netstat(1)netstat(1)NAMEnetstat - Displays network statistics.
SYNOPSIS
/usr/sbin/netstat [-ARgrn | [-AanXx] [-f address_family] [-p proto‐
col]] [interval]
/usr/sbin/netstat [-abdgHilmMnPRrstuv] [-f address_family] [-p proto‐
col] [interval]
/usr/sbin/netstat [-dnotz] [-I interface [-c | -s]] [interval]
The netstat command displays network-related data in various formats.
OPTIONS
Displays the state of sockets related to the Internet protocol.
Includes sockets for processes such as servers that are currently lis‐
tening at a socket but are otherwise inactive. Displays either the
address of any protocol control blocks associated with sockets or the
addresses of routing table entries with bitmasks. Typically, this
option is used for debugging. Displays the contents of the Mobile IPv6
binding cache. You can use this option with the -s option to display
binding cache statistics. Displays the number of dropped packets; for
use with the -I interface or -i options. You can also specify an inter‐
val argument (in seconds). Limits reports to the specified address
family. The address families that can be specified might include the
following: Specifies reports of the AF_INET family, if present in the
kernel. Specifies reports of the AF_INET6 family, if present in the
kernel. Specifies reports of the AF_UNIX family, if present in the
kernel. Lists information about all address families in the system.
Lists information about any address families in the system. Displays
statistics since the system was last booted. By default, the command
displays statistics since they were last zeroed. Use this option with
the -p and -s options only. Displays the current ARP table (behaves
like arp -a). Displays the state of configured interfaces. (Interfaces
that are statically configured into the system, but not located at sys‐
tem startup, are not shown.)
When used with the -a option, it displays IP (IPv4 and IPv6) and
link-level addresses associated with the interfaces.
You can use the -i option to retrieve your system's hardware
address. Displays information about the specified interface.
Displays the current access filter for the specified network
interface. See ifaccess.conf(4) for more information. Displays
the DNA Data Link Layer counters (64-bit values) for the speci‐
fied network interface and the adapter's status and characteris‐
tics. See Network Administration: Connections for a description
of the display fields. Displays the local IPv6 address table.
Displays information about memory allocated to data structures
associated with network operations. Displays Internet protocol
multicast routing information. When used with the -s option, it
displays IP (IPv4 and IPv6) multicast statistics. Displays net‐
work address in numerical format with network masks in CIDR for‐
mat. When this option is not specified, the address is displayed
as hostname and port number. This option can be used with any of
the display formats. Displays the DNA Data Link Layer counters
(old 32-bit values) for the specified network interface and the
adapter's status and characteristics. Use this options only with
the -I interface -s command. See Network Administration: Con‐
nections for a description of the display fields. Displays sta‐
tistics for protocol, which you can specify as a well known name
or an alias. To display statistics for all supported protocols,
use the -s option instead of the -p option.
Supported protocol names and their aliases are listed in
/etc/protocols. A null listing (0) means that there is no data
to report. If routines to report statistics for a specified pro‐
tocol are not implemented on this system, netstat reports that
the protocol is unknown. Displays the contents of the Mobile
IPv6 prefix list. You can use this option with the -s option to
display prefix list statistics. Displays the host's routing
tables. When used with the -s option, shows the host's routing
statistics instead of routing tables. Display's the host's
routing tables on each Resource Affinity Domain (RAD), if your
system has NUMA-capable hardware. Displays statistics for all
supported protocols. To display statistics for a particular pro‐
tocol, use the -p protocol option instead of the -s option.
To display the DNA Data Link Layer counters (64-bit values) for
a particular network interface, specify the -I interface option
with the -s option. Displays timer information; for use with
the -I interface or -i options. Displays information about
domain sockets (UNIX domain). Displays more verbose output when
specified with the -r, -x, -X options. In the -r case, route
metric values are displayed. If you specify the -v option twice
on the command line, the current maximum speeds for the route
are displayed. In the -x case, details about the error types
Security Association (SA) lifetime are displayed. In the -X
case, the IKE authentication mode; cipher, hash, and HMAC algo‐
rithms; the time the SA was created, last used, and expiration
date and time; and the Initiator and Responder cookies are dis‐
played. Displays the status of Internet Protocol Security
(IPsec) Security Associations (SAs). Status information is
updated every 15 seconds. Displays the status of Internet Key
Exchange (IKE) Protocol SAs. Displays the current network
interface statistics or protocol statistics, then sets them to
zero. This option must be specified with either the -I interface
option or the -p protocol option, and it is not supported for
all protocols. In addition, you must be superuser to use this
option.
DESCRIPTION
The interval argument specifies in seconds the interval for updating
and displaying information. The first line of the display shows cumula‐
tive statistics; subsequent lines show statistics recorded during
interval.
Default Display
When used without options, the netstat command displays a list of
active sockets for each protocol. The default display shows the follow‐
ing items: Local and remote addresses Send and receive queue sizes (in
bytes) Protocol State
Address formats are of the form host.port or network.port if a socket's
address specifies a network but no specific host address. The host and
network address are displayed symbolically unless -n is specified.
Interface Display
The network interface display format provides a table of cumulative
statistics for the following: Interface name Maximum Transmission Unit
(MTU) Network Address Packets received (Ipkts) Packets received in
error (Ierrs) Packets transferred (Opkts) Outgoing packets in error
(Oerrs) Collisions
Note that the collisions item has different meanings for differ‐
ent network interfaces. Drops (optional with -d) Timers
(optional with -t)
Routing Table Display
A route consists of a destination host or network and a gateway to use
when forwarding packets. Direct routes are created automatically for
each interface attached to the local host when you issue the ifconfig
command. In addition, loopback routes are created automatically for
each interface address that is configured with the ifconfig command.
Routes can be modified automatically in response to the prevailing con‐
dition of the network.
The routing-table display format indicates available routes and the
status of each in the following fields: Displays the state of the route
as one or more of the following: This is a cloned route. This route is
a cloning route that was created by the route command. This route was
dynamically created by a redirect. Fragment to path MTU size is dis‐
abled on this route. This route is to a gateway. This route is to a
host. This route contains valid link-layer information. This route is
a loopback route that was created by the kernel. This route was cre‐
ated by a Mobile IPv6 Binding Update. This route was modified by a re‐
direct. This is a permanent route; it cannot be modified by a redi‐
rect. This is a reject route that was created by the route command.
This is a static route that was created by the route command. Up, or
available. Provides the current number of active uses for the route.
Connection-oriented protocols hold on to a single route for the dura‐
tion of a connection; connectionless protocols obtain routes in the
process of sending to a destination. Provides a count of the number of
packets sent using the route. Indicates the network interface used for
the route.
When the -v option is specified, the routing table display includes the
route metrics. If you specify the -v option twice on the command line,
maximum speed for the route and the current speed for the given inter‐
val are displayed. An asterisk (*) indicates the metric is locked. See
route(8) for additional information on routing.
Binding Cache Display
The association of a mobile node's home address with its care-of
address is called a binding. Each node that supports IPv6 mobility
maintains a cache of all bindings. The binding cache display shows all
bindings cached by the local node, including the following information:
Displays one or more of the following flags supplied in the Binding
Update: The Mobile Node requested a Binding Acknowledgement. This is a
home registration. The home address of the Mobile Node has the same
interface identifier (IID) as the link-local address of the Mobile
Node. The Mobile Node is capable of key management mobility. This
means that the IPsec SAs between the Mobile Node and the Home Agent can
survive movements. Provides the current number of active uses for this
binding. Indicates the sequence number supplied in the last Binding
Update. Indicates the time, in seconds, until this binding expires.
You can also display binding cache statistics with the -s option.
Prefix List Display
You configure Home Agents to offer services for interface prefixes in
the ip6rtrd.conf file. These prefixes are cached in the kernel and
include the following information: A prefix for which this system is
offering Home Agent services. Indicates the time, in seconds, that
this prefix is valid. Indicates the time, in seconds, after which this
prefix is deprecated. Displays zero or more of the following flags:
This system is offering Home Agent services for this prefix. Provides
the current number of active uses for this prefix.
You can also display prefix list statistics with the -s option.
Local IPv6 Address Table Display
The IPv6 address table display format shows local addresses and the
status of each in the following fields: Displays one of the following:
This is a node-local address. This is a link-local address. This is
an administration-local address. This is a site-local address. This
is an organization-local address. This is a global address. Displays
zero or more of the following flags. If no flags are set, the address
is considered a global address: This is an Anycast address. Duplicate
Address Detection (DAD) for this address has failed. This address has
been deprecated. This is an IPv4-compatible address. This address is
no longer valid. This is a Loopback address. This is a Mobile Node's
home address that the Home Agent (this system) is defending while the
Mobile Node is away from home. This is a Multicast address. Multicast
Group Membership reports will not be sent for this address. This is a
Proxy address. This address is tentative, and will not be used as a
source address until Duplicate Address Detection (DAD) succeeds. Pro‐
vides the current number of active uses for the address. Indicates the
network interface used for the address. For Multicast addresses, indi‐
cates the time from now, in seconds, when the next Multicast Group Mem‐
bership (MGM) report will be sent. For all other addresses, indicates
the time from now, in seconds, until Duplicate Address Detection (DAD)
should succeed. For Multicast addresses, indicates the number of times
the address was added. For Anycast addresses, this field has no mean‐
ing. For all other addresses, indicates the number of Duplicate Address
Detection (DAD) probes sent. For non-Multicast and Anycast addresses,
indicates the number of Duplicate Address Detection (DAD) probes that
were not sent because of some failure.
DIAGNOSTICS
Verify that IPsec is enabled on the system. If it is, verify that the
ipsecd daemon is running. If it is not, start it. See ipsecd(8) for
more information. Verify that the kloadsrv daemon is running. If it is
not, start it. See kloadsrv(8) for more information. Make sure that
you have not replaced the running kernel with a new kernel. You might
need to reboot the system to correct this problem.
EXAMPLES
To show the state of the configured interfaces, enter: $ netstat-i To
show the routing tables, enter: $ netstat-r
The resulting display looks like the following: Routing Tables
Destination Gateway Flags Refs Use Interface Net‐
masks: Inet 255.255.255.0
Route Tree for Protocol Family 2: default 16.55.5.5
UG 13 38618 ln0 localhost 16.55.5.4 UH 2 29
lo0 ethernet 16.55.5.3 U 98 66760 ln0
(Output may be formatted differently on your system.) To show
the routing tables with network addresses, enter: $ netstat-rn
The resulting display looks like the following: Routing tables
Destination Gateway Flags Refs Use
Interface Netmasks: Inet 0.0.0.0 Inet
255.0.0.0 Inet 255.255.0.0 Inet
255.255.252.0 Inet 255.255.255.0 Inet
255.255.255.224
Route Tree for Protocol Family 2: default 16.140.28.1
UG 0 6004465 tu0 16.140.128/24 16.140.128.198
U 4 181451 tu0 127.0.0.1 127.0.0.1
UH 0 0 lo0 194.224/16 127.0.0.1
UG 0 3 lo0 194.226/16 127.0.0.1
UGR 0 0 lo0 198.119.1/24 198.119.19.76
U 1 867 le0 198.119.19.64/27 198.119.19.76
U 0 1 le0 198.119.64.80 198.119.19.24
UGH 0 0 le0 130.200/16 16.140.128.1
UG 0 0 tu0 To produce the default display for
network connections, enter: $ netstat
The resulting display might include the following headings:
Active Internet connections Proto Recv-Q Send-Q Local Address
Foreign Address (state) To display the ee0 interface counters,
enter: $ netstat-Iee0 -s ee0 Ethernet counters at Fri Jul 12
18:38:21 2002
2172 seconds since last zeroed
25056713 bytes received
245436 bytes sent
165712 data blocks received
1901 data blocks sent
24850070 multicast bytes received
163482 multicast blocks received
5670 multicast bytes sent
39 multicast blocks sent
44 blocks sent, initially deferred
10 blocks sent, single collision
5 blocks sent, multiple collisions
0 send failures
0 receive failures
To set the ln0 interface counters to zero, enter: # netstat-Iln0 -z To display IPv6 routing entries, enter: # netstat-rnf
inet6
Routing tables Destination Gateway Flags
Refs Use Interface
Route Tree for Protocol Family 26 default Link#8
UCL 0 0 ipt0 default Link#1
UCL 0 0 ln0 default
fe80::a00:2bff:fe2d:2b2 UG 0 0 ln0
3ffe:1200:4110:1::/64 Link#1 UCL 0 0 ln0
3ffe:1200:4110:1:a00:2bff:fe2c:f632 Link#1 UH 1 0 ln0
fe80::/10 Link#8 UCL 0 0 ipt0
fe80::/10 Link#1 UCL 0 0 ln0
fe80::108c:1056 Link#8 UHLc 1 4 ipt0
fe80::108c:80e3 Link#8 UHLc 0 0 ipt0
fe80::a00:2bff:fe2d:2b2 Link#1 UHLc 1 0 ln0
ff02::/16 Link#1 UCL 0 0 ln0
ff02::/16 Link#8 UCL 0 0 ipt0
ff02::1 16.140.128.227 UHLVc 0 8 ipt0
ff02::1 33:33:0:0:0:1 UHLVc 0 3 ln0
ff02::2 33:33:0:0:0:2 UHLVc 0 1 ln0
ff02::2 16.140.128.227 UHLVc 1 2 ipt0
ff02::9 16.140.128.227 UHLVc 0 4 ipt0
To display active IPv6 connections, enter: # netstat-af inet6
Active Internet connections (including servers) Proto Recv-Q
Send-Q Local Address Foreign Address
(state) tcp 0 0
3ffe:1200:4110:1:a00:2bff:fe2c:f632.1054 host1.corp.com.telnet
ESTABLISHED tcp 0 0 *.finger *.*
LISTEN tcp 0 0 *.telnet *.*
LISTEN tcp 0 0 *.ftp *.*
LISTEN To display binding cache statistics for a node that sup‐
ports IPv6 mobility, enter: # netstat-bs
Mobile IPv6:
1 entries in binding cache
3 maximum entries in binding cache
1 home entry in binding cache
0 correspondent entries in binding cache
0 ghost entries in binding cache
3 adds
2 deletes
0 changes
2 frees
5 lookups To display active IPsec connections, enter: #
netstat-xv Type Local Selector Remote Selector
SPI Pkts Errs
AuthErr CiphErr Replays Algorithms Lifetime
ah/tn/o 16.140.64.106 16.140.64.223
aca02157 13 0
0 0 0 hmac-sha1-96 95/1800 sec
1/204800 KB ah/tn/i 16.140.64.106 16.140.64.223
1e98997e 13 0
0 0 0 hmac-sha1-96 95/1800 sec
1/204800 KB esp/tr/o 10.0.1.106 10.0.1.223
b12e78c 104 0
0 0 0 3des-cbc/hmac-sha1-96 105/600 sec
esp/tr/i 10.0.1.106 10.0.1.223
45136ea8 104 0
0 0 0 3des-cbc/hmac-sha1-96 105/600 sec
To display the status of all IKE SAs, enter: # netstat-Xv I/R
Local identifier Remote identifier Bytes
I ipv4(udp:500,10.0.1.106) ipv4(udp:500,0.0.0.0)
788
Pre-shared Keys / 3des-cbc / sha1 / hmac-sha1
Created: Mon Oct 16 2000 11:48:14
Used: Mon Oct 16 2000 11:48:15
Expires: Mon Oct 16 2000 11:58:14
I-Cookie: 0x7b8736bbf2000000 R-Cookie: 0x6e3dd6fac7000000
R ipv4(udp:500,16.140.64.106) ipv4(udp:500,16.140.64.223)
1250
RSA Signature / 3des-cbc / sha1 / hmac-sha1
Created: Mon Oct 16 2000 11:48:26
Used: Mon Oct 16 2000 11:48:27
Expires: Mon Oct 16 2000 12:48:26
I-Cookie: 0x7708cf3046000001 R-Cookie: 0xdb273e99e3000001 To
display the statistics from the IPsec kernel packet processing
engine, enter: # netstat-p ipsec ipsec:
13476 total packets processed by IPsec engine
13467 IP packets processed by IPsec engine
54 AH headers processed
246 ESP headers processed
2 packets triggered an IKE action
192 packets dropped by IPsec
13282 packets passed through by IPsec
SEE ALSO
Commands: vmstat(1), route(8)
Network Administration: Connections
netstat(1)