netstat command

Purpose

Shows network status.

Syntax

To display active sockets for each protocol or routing table information:

netstat [ -num ] [ -routtable ] [ -routinfo] [ -state ] [ -socket ] [ -protocol Protocol ] [ Interval ]

To display the contents of a network data structure:

netstat [ -stats | -cdlistats ] [ -protocol protocol ] [ Interval ]

To display the address resolution protocol:

netstat -arp

To clear all statistics:

netstat -clear

Description

The netstat command symbolically displays the contents of various network-related data structures for active connections.

Flags

Flag name Description
-arp Displays address resolution interfaces.
-cdlistats Shows statistics for CDLI-based communications adapters.
-clear Clears all statistics.
-num Shows network addresses as numbers. When this flag is not specified, the netstat command interprets addresses where possible and displays them symbolically. This flag can be used with any of the display formats.
-protocol protocol Shows statistics about the value specified for the protocol variable, which is either a well-known name for a protocol or an alias for it. A null response means that there are no numbers to report. The program report of the value specified for this variable is unknown if there is no statistics routine for it.
-routinfo Shows the routing tables, including the user-configured and current costs of each route.
-routtable Shows the routing tables. When used with the -stats flag, the -routtable flag shows routing statistics. See Routing Table Display.
-socket Displays the network sockets.
-state Shows the state of all configured interfaces.
The interface display format provides a table of cumulative statistics for the following items:
  • Errors
  • Collisions
    Note: The collision count for Ethernet interfaces is not shown.
  • Packets transferred

The interface information that is displayed also provides the interface name, number, and address, as well as the maximum transmission units (MTUs).
-stats Shows statistics for each protocol.
Interval Continuously displays information, in seconds, regarding packet traffic on the configured network interfaces.

Default Display

The default display for active sockets shows the following items:
  • Local and remote addresses
  • Send and receive queue sizes (in bytes)
  • Protocol
  • Internal state of the protocol

Internet address formats are of the form host.port or network.port if a socket's address specifies a network but no specific host address. If the address can be resolved to a symbolic host name, the host address, as well as network addresses, are displayed symbolically.

NS addresses are 12-bytes in length, consisting of a 4-byte network number, a 6-byte host number and a 2-byte port number, all stored in network standard format. For VAX architecture, the word and byte are reversed.

If a symbolic name for a host is not known or if you specified the -num flag, the address is printed numerically, according to the address family. Unspecified addresses and ports appear as an * (asterisk).

Interface Display

The interface display format provides a table of cumulative statistics for the following items:
  • Errors
  • Collisions
    Note: The collision count for Ethernet interfaces is not applicable.
  • Packets transferred

The interface display also provides the interface name, number, and address as well as the maximum transmission units (MTUs).

Routing table display

The routing table display indicates the available routes and their statuses. Each route consists of a destination host or network and a gateway to use in forwarding packets.

A route is given in the format A.B.C.D/XX, which presents two pieces of information. A.B.C.D indicates the destination address and XX indicates the netmask associated with the route. The netmask is represented by the number of bits that are set. For example, the route 9.3.252.192/26 has a netmask of 255.255.255.192, which has 26 bits set.

The routing table contains the following fields:
Field Description
Flags The flags field in the routing table shows the state of the route:
A
An Active Dead Gateway Detection is enabled on the route
U
Up
H
The route is to a host rather than to a network
G
The route is to a gateway
D
The route was created dynamically by a redirect
M
The route has been modified by a redirect
L
The link-level address is present in the route entry
c
Access to this route creates a cloned route
W
The route is a cloned route
1
Protocol-specific routing flag #1
2
Protocol-specific routing flag #2
3
Protocol-specific routing flag #3
b
The route represents a broadcast address
e
Has a binding cache entry
l
The route represents a local address
m
The route represents a multicast address
P
Pinned route
R
Host or net unreachable
S
Manually added
u
Route usable
s
The group routing stopsearch option is enabled on the route

Direct routes are created for each interface attached to the local host.
Gateway Shows the address of the outgoing interface.
Refs Shows the current number of active uses for the route. Connection-oriented protocols hold on to a single route for the duration of a connection, while connectionless protocols obtain a route while sending to the same destination.
Use Provides a count of the number of packets sent using that route.
PMTU Lists the Path Maximum Transfer Unit (PMTU).
Interface Indicates the network interfaces utilized for the route.
Exp Displays the time (in minutes) remaining before the route expires.
Groups Provides a list of group IDs associated with that route.
Netmasks Lists the netmasks applied on the system.
Route Tree for Protocol Family Specifies the active address families for existing routes. Values for this field are as follows:
1
Specifies the UNIX address family
2
Specifies the Internet address family (for example, TCP and UDP)
3
Specifies the Xerox Network System (XNS) address family

When a value is specified for the Interval variable, the netstat command displays a running count of statistics related to network interfaces. This display contains two columns: a column for the primary interface (the first interface found during autoconfiguration) and a column summarizing information for all interfaces. The first line contains a summary of statistics accumulated since the system was last restarted. The subsequent lines of output show values accumulated over intervals of the specified length.

Exit Status

See Exit status for Virtual I/O Server commands.

Examples

  1. To display routing table information for an Internet interface, type the following command: 
    netstat -routtable

    This produces the output similar to the following: 

    Routing tables
Destination      Gateway           Flags   Refs     Use  If   PMTU Exp Groups

Route tree for Protocol Family 2 (Internet):
default          129.3.141.1       UGc       0        0  en0     -   -  
129.33.140/23    127.0.0.1         U         6       53  en0     -   -  
129.33.41.2      localhost         UGHS      6      115  lo0     -   -  
129.45.41.2      129.3.41.1        UGHW      1      602  en0  1500   -  
dcefs100         129.31.41.1       UGHW      1        2  en0     -   -  
192.100.61       localhost         U         7    14446  lo0     -   -  

Route tree for Protocol Family 24 (Internet v6):
::1              ::1               UH        0        0  lo0 16896   -
  2. To display interface information for an Internet interface, type the following command: 
    netstat -state

    This produces the output similar to the following: 

    Name  Mtu   Network     Address              Ipkts Ierrs    Opkts Oerrs  Coll
en0   1500  link#2      0.5.20.4.0.4e       874986     0    22494     0     0
en0   1500  90.34.14    hostname            874986     0    22494     0     0
lo0   16896 link#1                           14581     0    14590     0     0
lo0   16896 129         localhost            14581     0    14590     0     0
lo0   16896 ::1                              14581     0    14590     0     0
  3. To display network sockets, type the following command: 
    netstat -socket

Related Information

The mktcpip command, the hostname command, the startnetsvc command, the stopnetsvc command, the cfglnagg command, the entstat command, the cfgnamesrv command, the hostmap command, the traceroute command, the ping command, and the optimizenet command.

Parent topic: Virtual I/O Server and Integrated Virtualization Manager commands listed alphabetically
Parent topic: Network commands


Last updated: Wed, November 18, 2020