netstat(1Mtcp)


netstat -- show network status

Synopsis

netstat [ -AagiLnrsu ] [ -f address_family ] [ -I interface ] [ -M corefile ] [ -N system ] [ -p protocol_name] [ -w interval ] [ [ interval ] [ system ] [ corefile ] ]

Description

The netstat command symbolically displays the contents of various network-related data structures. The options have the following meanings:

-A
Show the kernel virtual address of any associated protocol control blocks or routing table entries; used for debugging.

-a
Show the state of all sockets or routing table entries; sockets used by server processes and link-level routing table entries are not shown in the default display.

-f address_family
Limit statistics and control block displays to address_family. The only address_family values currently supported are inet and unix.

-g
Show multicast routing statistics.

-i
Show the state of the network interfaces.

-I interface
Show interface state for interface only.

-L
Display Global Multiprocessor Locking Statistics.

-M corefile
Use corefile as the system core image instead of the default /dev/kmem (used with -A option).

-n
Show network addresses as numbers (normally netstat interprets addresses and attempts to display them symbolically).

-N system
Use system as the system namelist instead of the default /unix (used with -A option).

-p protocol_name
Limit statistics and control block displays to protocol-name, for example, tcp.

-r
Show the routing table.

-s
Show per-protocol statistics.

-u
Equivalent to specifying -f unix.

-w interval
Show statistics regarding packet traffic on the configured network interfaces, sampling and displaying an update every interval seconds.
The arguments interval, system, and corefile are the old syntax alternative to specifying the -w, -N, and -M options.

Address and port formats

In all displays, address formats are of the form host.port or network (if a socket's address specifies a network but no specific host address). When known, host addresses, network addresses, and port numbers are displayed symbolically. The symbolic name for a network address is obtained from the database /etc/networks, from the Domain Name Service (DNS) resolver, or from NIS, depending on the configuration specified in /etc/netconfig. The symbolic name for a host address is obtained from the database /etc/hosts, from the Domain Name Service (DNS) resolver, or from NIS, depending on the configuration specified in /etc/netconfig. The symbolic name for a port is obtained from the database /etc/services or from NIS. If a symbolic name for an address or port is unknown, or if the -n option is specified, the address is printed in the Internet ``dot format'' (refer to hosts(4tcp) for more information regarding this format) and the port is identified by its number. Unspecified, or ``wildcard,'' addresses and ports appear as ``*''.

Display formats

There are a number of display formats, depending on the information presented.

The default display appears when netstat is invoked without any options. This display, about active sockets, shows the local and remote addresses, send and receive queue sizes (in bytes), protocol, and, as appropriate, the internal state of the protocol.

The following states may be displayed for TCP sockets:


CLOSED
Closed. The socket is not being used.

LISTEN
Listening for incoming connections. (Usually at server end.)

SYN_SENT
Actively trying to establish connection. (Usually at client end.)

SYN_RECEIVED
Initial synchronization of the connection under way. (Usually at server end.)

ESTABLISHED
Connection has been established.

CLOSE_WAIT
Remote shut down; waiting for the socket to close. (Usually at server end.)

LAST_ACK
Remote shut down, then closed; awaiting acknowledgement. (Usually at server end.)

FIN_WAIT_1
Socket closed; shutting down connection. (Usually at client end.)

FIN_WAIT_2
Socket closed; waiting for shutdown from remote. (Usually at client end.)

CLOSING
Closed, then remote shutdown; awaiting acknowledgement. (Usually at client end.)

TIME_WAIT
Wait after close for remote shutdown retransmission. (Usually at client end.)
The -i interface display provides a table of cumulative statistics regarding packets transferred, errors, and collisions. The network address (currently Internet specific) of the interface and the maximum transmission unit (``mtu'') are also displayed. If the -a flag is used in conjunction with the -i flag, information about multicast addresses will also be displayed.

The -r routing table display indicates the available routes and their status. Each route consists of a destination host or network and a gateway to use in forwarding packets. The Flags field shows the state of the route (``U'' if ``up''), and whether the route is to a gateway (``G''). Direct routes are automatically created for each interface attached to the local host. The Refs field gives the current number of active uses of the route. Connection-oriented protocols normally hold on to a single route for the duration of a connection, while connectionless protocols obtain a route then discard it. The Use field provides a count of the number of packets sent using that route. The Interface field indicates the network interface utilized for the route.

If the -a option is used in conjunction with the -r option, link-level (ARP) routes will be displayed as well as regular IP-level routes. In addition, some flags that are normally suppressed (``M, N, P'') will be displayed.

A link-level entry for which no valid link-level address currently exists is listed as ``incomplete''.

The complete list of flags that may be shown in the routing table display are:


``-''
The route is currently marked as ``losing'' because the kernel has detected a transmission problem.

``C''
The route is a ``cloning'' route via an interface. New routes for specific destinations will be derived from this route.

``D''
The route was created as the result of an ICMP redirect message being received.

``G''
The route is to a gateway.

``H''
The route is to a host.

``L''
The route has associated link-level information, such as an ARP entry.

``M''
The route has been modified since its creation, possibly due to a redirect.

``N''
The Path MTU discovery algorithm has discovered a new MTU for this route.

``P''
Path MTU discovery is being performed on this route.

``R''
The route is marked as ``reject'' to prevent any traffic from flowing to this destination.

``S''
The route was statically configured.

``U''
The route is up.

``X''
The route is resolved externally by a user-level process. This is not supported in the current implementation.
The -w display consists of a column summarizing information for a default single interface and a column summarizing information for all interfaces. The default single interface may be changed by specifying a different interface using the -I option. The first line of each screen of information contains a summary since the system was last rebooted. Subsequent lines of output show values accumulated over the preceding interval.

Diagnostics

Interface statistics are dependent on the link driver. If it does not attach itself to the ifstats structure in the kernel or support the DL_GETSTATS ioctl, the message No Statistics Available will be printed for that interface.

References

hosts(4tcp), netconfig(4bnu), networks(4tcp), protocols(4tcp), services(4tcp)

Notices

Use of the old syntax for specifying interval, system, and corefile (that is. without a preceding argument) is discouraged, as support for this may disappear in the future.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004