The Netstat command filter

The following parameters can be used to filter the output of the specified report. If you specify a filter parameter on the TSO NETSTAT command, it must be the last parameter on the command line preceded by a left parenthesis.

APPLD/-G appldata: Filter the output of the ALL/-A, ALLConn/-a, and COnn/-c reports using the specified application data appldata. You can enter one filter value at a time that can be 40 characters in length.
APPLname/-N applname: Filter the output of the TELnet/-t report using the specified VTAM® application name applname. You can enter up to six filter values and each specified value can be eight characters in length.

CLIent/-E clientname: Filter the output of the ALL/-A, ALLConn/-a, BYTEinfo/-b, CLient/-e, COnn/-c, SOCKets/-s, and TELnet/-t reports using the specified client name clientname. You can enter up to six filter values and each specified value can be eight characters in length.

CONNType/-X

Filter the report using the specified connection type. You can enter one filter value at a time.

NOTTLSPolicy

Filter the output of the ALLConn/-a and COnn/-c reports, displaying only connections that have not been matched to an Application Transparent Transport Layer Security (AT-TLS) rule. This includes connections that were established while the AT-TLS function was disabled (the value NOTTLS was specified on the TCPCONFIG statement or is in effect by default) and all connections that are not TCP protocol. For TCP connections that were established when the AT-TLS function was enabled, this includes the following connections:

Connections for which AT-TLS policy lookup has not yet occurred (typically the first send or receive has not yet been issued)
Connections for which AT-TLS policy lookup has occurred but no matching rule was found

TTLSPolicy

Filter the output of the ALLConn/-a and COnn/-c reports, displaying only connections that match an Application Transparent Transport Layer Security (AT-TLS) rule. This includes only connections that were established while the AT-TLS function was enabled, for which an AT-TLS policy rule was found with the value TTLSEnabled ON or TTLSEnabled OFF specified in the TTLSGroupAction. Responses can be further limited on AT-TLS connection type. AT-TLS connection type has the following values:

CURRent: Display only connections that are using AT-TLS where the rule and all actions are still available to be used for new connections.

GRoup groupid: Display only connections that are using the AT-TLSgroup specified by the groupid value. The specified groupid value is a number that is assigned by the TCP/IP stack to uniquely identify an AT-TLS group. You can determine the groupid value from the GroupID field that is displayed in the Netstat TTLS/-x GROUP report.

STALE: Display only connections that are using AT-TLS where the rule or at least one action is no longer available to be used for new connections.

DNSAddr/-Q dnsaddr

Filter the output of the RESCache/-q report using the specified DNS IP address dnsaddr. You can enter one filter value at a time. The specified IPv4 dnsaddr value can be 1–15 characters in length; the specified IPv6 dnsaddr value can be 1–45 characters in length.

Restriction: The DNSAddr/-Q filter does not support wildcard characters.

HOSTName/-H hostname

Filter the output of the ALL/-A, ALLConn/-a, BYTEinfo/-b, COnn/-c, RESCache/-q, SOCKets/-s, TELnet/-t, and VCRT/-V reports using the specified host name value hostname. You can enter one filter value at a time and the specified value can be up to 255 characters in length.

Result: For reports other than those produced using the RESCache/-q option, at the end of the report, the Netstat command displays the host name that the resolver used for the resolution and the list of IP addresses returned from the resolver that it used as filters.

Restrictions:

The HOSTName/-H filter supports wildcard characters only for the RESCache/-q option, but not for other options.
With options other than the RESCache/-q option, using the HOSTName filter might cause delays in the output because the hostname value must be resolved (depending on resolver and DNS configuration).
For the RESCache/-q option, the HOSTName/-H filter applies only to the HostName to IPAddress translation portion of the report.

INTFName/-K intfname

Filter the output of the DEvlinks/-d and HOme/-h reports using the specified interface name value intfname. You can enter one filter value at a time and the specified value can be 1–16 characters in length.

For the DEvlinks and HOme report options, the INTFName filter can be one of the following names:

The link name of a network interface that was configured on a LINK profile statement (this option selects one interface).
The interface name of a network interface that was configured on an INTERFACE profile statement (this option selects one interface).
The port name of an OSA-Express feature in QDIO mode. This is the name that is specified on the PORTNAME keyword in the TRLE (this option selects all interfaces that are associated with the OSA-Express port, including an OSAENTA trace interface).
The name of a HiperSockets™ TRLE (this option selects all interfaces that are associated with the HiperSockets TRLE).

Additionally, for the DEvlinks report option, the INTFName filter can also be the interface name of an OSAENTA trace interface, which is EZANTAportname, where the portname value is the name that is specified on the PORTNAME keyword in the TRLE for the OSA-Express port that is being traced (this option selects one interface).

Guideline: For the DEvlinks/-d option, if a network resource has been coded in TCPIP.PROFILE using the DEVICE/LINK/HOME statements, then the intfname value that should be used is the link name that was specified on the LINK profile statement. Otherwise, use the interface name that was specified on the INTERFACE profile statement.

Restriction: The INTFName filter does not support wildcard characters.

IPAddr/-I ipaddrIPAddr/-I ipaddr/prefixlengthIPAddr/-I ipaddr/subnetmask

Filter the report output using the specified IP address ipaddr, ipaddr/prefixlength, or ipaddr/subnetmask. For options other than the RESCache/-q option, you can enter up to six filter values; the RECache/-q option accepts only one filter value at a time in ipaddr format. Each specified IPv4 ipaddr value can be 1–15 characters in length and each selected IPv6 ipaddr value can be 1–45 characters in length.

ipaddr: Filter the output of the ALL/-A, ALLConn/-a, BYTEinfo/-b, COnn/-c, Gate/-g, ND/-n, RESCache/-q, ROUTe/-r, SOCKets/-s, TELnet/-t, VCRT/-V, VDPT/-O, and VIPADCFG/-F reports using the specified IP address ipaddr. For all options except the RESCache/-q option, the default subnet mask 255.255.255.255 is used for IPv4 addresses; for IPv6 addresses, the default prefixlength value 128 is used. The RECache/-q option does not support any default subnet mask or default prefixlength values.

ipaddr/prefixlength: Filter the output of the ALL/-A, ALLConn/-a, BYTEinfo/-b, COnn/-c, ND/-n, ROUTe/-r, SOCKets/-s, TELnet/-t, VCRT/-V, VDPT/-O, and VIPADCFG/-F reports using the specified IP address and prefix length ipaddr/prefixlength. For an IPv4 address, the prefix length range is 1 – 32. For an IPv6 address, the prefix length range is 1 – 128.

ipaddr/subnetmask: Filter the output of the ALL/-A, ALLConn/-a, BYTEinfo/-b, COnn/-c, Gate/-g, ROUTe/-r, SOCKets/-s, TELnet/-t, VCRT/-V, VDPT/-O, and VIPADCFG/-F reports using the specified IP address and subnet mask ipaddr/subnetmask. The IP address ipaddr in this format must be an IPv4 IP address.

Note:

For the Gate/-g option, ipaddr is the destination IP address; it is not the destination network address.
When filtering Gate/-g and ROUTe/-r outputs on a specified IP address, the DEFAULT and DEFAULTNET routes are not displayed.

Guidelines:

For ALL/-A, ALLConn/-a, COnn/-c, and TELnet/-t options, ipaddr can be either the local or remote IP address. For the BYTEinfo/-b option, ipaddr can be a remote IP address. For the SOCKets/-s option, ipaddr can be an address to which the socket is bound or connected. For the VCRT/-V option, ipaddr can be a source IP address, a destination IP address, or a destination XCF IP address. For the VDPT/-O option, ipaddr can be a destination IP address or a destination XCF IP address. For the VIPADCFG/-F option, ipaddr can be a dynamic VIPA address, a destination IP address, or a destination XCF IP address.
For an IPv6-enabled stack (except for RESCache/-q option):
- Both IPv4 and IPv6, ipaddr values are accepted and can be mixed on the IPAddr/-I option.
- For an IPv6-enabled stack, an IPv4-mapped IPv6 address is accepted as a valid ipaddr value and usually provides the same result as its IPv4 address. But, for ROUTE/-r and ND/-n options, an IPv4-mapped IPv6 address is treated as an IPv6 address. If an IPv4-mapped IPv6 address is entered as an ipaddr value for these two options, no matching entry is found.
For the RESCache/-q option, the ipaddr value can be either an IPv4 or IPv6 address regardless of whether the stack is configured for IPv4 or IPv6 operation.

Restrictions:

The IPAddr/-I filter for RESCache/-q, VCRT/-V, VDPT/-O, and VIPADCFG/-F options does not support wildcard characters.
The IPAddr/-I filter for an IPv6 address does not support wildcard characters.
For a UDP endpoint socket, the filter value applies only to the local or source IP address.
For all options except the RESCache/-q option, for an IPv4-only stack, only IPv4 ipaddr values are accepted. The RECache/-q option always accepts IPv4 and IPv6 addresses, regardless of the capability of the stack.
For the ND/-n option, an IPv4 ipaddr value is not accepted.
For the RESCache/-q option, the IPAddr/-I filter applies only to the IPAddress to HostName translation portion of the report.
The RECache/-q option accepts only one filter value at a time in ipaddr format.

IPPort/-B ipaddr+portnum

Filter the report output of the ALL/-A, ALLConn/-a, CONN/-c, SOCKets/-s, TELnet/-t, VCRT/-V, and VDPT/-O reports using the specified IP address and port number. You can enter up to six filter values. Each specified IPv4 ipaddr value can be up to 15 characters in length, denoting a single IPv4 IP address; each specified IPv6 ipaddr value can be up to 45 characters in length, denoting a single IPv6 IP address. Valid portnum values are in the range 0 – 65535. The filter values ipaddr and portnum will match any combination of the local and remote IP address and local and remote port.

Guidelines:

For the ALL/-A, ALLConn/-a, COnn/-c, and TELnet/-t options, the ipaddr value can be either the local or remote IP address. For the SOCKets/-s option, the ipaddr value can be an address to which the socket is bound or connected. For the VCRT/-V option, the ipaddr value can be a source IP address, a destination IP address, or a destination XCF IP address. For the VDPT/-O option, the ipaddr value can be a destination IP address or a destination XCF IP address.
For an IPv6-enabled stack, the following apply:
- Both IPv4 and IPv6 ipaddr values are accepted and can be mixed on the IPPort/-B option.
- An IPv4-mapped IPv6 address is accepted as a valid ipaddr value and usually provides the same result as the IPv4 address.

Restrictions:

The ipaddr value in the IPPort/-B filter does not support wildcard characters.
For an IPv4-only stack, only IPv4 ipaddr values are accepted.
For a UDP endpoint socket, the filter value applies only to the local or source IP address and port.
An entry is returned only when both the ipaddr and portnum values match.

LUName/-L luname: Filter the output of the TELnet/-t report using the specified LU name luname. You can enter up to six filter values and each specified value can be up to eight characters in length.

NOTN3270/-T: Filter the output of the ALL/-A, ALLConn/-A, BYTEinfo/-b, CLient/-e, COnn/-c, and SOCKets/-s reports, excluding TN3270 server connections.

POLicyn/-Y policyname: Filter the output of the SLAP/-j report using the specified policy rule name policyname. You can enter one filter value at a time and the specified value can be up to 48 characters in length.

POrt/-P portnum

Filter the output of the ALL/-A, ALLConn/-a, COnn/-c, PORTList/-o, SOCKets/-s, TELnet/-t, VCRT/-V, and VDPT/-O reports using the specified port number portnum. You can enter up to six filter values.

Guidelines:

The port number can be either a local port or a remote port.
For the SOCKets/-s option, the port can be a port to which the socket is bound or connected.
For the ALL/-A, ALLConn/-a, COnn/-c, SOCKets/-s, TELnet/-t, VCRT/-V, and VDPT/-O reports, the port value range is 0-65535
For the PORTList/-o option only, the port value range is 1-65535 and you can also filter on the keyword UNRSV

Restriction:

No wildcards are allowed.
For a UDP endpoint socket, the filter value applies only to the local or source IP address.

SMCID/-U smcid

Filter the output of the ALL/-A, ALLConn/-a, COnn/-c, and DEvlinks/-d reports by using the specified Shared Memory Communications over Remote Direct Memory Access (SMC-R) link or link group identifier smcid. If an asterisk (*) is specified for the filter value, Netstat provides output only for the entries that are associated with SMC-R link, and link groups. You can enter one filter value at a time.

Except for POrt/-P, INTFName/-K, CONNType/-X TTLSPolicy GRoup groupid, DNSAddr/-Q, SMCID/-U and IPPort/-B, the filter value can be a complete or partial string using wildcard characters. A wildcard character can be an asterisk (*), which matches a null string or any character or character string, at the same position. A wildcard character can be a question mark (?), which matches any single character at the same position. For example, a string searchee matches with *ar?he*, but the string searhee does not match with *ar?he*. If you want to use the wildcard character on the IPAddr/-I parameter, you must specify the value in the ipaddr format. The wildcard character is not accepted for the ipaddr/subnetmask or ipaddr/prefixlen format of IPAddr/-I values.

When you use z/OS UNIX netstat/onetstat command in a z/OS UNIX shell environment, take care when you use a z/OS UNIX MVS™ special character in a character string such as using a wildcard character in a filter value. It might cause an unpredictable result. To be safe, if you want to use a z/OS UNIX MVS special character in a character string, surround the character string with single (') or double (") quotation marks. For example, to use an asterisk (*) in the IP address, 10.*.0.0 for the -I filter, issue the command as: netstat -g -I '10.*.0.0' or netstat -g -I "10.*.0.0".