netstat(1Mtcp)
netstat --
show network status
Synopsis
netstat [ -AagiLnrsu ]
[ -f address_family ]
[ -I interface ]
[ -M corefile ]
[ -N system ]
[ -p protocol_name]
[ -w interval ]
[ [ interval ] [ system ] [ corefile ] ]
Description
The netstat
command symbolically displays the contents of various network-related
data structures.
The options have the following meanings:
-A-
Show the kernel virtual address
of any associated protocol control blocks or
routing table entries; used for debugging.
-a-
Show the state of all sockets or routing table entries; sockets used by
server processes and link-level routing table entries
are not shown in the default display.
-f address_family-
Limit statistics and control block displays to
address_family.
The only address_family values currently supported are
inet and unix.
-g-
Show multicast routing statistics.
-i-
Show the state of the network interfaces.
-I interface-
Show interface state for interface only.
-L-
Display Global Multiprocessor Locking Statistics.
-M corefile-
Use corefile as the system core image instead
of the default /dev/kmem (used with -A option).
-n-
Show network addresses as numbers (normally netstat
interprets addresses and attempts to display them
symbolically).
-N system-
Use system as the system namelist instead of
the default /unix (used with -A option).
-p protocol_name-
Limit statistics and control block displays to
protocol-name, for example, tcp.
-r-
Show the routing table.
-s-
Show per-protocol statistics.
-u-
Equivalent to specifying -f unix.
-w interval-
Show statistics
regarding packet traffic on the configured network interfaces,
sampling and displaying an update every interval seconds.
The arguments interval, system,
and corefile are the old syntax alternative
to specifying the -w, -N,
and -M options.
Address and port formats
In all displays, address formats are of the
form host.port or network
(if a socket's address specifies a network but no specific host address).
When known, host addresses, network addresses, and port
numbers are displayed symbolically.
The symbolic name for a network address is obtained from the
database /etc/networks, from the Domain Name
Service (DNS) resolver, or from NIS, depending on the
configuration specified in /etc/netconfig.
The symbolic name for a host address is obtained from the database
/etc/hosts, from the Domain Name
Service (DNS) resolver, or from NIS, depending on the
configuration specified in /etc/netconfig.
The symbolic name for a port is obtained from the database
/etc/services or from NIS.
If a symbolic name for an address or port is unknown, or if
the -n
option is specified, the address is printed in the
Internet ``dot format''
(refer to
hosts(4tcp)
for more information regarding this format)
and the port is identified by its number.
Unspecified,
or ``wildcard,'' addresses and ports appear as ``''.
Display formats
There are a number of display formats, depending on the information
presented.
The default display appears when netstat is invoked without
any options.
This display, about active sockets, shows the local
and remote addresses, send and receive queue sizes (in bytes), protocol,
and, as appropriate, the internal state of the protocol.
The following states may be displayed for TCP sockets:
CLOSED-
Closed. The socket is not being used.
LISTEN-
Listening for incoming connections.
(Usually at server end.)
SYN_SENT-
Actively trying to establish connection.
(Usually at client end.)
SYN_RECEIVED-
Initial synchronization of the connection under way.
(Usually at server end.)
ESTABLISHED-
Connection has been established.
CLOSE_WAIT-
Remote shut down; waiting for the socket to close.
(Usually at server end.)
LAST_ACK-
Remote shut down, then closed; awaiting acknowledgement.
(Usually at server end.)
FIN_WAIT_1-
Socket closed; shutting down connection.
(Usually at client end.)
FIN_WAIT_2-
Socket closed; waiting for shutdown from remote.
(Usually at client end.)
CLOSING-
Closed, then remote shutdown; awaiting acknowledgement.
(Usually at client end.)
TIME_WAIT-
Wait after close for remote shutdown retransmission.
(Usually at client end.)
The -i interface display provides a table of cumulative
statistics regarding packets transferred, errors, and collisions.
The network address (currently Internet specific) of the interface
and the maximum transmission unit (``mtu'') are also displayed.
If the -a flag is used in conjunction with the -i flag,
information about multicast addresses will also be displayed.
The -r routing table display indicates the available routes and
their status. Each route consists of a destination host or network
and a gateway to use in forwarding packets. The Flags
field shows
the state of the route (``U'' if ``up''), and whether the route
is to a gateway (``G''). Direct routes are automatically created for each
interface attached to the local host. The Refs
field gives the
current number of active uses of the route. Connection-oriented
protocols normally hold on to a single route for the duration of
a connection, while connectionless protocols obtain a route then
discard it. The Use
field provides a count of the number of packets
sent using that route. The Interface
field indicates the network
interface utilized for the route.
If the
-a
option
is used in conjunction with
the
-r
option, link-level (ARP) routes will be displayed as well as regular
IP-level routes.
In addition, some flags that are normally suppressed
(``M, N, P'') will be displayed.
A link-level entry for which no valid link-level address currently exists
is listed as ``incomplete''.
The complete list of flags that may be shown in the routing table display are:
``-''-
The route is currently marked as ``losing'' because the kernel has detected
a transmission problem.
``C''-
The route is a ``cloning'' route via an interface. New routes for
specific destinations will be derived from this route.
``D''-
The route was created as the result of an ICMP
redirect message being received.
``G''-
The route is to a gateway.
``H''-
The route is to a host.
``L''-
The route has associated link-level information,
such as an ARP entry.
``M''-
The route has been modified since its creation, possibly due to a redirect.
``N''-
The Path MTU discovery algorithm has discovered
a new MTU for this route.
``P''-
Path MTU discovery is being performed on this route.
``R''-
The route is marked as ``reject'' to prevent any traffic from flowing
to this destination.
``S''-
The route was statically configured.
``U''-
The route is up.
``X''-
The route is resolved externally by a user-level process.
This is not supported in the current implementation.
The -w display consists of a column summarizing
information for a default single interface and a column summarizing
information for all interfaces. The default single interface may
be changed by specifying a different interface using the
-I option. The first
line of each screen of information contains a summary since the
system was last rebooted. Subsequent lines of output show values
accumulated over the preceding interval.
Diagnostics
Interface statistics are dependent on the link driver. If it does not
attach itself to the ifstats structure in the kernel
or support the DL_GETSTATS ioctl, the
message No Statistics Available
will be printed for that interface.
References
hosts(4tcp),
netconfig(4bnu),
networks(4tcp),
protocols(4tcp),
services(4tcp)
Notices
Use of the old syntax for specifying interval,
system, and corefile
(that is. without a preceding argument) is discouraged, as support
for this may disappear in the future.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004