netstat - show network status
netstat [-anvR] [-f address_family] [-P protocol]
netstat -g [-nv] [-f address_family]
netstat -p [-n] [-f address_family]
netstat -s [-f address_family] [-P protocol] [interval [count]]
netstat -m [-v] [interval [count]]
netstat -i [-I interface] [-an] [-f address_family] [interval [count]]
netstat -r [-anvR] [-f address_family | filter]
netstat -M [-ns] [-f address_family]
netstat -D [-I interface] [-f address_family]
The netstat command displays the contents of certain network-related data structures in various formats, depending on the options you select.
The netstat command has the several forms shown in the SYNOPSIS section, above, listed as follows:
These forms are described in greater detail below.
With no arguments (the first form), netstat displays connected sockets for PF_INET, PF_INET6, and PF_UNIX, unless modified otherwise by the -f option.
You can specify multiple instances of -f to specify multiple filters. For example:
% netstat -nr -f outif:hme0 -f outif:hme1 -f dst:10.0.0.0/8
The preceding command displays routes within network 10.0.0.0/8, with mask length 8 or greater, and an output interface of either hme0 or hme1, and excludes all other routes.
With -r only, this option displays the routing entries' gateway security attributes. See route(1M) for more information on security attributes.
When displaying socket information using the first form of the commmand, this option displays additional information for Multi-Level Port(MLP) sockets. This includes:
The following options support interval: -i, -m, -s and -Ms. Some values are configuration parameters and are just redisplayed at each interval.
The display for each active socket shows the local and remote address, the send and receive queue sizes (in bytes), the send and receive windows (in bytes), and the internal state of the protocol.
The symbolic format normally used to display socket addresses is either:
when the name of the host is specified, or
if a socket address specifies a network but no specific host.
The numeric host address or network number associated with the socket is used to look up the corresponding symbolic hostname or network name in the hosts or networks database.
If the network or hostname for an address is not known, or if the -n option is specified, the numerical network address is shown. Unspecified, or "wildcard", addresses and ports appear as an asterisk (*). For more information regarding the Internet naming conventions, refer to inet(7P) and inet6(7P).
For SCTP sockets, because an endpoint can be represented by multiple addresses, the verbose option (-v) displays the list of all the local and remote addresses.
The possible state values for TCP sockets are as follows:
The possible state values for SCTP sockets are as follows:
The form of the display depends upon which of the -g, -m, -p, or -s options you select.
The statistics use the MIB specified variables. The defined values for ipForwarding are:
The IPv6 and ICMPv6 protocol layers maintain per-interface statistics. If the -a option is specified with the -s option, then the per-interface statistics as well as the total sums are displayed. Otherwise, just the sum of the statistics are shown.
For the second, third, and fourth forms of the command, you must specify at least -g, -p, or -s. You can specify any combination of these options. You can also specify -m (the fifth form) with any set of the -g, -p, and -s options. If you specify more than one of these options, netstat displays the information for each one of them.
The interface status display lists information for all current interfaces, one interface per line. If an interface is specified using the -I option, it displays information for only the specified interface.
The list consists of the interface name, mtu (maximum transmission unit, or maximum packet size)(see ifconfig(1M)), the network to which the interface is attached, addresses for each interface, and counter associated with the interface. The counters show the number of input packets, input errors, output packets, output errors, and collisions, respectively. For Point-to-Point interfaces, the Net/Dest field is the name or address on the other side of the link.
If the -a option is specified with either the -i option or the -I option, then the output includes names of the physical interface(s), counts for input packets and output packets for each logical interface, plus additional information.
If the -n option is specified, the list displays the IP address instead of the interface name.
If an optional interval is specified, the output will be continually displayed in interval seconds until interrupted by the user or until count is reached. See OPERANDS.
The physical interface is specified using the -I option. When used with the interval operand, output for the -I option has the following format:
input eri0 output input (Total) output packets errs packets errs colls packets errs packets errs colls 227681 0 659471 1 502 261331 0 99597 1 502 10 0 0 0 0 10 0 0 0 0 8 0 0 0 0 8 0 0 0 0 10 0 2 0 0 10 0 2 0 0
If the input interface is not specified, the first interface of address family inet or inet6 will be displayed.
The routing table display lists the available routes and the status of each. Each route consists of a destination host or network, and a gateway to use in forwarding packets. The flags column shows the status of the route. These flags are as follows:
If the -a option is specified, there will be routing entries with the following flags:
Interface routes are created for each interface attached to the local host; the gateway field for such entries shows the address of the outgoing interface.
The use column displays the number of packets sent using a combined routing and address resolution (A) or a broadcast (B) route. For a local (L) route, this count is the number of packets received, and for all other routes it is the number of times the routing entry has been used to create a new combined route and address resolution entry.
The interface entry indicates the network interface utilized for the route.
The multicast routing table consists of the virtual interface table and the actual routing table.
The DHCP interface information consists of the interface name, its current state, lease information, packet counts, and a list of flags.
The states correlate with the specifications set forth in RFC 2131.
Lease information includes:
The flags currently defined include:
Packet counts are maintained for the number of packets sent, the number of packets received, and the number of lease offers declined by the DHCP client. All three counters are initialized to zero and then incremented while obtaining a lease. The counters are reset when the period of lease renewal begins for the interface. Thus, the counters represent either the number of packets sent, received, and declined while obtaining the current lease, or the number of packets sent, received, and declined while attempting to obtain a future lease.
See attributes(5) for descriptions of the following attributes:
arp(1M), dhcpinfo(1), dhcpagent(1M), ifconfig(1M), iostat(1M), kstat(1M), mibiisa(1M), savecore(1M), vmstat(1M), hosts(4), inet_type(4), networks(4), protocols(4), services(4), attributes(5), dhcp(5), kstat(7D), inet(7P), inet6(7P)
Droms, R., RFC 2131, Dynamic Host Configuration Protocol, Network Working Group, March 1997.
Droms, R. RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Cisco Systems. July 2003.
When displaying interface information, netstat honors the DEFAULT_IP setting in /etc/default/inet_type. If it is set to IP_VERSION4, then netstat will omit information relating to IPv6 interfaces, statistics, connections, routes and the like.
However, you can override the DEFAULT_IP setting in /etc/default/inet_type on the command-line. For example, if you have used the command-line to explicitly request IPv6 information by using the inet6 address family or one of the IPv6 protocols, it will override the DEFAULT_IP setting.
If you need to examine network status information following a kernel crash, use the mdb(1) utility on the savecore(1M) output.
The netstat utility obtains TCP statistics from the system by opening /dev/tcp and issuing queries. Because of this, netstat might display an extra, unused connection in IDLE state when reporting connection status.
Previous versions of netstat had undocumented methods for reporting kernel statistics published using the kstat(7D) facility. This functionality has been removed. Use kstat(1M) instead.
netstat restricts its output to information that is relevant to the zone in which netstat runs. (This is true for both shared-IP and exclusive-IP zones.)
Закладки на сайте
Проследить за страницей
Created 1996-2023 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру