Print this page
9352 netstat(1M) should be able to print IPv4 networks in CIDR form
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/netstat.1m.man.txt
+++ new/usr/src/man/man1m/netstat.1m.man.txt
1 1 NETSTAT(1M) Maintenance Commands NETSTAT(1M)
2 2
3 3
4 4
5 5 NAME
6 6 netstat - show network status
7 7
8 8 SYNOPSIS
9 9 netstat [-anvR] [-f address_family] [-P protocol]
10 10
11 11
12 12 netstat -g [-nv] [-f address_family]
13 13
14 14
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15 netstat -p [-n] [-f address_family]
16 16
17 17
18 18 netstat -s [-f address_family] [-P protocol]
19 19 [-T u | d ] [interval [count]]
20 20
21 21
22 22 netstat -m [-T u | d ] [-v] [interval [count]]
23 23
24 24
25 - netstat -i [-I interface] [-an] [-f address_family]
25 + netstat -i [-I interface] [-acn] [-f address_family]
26 26 [-T u | d ] [interval [count]]
27 27
28 28
29 - netstat -r [-anvR] [-f address_family | filter]
29 + netstat -r [-acnvR] [-f address_family | filter]
30 30
31 31
32 - netstat -M [-ns] [-f address_family]
32 + netstat -M [-cns] [-f address_family]
33 33
34 34
35 35 netstat -D [-I interface] [-f address_family]
36 36
37 37
38 38 DESCRIPTION
39 39 The netstat command displays the contents of certain network-related
40 40 data structures in various formats, depending on the options you
41 41 select.
42 42
43 43 The netstat command has the several forms shown in the SYNOPSIS
44 44 section, above, listed as follows:
45 45
46 46 o The first form of the command (with no required arguments)
47 47 displays a list of active sockets for each protocol.
48 48
49 49 o The second, third, and fourth forms (-g, -p, and -s options)
50 50 display information from various network data structures.
51 51
52 52 o The fifth form (-m option) displays STREAMS memory
53 53 statistics.
54 54
55 55 o The sixth form (-i option) shows the state of the
56 56 interfaces.
57 57
58 58 o The seventh form (-r option) displays the routing table.
59 59
60 60 o The eighth form (-M option) displays the multicast routing
61 61 table.
62 62
63 63 o The ninth form (-D option) displays the state of DHCP on one
64 64 or all interfaces.
65 65
66 66 These forms are described in greater detail below.
67 67
68 68 With no arguments (the first form), netstat displays connected sockets
69 69 for PF_INET, PF_INET6, and PF_UNIX, unless modified otherwise by the -f
70 70 option.
71 71
|
↓ open down ↓ |
29 lines elided |
↑ open up ↑ |
72 72 OPTIONS
73 73 -a
74 74
75 75 Show the state of all sockets, all routing table entries, or all
76 76 interfaces, both physical and logical. Normally, listener sockets
77 77 used by server processes are not shown. Under most conditions, only
78 78 interface, host, network, and default routes are shown and only the
79 79 status of physical interfaces is shown.
80 80
81 81
82 + -c
83 +
84 + Print IPv4 networks using CIDR (x.y.z.a/NN) notation with the -i,
85 + -r, and -M options. IPv6 networks default to this, but due to
86 + backward compatibility, IPv4 ones do not without this flag. A
87 + noncontiguous IPv4 netmask will print "/NM" if this flag is
88 + enabled.
89 +
90 +
82 91 -f address_family
83 92
84 93 Limit all displays to those of the specified address_family. The
85 94 value of address_family can be one of the following:
86 95
87 96 inet
88 97 For the AF_INET address family showing IPv4 information.
89 98
90 99
91 100 inet6
92 101 For the AF_INET6 address family showing IPv6 information.
93 102
94 103
95 104 unix
96 105 For the AF_UNIX address family.
97 106
98 107
99 108
100 109 -f filter
101 110
102 111 With -r only, limit the display of routes to those matching the
103 112 specified filter. A filter rule consists of a keyword:value pair.
104 113 The known keywords and the value syntax are:
105 114
106 115 af:{inet|inet6|unix|number}
107 116
108 117 Selects an address family. This is identical to -f
109 118 address_family and both syntaxes are supported.
110 119
111 120
112 121 outif:{name|ifIndex|any|none}
113 122
114 123 Selects an output interface. You can specify the interface by
115 124 name (such as hme0) or by ifIndex number (for example, 2). If
116 125 any is used, the filter matches all routes having a specified
117 126 interface (anything other than null). If none is used, the
118 127 filter matches all routes having a null interface. Note that
119 128 you can view the index number (ifIndex) for an interface with
120 129 the -a option of ifconfig(1M).
121 130
122 131
123 132 dst:{ip-address[/mask]|any|none}
124 133
125 134 Selects a destination IP address. If specified with a mask
126 135 length, then any routes with matching or longer (more specific)
127 136 masks are selected. If any is used, then all but addresses but
128 137 0 are selected. If none is used, then address 0 is selected.
129 138
130 139
131 140 flags:[+ -]?[ABDGHLMSU]+
132 141
133 142 Selects routes tagged with the specified flags. By default, the
134 143 flags as specified must be set in order to match. With a
135 144 leading +, the flags specified must be set but others are
136 145 ignored. With a leading -, the flags specified must not be set
137 146 and others are permitted.
138 147
139 148 You can specify multiple instances of -f to specify multiple
140 149 filters. For example:
141 150
142 151 % netstat -nr -f outif:hme0 -f outif:hme1 -f dst:10.0.0.0/8
143 152
144 153
145 154 The preceding command displays routes within network 10.0.0.0/8,
146 155 with mask length 8 or greater, and an output interface of either
147 156 hme0 or hme1, and excludes all other routes.
148 157
149 158
150 159 -g
151 160
152 161 Show the multicast group memberships for all interfaces. If the -v
153 162 option is included, source-specific membership information is also
154 163 displayed. See DISPLAYS, below.
155 164
156 165
157 166 -i
158 167
159 168 Show the state of the interfaces that are used for IP traffic.
160 169 Normally this shows statistics for the physical interfaces. When
161 170 combined with the -a option, this will also report information for
162 171 the logical interfaces. See ifconfig(1M).
163 172
164 173
165 174 -m
166 175
167 176 Show the STREAMS memory statistics.
168 177
169 178
170 179 -n
171 180
172 181 Show network addresses as numbers. netstat normally displays
173 182 addresses as symbols. This option may be used with any of the
174 183 display formats.
175 184
176 185
177 186 -p
178 187
179 188 Show the net to media tables. See DISPLAYS, below.
180 189
181 190
182 191 -r
183 192
184 193 Show the routing tables. Normally, only interface, host, network,
185 194 and default routes are shown, but when this option is combined with
186 195 the -a option, all routes will be displayed, including cache. If
187 196 you have not set up a multicast route, -ra might not show any
188 197 multicast routing entries, although the kernel will derive such an
189 198 entry if needed.
190 199
191 200
192 201 -s
193 202
194 203 Show per-protocol statistics. When used with the -M option, show
195 204 multicast routing statistics instead. When used with the -a option,
196 205 per-interface statistics will be displayed, when available, in
197 206 addition to statistics global to the system. See DISPLAYS, below.
198 207
199 208
200 209 -T u | d
201 210
202 211 Display a time stamp.
203 212
204 213 Specify u for a printed representation of the internal
205 214 representation of time. See time(2). Specify d for standard date
206 215 format. See date(1).
207 216
208 217
209 218 -v
210 219
211 220 Verbose. Show additional information for the sockets, STREAMS
212 221 memory statistics, routing table, and multicast group memberships.
213 222
214 223
215 224 -I interface
216 225
217 226 Show the state of a particular interface. interface can be any
218 227 valid interface such as hme0 or eri0. Normally, the status and
219 228 statistics for physical interfaces are displayed. When this option
220 229 is combined with the -a option, information for the logical
221 230 interfaces is also reported.
222 231
223 232
224 233 -M
225 234
226 235 Show the multicast routing tables. When used with the -s option,
227 236 show multicast routing statistics instead.
228 237
229 238
230 239 -P protocol
231 240
232 241 Limit display of statistics or state of all sockets to those
233 242 applicable to protocol. The protocol can be one of ip, ipv6, icmp,
234 243 icmpv6, icmp, icmpv6, igmp, udp, tcp, rawip. rawip can also be
235 244 specified as raw. The command accepts protocol options only as all
236 245 lowercase.
237 246
238 247
239 248 -D
240 249
241 250 Show the status of DHCP configured interfaces.
242 251
243 252
244 253 -R
245 254
246 255 This modifier displays extended security attributes for sockets and
247 256 routing table entries. The -R modifier is available only if the
248 257 system is configured with the Solaris Trusted Extensions feature.
249 258
250 259 With -r only, this option displays the routing entries' gateway
251 260 security attributes. See route(1M) for more information on security
252 261 attributes.
253 262
254 263 When displaying socket information using the first form of the
255 264 command, this option displays additional information for Multi-
256 265 Level Port(MLP) sockets. This includes:
257 266
258 267 o The label for the peer if the socket is connected.
259 268
260 269 o The following flags can be appended to the socket's
261 270 "State" output:
262 271
263 272
264 273 P
265 274 The socket is a MLP on zone-private IP addresses.
266 275
267 276
268 277 S
269 278 The socket is a MLP on IP addresses shared between
270 279 zones.
271 280
272 281 OPERANDS
273 282 interval
274 283 Display statistics accumulated since last display every
275 284 interval seconds, repeating forever, unless count is
276 285 specified. When invoked with interval, the first row of
277 286 netstat output shows statistics accumulated since last
278 287 reboot.
279 288
280 289 The following options support interval: -i, -m, -s and -Ms.
281 290 Some values are configuration parameters and are just
282 291 redisplayed at each interval.
283 292
284 293
285 294 count
286 295 Display interface statistics the number of times specified
287 296 by count, at the interval specified by interval.
288 297
289 298
290 299 DISPLAYS
291 300 Active Sockets (First Form)
292 301 The display for each active socket shows the local and remote address,
293 302 the send and receive queue sizes (in bytes), the send and receive
294 303 windows (in bytes), and the internal state of the protocol.
295 304
296 305 The symbolic format normally used to display socket addresses is
297 306 either:
298 307
299 308 hostname.port
300 309
301 310 when the name of the host is specified, or
302 311
303 312 network.port
304 313
305 314 if a socket address specifies a network but no specific host.
306 315
307 316 The numeric host address or network number associated with the socket
308 317 is used to look up the corresponding symbolic hostname or network name
309 318 in the hosts or networks database.
310 319
311 320 If the network or hostname for an address is not known, or if the -n
312 321 option is specified, the numerical network address is shown.
313 322 Unspecified, or "wildcard", addresses and ports appear as an asterisk
314 323 (*). For more information regarding the Internet naming conventions,
315 324 refer to inet(7P) and inet6(7P).
316 325
317 326 For SCTP sockets, because an endpoint can be represented by multiple
318 327 addresses, the verbose option (-v) displays the list of all the local
319 328 and remote addresses.
320 329
321 330 TCP Sockets
322 331 The possible state values for TCP sockets are as follows:
323 332
324 333 BOUND
325 334 Bound, ready to connect or listen.
326 335
327 336
328 337 CLOSED
329 338 Closed. The socket is not being used.
330 339
331 340
332 341 CLOSING
333 342 Closed, then remote shutdown; awaiting acknowledgment.
334 343
335 344
336 345 CLOSE_WAIT
337 346 Remote shutdown; waiting for the socket to close.
338 347
339 348
340 349 ESTABLISHED
341 350 Connection has been established.
342 351
343 352
344 353 FIN_WAIT_1
345 354 Socket closed; shutting down connection.
346 355
347 356
348 357 FIN_WAIT_2
349 358 Socket closed; waiting for shutdown from remote.
350 359
351 360
352 361 IDLE
353 362 Idle, opened but not bound.
354 363
355 364
356 365 LAST_ACK
357 366 Remote shutdown, then closed; awaiting acknowledgment.
358 367
359 368
360 369 LISTEN
361 370 Listening for incoming connections.
362 371
363 372
364 373 SYN_RECEIVED
365 374 Initial synchronization of the connection under way.
366 375
367 376
368 377 SYN_SENT
369 378 Actively trying to establish connection.
370 379
371 380
372 381 TIME_WAIT
373 382 Wait after close for remote shutdown retransmission.
374 383
375 384
376 385 SCTP Sockets
377 386 The possible state values for SCTP sockets are as follows:
378 387
379 388 CLOSED
380 389 Closed. The socket is not being used.
381 390
382 391
383 392 LISTEN
384 393 Listening for incoming associations.
385 394
386 395
387 396 ESTABLISHED
388 397 Association has been established.
389 398
390 399
391 400 COOKIE_WAIT
392 401 INIT has been sent to the peer, awaiting
393 402 acknowledgment.
394 403
395 404
396 405 COOKIE_ECHOED
397 406 State cookie from the INIT-ACK has been sent to
398 407 the peer, awaiting acknowledgement.
399 408
400 409
401 410 SHUTDOWN_PENDING
402 411 SHUTDOWN has been received from the upper layer,
403 412 awaiting acknowledgement of all outstanding DATA
404 413 from the peer.
405 414
406 415
407 416 SHUTDOWN_SENT
408 417 All outstanding data has been acknowledged in the
409 418 SHUTDOWN_SENT state. SHUTDOWN has been sent to
410 419 the peer, awaiting acknowledgement.
411 420
412 421
413 422 SHUTDOWN_RECEIVED
414 423 SHUTDOWN has been received from the peer, awaiting
415 424 acknowledgement of all outstanding DATA.
416 425
417 426
418 427 SHUTDOWN_ACK_SENT
419 428 All outstanding data has been acknowledged in the
420 429 SHUTDOWN_RECEIVED state. SHUTDOWN_ACK has been
421 430 sent to the peer.
422 431
423 432
424 433 Network Data Structures (Second Through Fifth Forms)
425 434 The form of the display depends upon which of the -g, -m, -p, or -s
426 435 options you select.
427 436
428 437 -g
429 438 Displays the list of multicast group membership.
430 439
431 440
432 441 -m
433 442 Displays the memory usage, for example, STREAMS mblks.
434 443
435 444
436 445 -p
437 446 Displays the net to media mapping table. For IPv4, the address
438 447 resolution table is displayed. See arp(1M). For IPv6, the
439 448 neighbor cache is displayed.
440 449
441 450
442 451 -s
443 452 Displays the statistics for the various protocol layers.
444 453
445 454
446 455
447 456 The statistics use the MIB specified variables. The defined values for
448 457 ipForwarding are:
449 458
450 459 forwarding (1)
451 460 Acting as a gateway.
452 461
453 462
454 463 not-forwarding (2)
455 464 Not acting as a gateway.
456 465
457 466
458 467
459 468 The IPv6 and ICMPv6 protocol layers maintain per-interface statistics.
460 469 If the -a option is specified with the -s option, then the per-
461 470 interface statistics as well as the total sums are displayed.
462 471 Otherwise, just the sum of the statistics are shown.
463 472
464 473 For the second, third, and fourth forms of the command, you must
465 474 specify at least -g, -p, or -s. You can specify any combination of
466 475 these options. You can also specify -m (the fifth form) with any set of
467 476 the -g, -p, and -s options. If you specify more than one of these
468 477 options, netstat displays the information for each one of them.
469 478
470 479 Interface Status (Sixth Form)
471 480 The interface status display lists information for all current
472 481 interfaces, one interface per line. If an interface is specified using
473 482 the -I option, it displays information for only the specified
474 483 interface.
475 484
476 485 The list consists of the interface name, mtu (maximum transmission
477 486 unit, or maximum packet size)(see ifconfig(1M)), the network to which
478 487 the interface is attached, addresses for each interface, and counter
479 488 associated with the interface. The counters show the number of input
480 489 packets, input errors, output packets, output errors, and collisions,
481 490 respectively. For Point-to-Point interfaces, the Net/Dest field is the
482 491 name or address on the other side of the link.
483 492
484 493 If the -a option is specified with either the -i option or the -I
485 494 option, then the output includes names of the physical interface(s),
486 495 counts for input packets and output packets for each logical interface,
487 496 plus additional information.
488 497
489 498 If the -n option is specified, the list displays the IP address instead
490 499 of the interface name.
491 500
492 501 If an optional interval is specified, the output will be continually
493 502 displayed in interval seconds until interrupted by the user or until
494 503 count is reached. See OPERANDS.
495 504
496 505 The physical interface is specified using the -I option. When used with
497 506 the interval operand, output for the -I option has the following
498 507 format:
499 508
500 509 input eri0 output input (Total) output
501 510 packets errs packets errs colls packets errs packets errs colls
502 511 227681 0 659471 1 502 261331 0 99597 1 502
503 512 10 0 0 0 0 10 0 0 0 0
504 513 8 0 0 0 0 8 0 0 0 0
505 514 10 0 2 0 0 10 0 2 0 0
506 515
507 516
508 517 If the input interface is not specified, the first interface of address
509 518 family inet or inet6 will be displayed.
510 519
511 520 Routing Table (Seventh Form)
512 521 The routing table display lists the available routes and the status of
513 522 each. Each route consists of a destination host or network, and a
514 523 gateway to use in forwarding packets. The flags column shows the status
515 524 of the route. These flags are as follows:
516 525
517 526 U
518 527 Indicates route is up.
519 528
520 529
521 530 G
522 531 Route is to a gateway.
523 532
524 533
525 534 H
526 535 Route is to a host and not a network.
527 536
528 537
529 538 M
530 539 Redundant route established with the -multirt option.
531 540
532 541
533 542 S
534 543 Route was established using the -setsrc option.
535 544
536 545
537 546 D
538 547 Route was created dynamically by a redirect.
539 548
540 549
541 550
542 551 If the -a option is specified, there will be routing entries with the
543 552 following flags:
544 553
545 554 A
546 555 Combined routing and address resolution entries.
547 556
548 557
549 558 B
550 559 Broadcast addresses.
551 560
552 561
553 562 L
554 563 Local addresses for the host.
555 564
556 565
557 566 Interface routes are created for each interface attached to the local
558 567 host; the gateway field for such entries shows the address of the
559 568 outgoing interface.
560 569
561 570 The use column displays the number of packets sent using a combined
562 571 routing and address resolution (A) or a broadcast (B) route. For a
563 572 local (L) route, this count is the number of packets received, and for
564 573 all other routes it is the number of times the routing entry has been
565 574 used to create a new combined route and address resolution entry.
566 575
567 576 The interface entry indicates the network interface utilized for the
568 577 route.
569 578
570 579 Multicast Routing Tables (Eighth Form)
571 580 The multicast routing table consists of the virtual interface table and
572 581 the actual routing table.
573 582
574 583 DHCP Interface Information (Ninth Form)
575 584 The DHCP interface information consists of the interface name, its
576 585 current state, lease information, packet counts, and a list of flags.
577 586
578 587 The states correlate with the specifications set forth in RFC 2131.
579 588
580 589 Lease information includes:
581 590
582 591 o when the lease began;
583 592
584 593 o when lease renewal will begin; and
585 594
586 595 o when the lease will expire.
587 596
588 597
589 598 The flags currently defined include:
590 599
591 600 BOOTP
592 601 The interface has a lease obtained through BOOTP (IPv4
593 602 only).
594 603
595 604
596 605 BUSY
597 606 The interface is busy with a DHCP transaction.
598 607
599 608
600 609 PRIMARY
601 610 The interface is the primary interface. See dhcpinfo(1) and
602 611 ifconfig(1M).
603 612
604 613
605 614 FAILED
606 615 The interface is in failure state and must be manually
607 616 restarted.
608 617
609 618
610 619 Packet counts are maintained for the number of packets sent, the number
611 620 of packets received, and the number of lease offers declined by the
612 621 DHCP client. All three counters are initialized to zero and then
613 622 incremented while obtaining a lease. The counters are reset when the
614 623 period of lease renewal begins for the interface. Thus, the counters
615 624 represent either the number of packets sent, received, and declined
616 625 while obtaining the current lease, or the number of packets sent,
617 626 received, and declined while attempting to obtain a future lease.
618 627
619 628 FILES
620 629 /etc/default/inet_type
621 630 DEFAULT_IP setting
622 631
623 632
624 633 SEE ALSO
625 634 arp(1M), dhcpinfo(1), dhcpagent(1M), ifconfig(1M), iostat(1M),
626 635 kstat(1M), mibiisa(1M), ndp(1M), savecore(1M), vmstat(1M), hosts(4),
627 636 inet_type(4), networks(4), protocols(4), services(4), attributes(5),
628 637 dhcp(5), kstat(7D), inet(7P), inet6(7P)
629 638
630 639
631 640 Droms, R., RFC 2131, Dynamic Host Configuration Protocol, Network
632 641 Working Group, March 1997.
633 642
634 643
635 644 Droms, R. RFC 3315, Dynamic Host Configuration Protocol for IPv6
636 645 (DHCPv6). Cisco Systems. July 2003.
637 646
638 647 NOTES
639 648 When displaying interface information, netstat honors the DEFAULT_IP
640 649 setting in /etc/default/inet_type. If it is set to IP_VERSION4, then
641 650 netstat will omit information relating to IPv6 interfaces, statistics,
642 651 connections, routes and the like.
643 652
644 653 However, you can override the DEFAULT_IP setting in
645 654 /etc/default/inet_type on the command-line. For example, if you have
646 655 used the command-line to explicitly request IPv6 information by using
647 656 the inet6 address family or one of the IPv6 protocols, it will override
648 657 the DEFAULT_IP setting.
649 658
650 659 If you need to examine network status information following a kernel
651 660 crash, use the mdb(1) utility on the savecore(1M) output.
652 661
653 662 The netstat utility obtains TCP statistics from the system by opening
654 663 /dev/tcp and issuing queries. Because of this, netstat might display an
655 664 extra, unused connection in IDLE state when reporting connection
656 665 status.
657 666
658 667 Previous versions of netstat had undocumented methods for reporting
659 668 kernel statistics published using the kstat(7D) facility. This
660 669 functionality has been removed. Use kstat(1M) instead.
661 670
662 671 netstat restricts its output to information that is relevant to the
663 672 zone in which netstat runs. (This is true for both shared-IP and
664 673 exclusive-IP zones.)
665 674
666 675
667 676
668 677 September 2, 2015 NETSTAT(1M)
|
↓ open down ↓ |
577 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX