| 
        netstat - Displays network statistics.
        /usr/sbin/netstat  [-ARgrn  | [-AanXx] [-f address_family]
       [-p protocol]] [interval]
       /usr/sbin/netstat [-abdgHimMnRrstuv]  [-f  address_family]
       [-p protocol] [interval]
       /usr/sbin/netstat   [-dnotz]   [-I   interface  [-c | -s]]
       [interval]
       The netstat command displays network-related data in various
 formats.
       Displays the state of sockets related to the Internet protocol.
 Includes sockets for processes such as servers that
       are  currently  listening  at  a  socket but are otherwise
       inactive.  Displays either the  address  of  any  protocol
       control blocks associated with sockets or the addresses of
       routing  table  entries  with  bitmasks.  Typically,  this
       option  is  used  for debugging.  Displays the contents of
       the Mobile IPv6 binding cache. You  can  use  this  option
       with  the  -s  option to display binding cache statistics.
       Displays the number of dropped packets; for use  with  the
       -I interface or -i options. You can also specify an interval
 argument (in seconds).  Limits reports to  the  specified
  address  family.  The  address  families that can be
       specified might include the following:  Specifies  reports
       of  the  AF_INET family, if present in the kernel.  Specifies
 reports of the AF_INET6 family,  if  present  in  the
       kernel.   Specifies reports of the AF_UNIX family, if present
 in the kernel.  Lists information about  all  address
       families  in  the  system.   Lists  information  about any
       address families in the system.  Displays statistics since
       the  system  was last booted. By default, the command displays
 statistics since they were  last  zeroed.  Use  this
       option with the -p and -s options only.  Displays the current
 ARP table (behaves like arp -a).  Displays the  state
       of  configured interfaces. (Interfaces that are statically
       configured into the system,  but  not  located  at  system
       startup, are not shown.)
              When  used with the -a option, it displays IP (IPv4
              and IPv6) and link-level addresses associated  with
              the interfaces.
              You can use the -i option to retrieve your system's
              hardware address.  Displays information  about  the
              specified  interface.   Displays the current access
              filter for the  specified  network  interface.  See
              ifaccess.conf(4)  for  more  information.  Displays
              the DNA Data Link Layer  counters  (64-bit  values)
              for   the   specified  network  interface  and  the
              adapter's status and characteristics.  See  Network
              Administration:  Connections  for  a description of
              the display  fields.   Displays  information  about
              memory allocated to data structures associated with
              network  operations.   Displays  Internet  protocol
              multicast  routing  information. When used with the
              -s option, it displays IP (IPv4 and IPv6) multicast
              statistics.   Displays network address in numerical
              format with network masks in CIDR format. When this
              option  is  not specified, the address is displayed
              as hostname and port number.  This  option  can  be
              used with any of the display formats.  Displays the
              DNA Data Link Layer counters  (old  32-bit  values)
              for   the   specified  network  interface  and  the
              adapter's  status  and  characteristics.  Use  this
              options only with the -I interface -s command.  See
              Network Administration: Connections for a  description
  of  the  display fields.  Displays statistics
              for protocol, which you can specify as a well known
              name  or  an  alias.  To display statistics for all
              supported protocols, use the -s option  instead  of
              the -p option.
              Supported  protocol  names  and  their  aliases are
              listed in /etc/protocols. A null listing (0)  means
              that  there  is  no  data to report. If routines to
              report statistics for a specified protocol are  not
              implemented  on  this  system, netstat reports that
              the protocol is unknown.  Displays the host's routing
 tables. When used with the -s option, shows the
              host's  routing  statistics  instead   of   routing
              tables.   Display's  the  host's  routing tables on
              each Resource Affinity Domain (RAD), if your system
              has NUMA-capable hardware.  Displays statistics for
              all supported protocols. To display statistics  for
              a  particular  protocol, use the -p protocol option
              instead of the -s option.
              To display the DNA Data Link Layer counters (64-bit
              values) for a particular network interface, specify
              the -I interface option with the -s  option.   Displays
 timer information; for use with the -I interface
 or -i  options.   Displays  information  about
              domain  sockets  (UNIX domain).  Displays more verbose
 output when specified  with  the  -r,  -x,  -X
              options.   In  the -r case, route metric values are
              displayed. If you specify the -v  option  twice  on
              the  command  line,  the current maximum speeds for
              the route are displayed. In the  -x  case,  details
              about  the  error  types  Security Association (SA)
              lifetime are displayed. In the  -X  case,  the  IKE
              authentication  mode;  cipher, hash, and HMAC algorithms;
 the time the SA was created, last used, and
              expiration  date  and  time;  and the Initiator and
              Responder cookies are displayed.  Displays the status
  of Internet Protocol Security (IPsec) Security
              Associations (SAs). Status information  is  updated
              every  15 seconds.  Displays the status of Internet
              Key Exchange  (IKE)  Protocol  SAs.   Displays  the
              current  network  interface  statistics or protocol
              statistics, then sets them  to  zero.  This  option
              must  be  specified  with  either  the -I interface
              option or the -p protocol option,  and  it  is  not
              supported  for all protocols. In addition, you must
              be superuser to use this option.
       The interval argument specifies in  seconds  the  interval
       for updating and displaying information. The first line of
       the display shows cumulative statistics; subsequent  lines
       show statistics recorded during interval.
   Default Display    [Toc]    [Back]
       When  used without options, the netstat command displays a
       list of active sockets for each protocol. The default display
 shows the following items: Local and remote addresses
       Send and receive queue sizes (in bytes) Protocol State
       Address formats are of the form host.port or  network.port
       if  a socket's address specifies a network but no specific
       host address. The host and network address  are  displayed
       symbolically unless -n is specified.
   Interface Display    [Toc]    [Back]
       The  network  interface display format provides a table of
       cumulative statistics for the  following:  Interface  name
       Maximum  Transmission  Unit  (MTU) Network Address Packets
       received (Ipkts) Packets received in error (Ierrs) Packets
       transferred (Opkts) Outgoing packets in error (Oerrs) Collisions
              Note that the collisions item has  different  meanings
   for  different  network  interfaces.   Drops
              (optional with -d) Timers (optional with -t)
   Routing Table Display    [Toc]    [Back]
       A route consists of a destination host or  network  and  a
       gateway  to use when forwarding packets. Direct routes are
       created automatically for each interface attached  to  the
       local  host  when you issue the ifconfig command. In addition,
 loopback routes are created automatically  for  each
       interface  address  that  is  configured with the ifconfig
       command. Routes can be modified automatically in  response
       to the prevailing condition of the network.
       The   routing-table  display  format  indicates  available
       routes and the status of each  in  the  following  fields:
       Displays the state of the route as one or more of the following:
 This is a cloned route.  This route is  a  cloning
       route  that  was created by the route command.  This route
       was dynamically created by a redirect.  Fragment  to  path
       MTU  size  is  disabled on this route.  This route is to a
       gateway.  This route is to a host.   This  route  contains
       valid  link-layer  information.   This route is a loopback
       route that was created by the kernel.  This route was created
 by a Mobile IPv6 binding update.  This route was modified
 by a redirect.  This is a permanent route; it cannot
       be  modified  by  a redirect.  This is a reject route that
       was created by the route command.  This is a static  route
       that  was created by the route command.  Up, or available.
       Provides the current number of active uses for the  route.
       Connection-oriented  protocols  hold  on to a single route
       for the duration of a connection; connectionless protocols
       obtain  routes in the process of sending to a destination.
       Provides a count of the number of packets sent  using  the
       route.   Indicates  the  network  interface  used  for the
       route.
       When the -v option is specified, the routing table display
       includes  the  route metrics. If you specify the -v option
       twice on the command line, maximum speed for the route and
       the current speed for the given interval are displayed. An
       asterisk (*) indicates the metric is locked. See  route(8)
       for additional information on routing.
   Binding Cache Display    [Toc]    [Back]
       The  association  of a mobile node's home address with its
       care-of address is called a binding. Each node  that  supports
 IPv6 mobility maintains a cache of all bindings. The
       binding cache display shows all  bindings  cached  by  the
       local  node, including the following information: Displays
       one or more of the following flags supplied in the Binding
       Update:  The  mobile node requested a Binding Acknowledgement.
  This is  a  home  registration.   The  mobile  node
       requested  that  the  home agent perform Duplicate Address
       Detection (DAD).  The sending mobile  node  is  a  router.
       Provides  the current number of active uses for this binding.
  Indicates the prefix length supplied in the  Binding
       Update.   Indicates  the  sequence  number supplied in the
       last Binding Update.   Indicates  the  time,  in  seconds,
       until this binding expires.
       You  can also display binding cache statistics with the -s
       option.
       Verify that IPsec is enabled on the system. If it is, verify
 that the ipsecd daemon is running. If it is not, start
       it. See ipsecd(8) for more information.  Verify  that  the
       kloadsrv  daemon  is  running. If it is not, start it. See
       kloadsrv(8) for more information.  Make sure that you have
       not  replaced  the  running kernel with a new kernel.  You
       might need to reboot the system to correct this problem.
       To show the state of the configured interfaces,  enter:  $
       netstat -i To show the routing tables, enter: $ netstat -r
              The resulting display  looks  like  the  following:
              Routing         Tables         Destination    Gateway
        Flags     Refs Use  Interface  Netmasks:
              Inet      255.255.255.0
              Route   Tree  for  Protocol  Family  2:  default
              16.55.5.5       UG    13   38618    ln0  localhost
              16.55.5.4       UH      2       29     lo0   ethernet
  16.55.5.3 U    98   66760     ln0
              (Output may be formatted differently on  your  system.)
   To  show  the  routing  tables with network
              addresses, enter: $ netstat -rn
              The resulting display  looks  like  the  following:
              Routing     tables     Destination          Gateway
              Flags     Refs     Use   Interface  Netmasks:  Inet
              0.0.0.0     Inet                 255.0.0.0     Inet
              255.255.0.0  Inet              255.255.252.0   Inet
              255.255.255.0 Inet             255.255.255.224
              Route   Tree   for   Protocol   Family  2:  default
              16.140.28.1         UG           0   6004465    tu0
              16.140.128/24     16.140.128.198      U           4
              181451  tu0 127.0.0.1        127.0.0.1           UH
              0           0    lo0   194.224/16         127.0.0.1
              UG             0           3     lo0     194.226/16
              127.0.0.1            UGR          0         0   lo0
              198.119.1/24     198.119.19.76       U            1
              867    le0  198.119.19.64/27  198.119.19.76       U
              0         1   le0  198.119.64.80      198.119.19.24
              UGH             0           0     le0    130.200/16
              16.140.128.1       UG          0        0   tu0  To
              produce  the  default  display  for network connections,
 enter: $ netstat
              The resulting display might include  the  following
              headings:  Active Internet connections Proto Recv-Q
              Send-Q Local Address   Foreign Address   (state) To
              display  the  ee0 interface counters, enter: $ netstat
 -Iee0 -s ee0 Ethernet counters at Fri  Jul  12
              18:38:21 2002
                          2172 seconds since last zeroed
                      25056713 bytes received
                        245436 bytes sent
                        165712 data blocks received
                          1901 data blocks sent
                      24850070 multicast bytes received
                        163482 multicast blocks received
                          5670 multicast bytes sent
                            39 multicast blocks sent
                            44 blocks sent, initially deferred
                            10 blocks sent, single collision
                             5 blocks sent, multiple collisions
                             0 send failures
                             0 receive failures
              To set the ln0 interface counters to zero, enter: #
              netstat -Iln0 -z To display IPv6  routing  entries,
              enter: # netstat -rnf inet6
              Routing     tables     Destination          Gateway
              Flags     Refs     Use Interface
              Route  Tree  for   Protocol   Family   26   default
              Link#8              UCL          0         0   ipt0
              default          Link#1              UCL          0
              0   ln0 default          fe80::a00:2bff:fe2d:2b2 UG
              0         0    ln0   3ffe:1200:4110:1::/64   Link#1
              UCL                 0                0          ln0
              3ffe:1200:4110:1:a00:2bff:fe2c:f632 Link#1  UH    1
              0    ln0  fe80::/10         Link#8              UCL
              0          0     ipt0    fe80::/10           Link#1
              UCL         0        0  ln0 fe80::108c:1056  Link#8
              UHLc         1          4    ipt0   fe80::108c:80e3
              Link#8              UHLc         0         0   ipt0
              fe80::a00:2bff:fe2d:2b2 Link#1       UHLc         1
              0    ln0  ff02::/16         Link#1              UCL
              0           0     ln0    ff02::/16           Link#8
              UCL             0            0      ipt0    ff02::1
              16.140.128.227      UHLVc        0         8   ipt0
              ff02::1           33:33:0:0:0:1       UHLVc       0
              3  ln0  ff02::2           33:33:0:0:0:2       UHLVc
              0         1   ln0  ff02::2           16.140.128.227
              UHLVc          1            2      ipt0     ff02::9
              16.140.128.227      UHLVc       0        4  ipt0 To
              display active IPv6 connections, enter:  #  netstat
              -af inet6
              Active  Internet  connections  (including  servers)
              Proto Recv-Q Send-Q  Local Address             Foreign
  Address           (state) tcp        0      0
              3ffe:1200:4110:1:a00:2bff:fe2c:f632.1054
              host1.corp.com.telnet   ESTABLISHED   tcp         0
              0           *.finger                            *.*
              LISTEN     tcp            0          0     *.telnet
              *.*                         LISTEN   tcp          0
              0            *.ftp                              *.*
              LISTEN To display binding cache  statistics  for  a
              node  that supports IPv6 mobility, enter: # netstat
              -bs
              Mobile IPv6:
                      0 entries in binding cache
                      2 adds
                      2 deletes
                      0 changes
                      2 frees
                      4 lookups To display active  IPsec  connections,
 enter: # netstat -xv Type     Local Selector
              Remote Selector          SPI        Pkts Errs
                  AuthErr     CiphErr      Replays     Algorithms
              Lifetime           ah/tn/o            16.140.64.106
              16.140.64.223            aca02157     13 0
                        0           0           0    hmac-sha1-96
              95/1800  sec  1/204800  KB  ah/tn/i   16.140.64.106
              16.140.64.223            1e98997e     13 0
                        0           0           0    hmac-sha1-96
              95/1800   sec   1/204800   KB  esp/tr/o  10.0.1.106
              10.0.1.223                b12e78c    104 0
                        0        0        0 3des-cbc/hmac-sha1-96
              105/600        sec        esp/tr/i       10.0.1.106
              10.0.1.223               45136ea8    104 0
                        0        0        0 3des-cbc/hmac-sha1-96
              105/600  sec  To display the status of all IKE SAs,
              enter:  #  netstat   -Xv   I/R   Local   identifier
              Remote identifier            Bytes
               I                         ipv4(udp:500,10.0.1.106)
              ipv4(udp:500,0.0.0.0)        788
                  Pre-shared Keys / 3des-cbc / sha1 / hmac-sha1
                  Created: Mon Oct 16 2000 11:48:14
                  Used: Mon Oct 16 2000 11:48:15
                  Expires: Mon Oct 16 2000 11:58:14
                  I-Cookie:     0x7b8736bbf2000000      R-Cookie:
              0x6e3dd6fac7000000
               R                      ipv4(udp:500,16.140.64.106)
              ipv4(udp:500,16.140.64.223)  1250
                  RSA Signature / 3des-cbc / sha1 / hmac-sha1
                  Created: Mon Oct 16 2000 11:48:26
                  Used: Mon Oct 16 2000 11:48:27
                  Expires: Mon Oct 16 2000 12:48:26
                  I-Cookie:     0x7708cf3046000001      R-Cookie:
              0xdb273e99e3000001  To  display the statistics from
              the IPsec kernel packet processing engine, enter: #
              netstat -p ipsec ipsec:
                      13476  total  packets  processed  by  IPsec
              engine
                      13467 IP packets processed by IPsec engine
                      54 AH headers processed
                      246 ESP headers processed
                      2 packets triggered an IKE action
                      192 packets dropped by IPsec
                      13282 packets passed through by IPsec
       Commands:  vmstat(1), route(8)
       Network Administration: Connections
                                                       netstat(1)
[ Back ] |