
354
355
356       LAST_ACK        Remote shutdown, then closed; awaiting acknowledgment.
357
358
359       LISTEN          Listening for incoming connections.
360
361
362       SYN_RECEIVED    Initial synchronization of the connection under way.
363
364
365       SYN_SENT        Actively trying to establish connection.
366
367
368       TIME_WAIT       Wait after close for remote shutdown retransmission.
369
370
371   SCTP Sockets
372       The possible state values for SCTP sockets are as follows:
373
374       CLOSED               Closed. The socket is not being used.
375
376
377       LISTEN               Listening for incoming associations.
378
379
380       ESTABLISHED          Association has been established.
381
382
383       COOKIE_WAIT          INIT has been sent to the peer, awaiting  acknowl‐
384                            edgment.
385
386
387       COOKIE_ECHOED        State  cookie  from  the INIT-ACK has been sent to
388                            the peer, awaiting acknowledgement.
389
390
391       SHUTDOWN_PENDING     SHUTDOWN has been received from the  upper  layer,
392                            awaiting  acknowledgement  of all outstanding DATA
393                            from the peer.
394
395
396       SHUTDOWN_SENT        All outstanding data has been acknowledged in  the
397                            SHUTDOWN_SENT state. SHUTDOWN has been sent to the
398                            peer, awaiting acknowledgement.
399
400
401       SHUTDOWN_RECEIVED    SHUTDOWN has been received from the peer, awaiting
402                            acknowledgement of all outstanding DATA.
403
404
405       SHUTDOWN_ACK_SENT    All  outstanding data has been acknowledged in the
406                            SHUTDOWN_RECEIVED  state.  SHUTDOWN_ACK  has  been
407                            sent to the peer.
408
409
410   Network Data Structures (Second Through Fifth Forms)
411       The  form  of  the  display depends upon which of the -g, -m, -p, or -s
412       options you select.
413
414       -g    Displays the list of multicast group membership.
415
416
417       -m    Displays the memory usage, for example, STREAMS mblks.
418
419
420       -p    Displays the net to media mapping table. For  IPv4,  the  address
421             resolution  table is displayed. See arp(1M). For IPv6, the neigh‐
422             bor cache is displayed.
423
424
425       -s    Displays the statistics for the various protocol layers.
426
427
428
429       The statistics use the MIB specified variables. The defined values  for
430       ipForwarding are:
431
432       forwarding(1)        Acting as a gateway.
433
434
435       not-forwarding(2)    Not acting as a gateway.
436
437
438
439       The  IPv6 and ICMPv6 protocol layers maintain per-interface statistics.
440       If the -a option is specified with the -s option, then  the  per-inter‐
441       face  statistics  as  well  as the total sums are displayed. Otherwise,
442       just the sum of the statistics are shown.
443
444
445       For the second, third, and fourth forms of the command, you must  spec‐
446       ify  at  least  -g, -p, or -s. You can specify any combination of these
447       options. You can also specify -m (the fifth form) with any set  of  the
448       -g,  -p, and -s options. If you specify more than one of these options,
449       netstat displays the information for each one of them.
450
451   Interface Status (Sixth Form)
452       The interface status display lists information for all  current  inter‐
453       faces,  one  interface per line. If an interface is specified using the
454       -I option, it displays information for only the specified interface.
455
456
457       The list consists of the  interface  name,  mtu  (maximum  transmission
458       unit,  or  maximum packet size)(see ifconfig(1M)), the network to which
459       the interface is attached, addresses for each  interface,  and  counter
460       associated  with  the  interface. The counters show the number of input
461       packets, input errors, output packets, output errors,  and  collisions,
462       respectively.  For Point-to-Point interfaces, the Net/Dest field is the
463       name or address on the other side of the link.
464
465
466       If the -a option is specified with either  the  -i  option  or  the  -I
467       option,  then  the  output includes names of the physical interface(s),
468       counts for input packets and output packets for each logical interface,
469       plus additional information.
470
471
472       If the -n option is specified, the list displays the IP address instead
473       of the interface name.
474
475
476       If an optional interval is specified, the output  will  be  continually
477       displayed  in  interval  seconds until interrupted by the user or until
478       count is reached. See OPERANDS.
479
480
481       The physical interface is specified using the -I option. When used with
482       the  interval  operand, output for the -I option has the following for‐
483       mat:
484
485         input    eri0          output        input          (Total)   output
486         packets  errs  packets errs  colls   packets  errs  packets  errs   colls
487         227681   0     659471  1     502     261331   0     99597    1      502
488         10       0     0       0     0       10       0     0        0      0
489         8        0     0       0     0       8        0     0        0      0
490         10       0     2       0     0       10       0     2        0      0
491
492
493
494
495       If the input interface is not specified, the first interface of address
496       family inet or inet6 will be displayed.
497
498   Routing Table (Seventh Form)
499       The  routing table display lists the available routes and the status of
500       each. Each route consists of a destination host or network, and a gate‐
501       way  to use in forwarding packets. The flags column shows the status of
502       the route. These flags are as follows:
503
504       U    Indicates route is up.
505
506
507       G    Route is to a gateway.
508
509
510       H    Route is to a host and not a network.
511
512
513       M    Redundant route established with the -multirt option.
514
515
516       S    Route was established using the -setsrc option.
517
518
519       D    Route was created dynamically by a redirect.
520
521
522
523       If the -a option is specified, there will be routing entries  with  the
524       following flags:
525
526       A    Combined routing and address resolution entries.
527
528
529       B    Broadcast addresses.
530
531
532       L    Local addresses for the host.
533
534
535
536       Interface  routes  are created for each interface attached to the local
537       host; the gateway field for such entries shows the address of the  out‐
538       going interface.
539
540
541       The  use  column  displays  the number of packets sent using a combined
542       routing and address resolution (A) or a  broadcast  (B)  route.  For  a
543       local  (L) route, this count is the number of packets received, and for
544       all other routes it is the number of times the routing entry  has  been
545       used to create a new combined route and address resolution entry.
546
547
548       The  interface  entry  indicates the network interface utilized for the
549       route.
550
551   Multicast Routing Tables (Eighth Form)
552       The multicast routing table consists of the virtual interface table and
553       the actual routing table.
554
555   DHCP Interface Information (Ninth Form)
556       The DHCP interface information consists of the interface name, its cur‐
557       rent state, lease information, packet counts, and a list of flags.
558
559
560       The states correlate with the specifications set forth in RFC 2131.
561
562
563       Lease information includes:
564
565           o      when the lease began;
566
567           o      when lease renewal will begin; and
568
569           o      when the lease will expire.
570
571
572       The flags currently defined include:
573
574       BOOTP      The interface has  a  lease  obtained  through  BOOTP  (IPv4
575                  only).
576
577
578       BUSY       The interface is busy with a DHCP transaction.
579
580
581       PRIMARY    The  interface is the primary interface. See dhcpinfo(1) and
582                  ifconfig(1M).
583
584
585       FAILED     The interface is in  failure  state  and  must  be  manually
586                  restarted.
587
588
589
590       Packet counts are maintained for the number of packets sent, the number
591       of packets received, and the number of lease  offers  declined  by  the
592       DHCP client. All three counters are initialized to zero and then incre‐
593       mented while obtaining a lease. The counters are reset when the  period
594       of lease renewal begins for the interface. Thus, the counters represent
595       either the number of packets sent, received, and declined while obtain‐
596       ing  the  current  lease,  or the number of packets sent, received, and
597       declined while attempting to obtain a future lease.
598

FILES

600       /etc/default/inet_type    DEFAULT_IP setting
601
602

ATTRIBUTES

604       See attributes(5) for descriptions of the following attributes:
605
606
607
608
609       ┌─────────────────────────────┬─────────────────────────────┐
610       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
611       ├─────────────────────────────┼─────────────────────────────┤
612       │Availability                 │SUNWcsu                      │
613       └─────────────────────────────┴─────────────────────────────┘
614

NOTES

630       When  displaying  interface  information, netstat honors the DEFAULT_IP
631       setting in /etc/default/inet_type. If it is set  to  IP_VERSION4,  then
632       netstat  will omit information relating to IPv6 interfaces, statistics,
633       connections, routes and the like.
634
635
636       However,   you    can    override    the    DEFAULT_IP    setting    in
637       /etc/default/inet_type  on  the  command-line. For example, if you have
638       used the command-line to explicitly request IPv6 information  by  using
639       the inet6 address family or one of the IPv6 protocols, it will override
640       the DEFAULT_IP setting.
641
642
643       If you need to examine network status information  following  a  kernel
644       crash, use the mdb(1) utility on the savecore(1M) output.
645
646
647       The  netstat  utility obtains TCP statistics from the system by opening
648       /dev/tcp and issuing queries. Because of this, netstat might display an
649       extra,  unused  connection in IDLE state when reporting connection sta‐
650       tus.
651
652
653       Previous versions of netstat had  undocumented  methods  for  reporting
654       kernel  statistics  published  using the kstat(7D) facility. This func‐
655       tionality has been removed. Use kstat(1M) instead.
656
657
658       netstat restricts its output to information that  is  relevant  to  the
659       zone in which netstat runs. (This is true for both shared-IP and exclu‐
660       sive-IP zones.)
661
662
663
664SunOS 5.11                        16 Jun 2009                      netstat(1M)