netstat Command
Purpose
Shows network status.
Syntax
To display active sockets for each protocol or routing table information
/bin/netstat [ -n ] [{-A -a } | { -r -C -i -I Interface } ] [ -f AddressFamily] [ [ -p Protocol ] | [ -@ WparName ] ] [ Interval ]
To display the contents of a network data structure
/bin/netstat [ -m | -M | -s | -ss | -u | -v ] [ -f AddressFamily ] [ [ -p Protocol ] | [ -@ WparName] ] [ Interval]
To display the virtual interface table and multicast forwarding cache
/bin/netstat -g
To display the packet counts throughout the communications subsystem
/bin/netstat -D
To display the network buffer cache statistics
/bin/netstat -c
To display the data link provider interface statistics
/bin/netstat -P
To clear the associated statistics
/bin/netstat [ -Zc | -Zi | -Zm | -Zs ]
/bin/netstat -K protocol [-F filename] [-w] [-b]Description
The netstat command symbolically displays the contents of various network-related data structures for active connections. The Interval parameter, which is specified in seconds, continuously displays information regarding packet traffic on the configured network interfaces. The Interval parameter takes no flags.
Flags
| Item | Description |
|---|---|
| -A | Shows the address of any protocol control blocks associated with the sockets. This flag acts with the default display and is used for debugging purposes. |
| -a | Shows the state of all sockets. If this flag is not specified, sockets that are used by server processes that are not bound to an interface are not shown. |
| -c | Shows the statistics of the Network Buffer Cache. The Network Buffer Cache is a list of network buffers that contain data objects that can be transmitted to networks. The Network Buffer Cache grows dynamically as data objects are added to or removed from it. The Network Buffer Cache is used by some network kernel interfaces for performance enhancement on the network I/O. The netstat -c command prints the following statistic: |
| -C | Shows the routing tables, including the user-configured and
current costs of each route. The user-configured cost is set by using
the -hopcount flag of the route command. The current
cost can be different than the user-configured cost if Dead Gateway
Detection has changed the cost of the route. In addition to the
costs of the route, it also shows the weight and policy information
associated with each route. These fields are applicable only when
the Multipath Routing Feature is used. The policy information displays
the routing policy that has been currently selected to choose between
the multiple routes available. The policies available are:
If multiple routes are present for the same destination
(multipath routes), one of these routes display the policy value of The weight field is a user-configured weight associated with the route that will be used for Weighted Round-Robin and Weighted Random Policies. For more information about these policies, see the no command. |
| -D | Shows the number of packets received, transmitted, and dropped
in the communications subsystem. Note: In the statistics output, a N/A displayed
in a field value indicates the count is not applicable. For the NFS/RPC
statistics, the number of incoming packets that pass through RPC are
the same packets that pass through NFS, so these numbers are not summed
in the NFS/RPC Total field, thus the N/A. NFS has
no outgoing packet or outgoing packet drop counters specific to NFS
and RPC. Therefore, individual counts have a field value of N/A,
and the cumulative count is stored in the NFS/RPC Total field.
|
| -f AddressFamily | Limits reports of statistics or address control blocks to
those items specified by the AddressFamily variable. The following
address families are recognized:
|
| -g | Shows Virtual Interface Table and Multicast Forwarding Cache information. If used in conjunction with the -s flag, it will show the multicast routing information. |
| -i | Shows the state of all configured interfaces. See Interface
Display Note: The collision count for Ethernet interfaces is not
supported.
|
| -I Interface | Shows the state of the configured interface specified by the Interface variable. |
| -M | Shows network memory's mbuf cluster pool statistics. |
| -m | Shows statistics recorded by the memory management routines. |
| -n | Shows network addresses as numbers. When this flag is not specified, the netstat command interprets addresses where possible and displays them symbolically. This flag can be used with any of the display formats. |
| -o | Used in conjunction with the -a flag to display detailed data about a socket, such as socket options, flags, and buffer statistics. |
| -p Protocol | Shows statistics about the value specified for the Protocol variable, which is either a well-known name for a protocol or an alias for it. Some protocol names and aliases are listed in the /etc/networks file. |
| -P | Shows the statistics of the Data
Link Provider Interface (DLPI). The netstat -P command prints
the following statistic: If DLPI is not loaded, it displays: |
| -r | Shows the routing tables. When used with the -s flag, the-r flag shows routing statistics. See Routing Table Display. |
| -s | Shows statistics for each protocol. |
| -ss | Displays all the non-zero protocol statistics and provides a concise display. |
| -u | Displays information about domain sockets. |
| -v | Shows statistics for CDLI-based communications adapters. This flag causes the netstat command to run the statistics commands for the netstat, tokstat, and fddistat commands. No flags are issued to these device driver commands. See the specific device driver statistics command to obtain descriptions of the statistical output. |
| -w | Starts the user interactive mode. |
| -Zc | Clear network buffer cache statistics. |
| -Zi | Clear interface statistics. |
| -Zm | Clear network memory allocator statistics. |
| -Zs | Clear protocol statistics. To clear statistics for a specific protocol, use -p <protocol>. For example, to clear TCP statistics, type netstat -Zs -p tcp. |
| -@ WparName | Displays the network statistics associated with workload partition (WparName). If no WparName is specified, then show the network statistics for all workload partitions. |
- The -C, -D, -c, -g, -m, -M, -P, -r , -v,
and -Z flags are not supported in the global environment when
used in conjunction with the
-@WparName option. - The -C, -D, -c, -g, -m, -M, -P, -r , -v, and -Z flags are not supported in system workload partitions.
Default Display
- Local and remote addresses
- Send and receive queue sizes (in bytes)
- Protocol
- Internal state of the protocol
Internet address formats are of the form host.port or network.port if
a socket's address specifies a network but no specific host address.
The host address is displayed symbolically if the address can be resolved
to a symbolic host name, while network addresses are displayed symbolically
according to the /etc/networks file.
If a symbolic name for a host is not known or if the -n flag is used, the address is printed numerically, according to the address family. Unspecified addresses and ports appear as an * (asterisk).
Interface Display (netstat -i)
The interface display format provides a table of cumulative statistics for the following items:
- Errors
- Collisions Note: The collision count for Ethernet interfaces is not supported.
- Packets transferred
The interface display also provides the interface name, number, and address as well as the maximum transmission units (MTUs).
Routing Table Display (netstat -r)
The routing table display indicates the available routes and their statuses. Each route consists of a destination host or network and a gateway to use in forwarding packets.
A route is given in the format A.B.C.D/XX, which presents two pieces of information. A.B.C.D indicates the destination address and XX indicates the netmask associated with the route. The netmask is represented by the number of bits set. For example, the route 9.3.252.192/26 has a netmask of 255.255.255.192, which has 26 bits set.
The routing table contains the following fields:
| Item | Description |
|---|---|
| WPAR | Displays the name of the workload partition
to which this route belongs. This field is only present when the -@ flag
is used with the -r flag. For routes belonging to the global
system, Global is displayed in this column. |
| Flags | The flags field of the routing table shows the state
of the route:
Direct routes are created for each interface attached to the local host. |
| Gateway | The gateway field for these entries shows the address of the outgoing interface. |
| Refs | Gives the current number of active uses for the route. Connection-oriented protocols hold on to a single route for the duration of a connection, while connectionless protocols obtain a route while sending to the same destination. |
| Use | Provides a count of the number of packets sent using that route. |
| PMTU | Gives the Path Maximum Transfer Unit (PMTU). AIX® 5.3 does not display the PMTU column. |
| Interface | Indicates the network interfaces utilized for the route. |
| Exp | Displays the time (in minutes) remaining before the route expires. |
| Groups | Provides a list of group IDs associated with that route. |
| Netmasks | Lists the netmasks applied on the system. |
| Route Tree for Protocol Family | Specifies the active address families for existing routes.
Supported values for this field are:
For more information on other address families, refer to the /usr/include/sys/socket.h file. |
When the -@ flag is used with the netstat -r command and no WparName parameter is specified, all of the routes in the system’s route table are displayed. If the WparName parameter is specified and the WPAR-specific routing is enabled for that WPAR, only the routes associated with that WPAR are displayed. If the WparName parameter is specified and the WPAR specific routing is disabled for that WPAR, the routes associated with the global system are displayed.
When a value is specified for the Interval parameter, the netstat command displays a running count of statistics related to network interfaces. This display contains two columns: a column for the primary interface (the first interface found during autoconfiguration) and a column summarizing information for all interfaces.
The primary interface may be replaced with another interface by using the -I flag. The first line of each screen of information contains a summary of statistics accumulated since the system was last restarted. The subsequent lines of output show values accumulated over intervals of the specified length.
Security
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
Examples
- To display routing table information for an Internet
interface, enter the following command:
netstat -r -f inetThis produces the following output:
Routing tables Destination Gateway Flags Refs Use PMTU If Exp Groups Netmasks: (root node) (0)0 ffff f000 0 (0)0 ffff f000 0 (0)0 8123 262f 0 0 0 0 0 (root node) Route Tree for Protocol Family 2: (root node) default 129.35.38.47 UG 0 564 - tr0 - loopback 127.0.0.1 UH 1 202 - lo0 - 129.35.32 129.35.41.172 U 4 30 - tr0 - +staff 129.35.32.117 129.35.41.172 UGHW 0 13 1492 tr0 30 192.100.61 192.100.61.11 U 1 195 - en0 - (root node) Route Tree for Protocol Family 6: (root node) (root node)The -r -f inet flags indicate a request for routing table information for all configured Internet interfaces. The network interfaces are listed in the Interface column; en designates a Standard Ethernet interface, while tr specifies a Token-Ring interface. Gateway addresses are in dotted decimal format.
Note: AIX 5.3 does not display the PMTU column. - To display statistics for GRE Protocol, enter the following command:
netstat -s -p greThis produces the following output:
GRE Interface gre0 10 number of times gre_input got called 8 number of times gre_output got called 0 packets received with protocol not supported 0 packets received with checksum on 0 packets received with routing present 0 packets received with key present 0 packets received with sequence number present 0 packets received with strict source route present 0 packets received with recursion control present 0 packets received where reserved0 non-zero 0 packets received where version non-zero 0 packets discarded 0 packets dropped due to network down 0 packets dropped due to protocol not supported 0 packets dropped due to error in ip output routine 0 packets got by NAT 0 packets got by NAT but not TCP packet 0 packets got by NAT but with IP options - To display statistics for the IPv4 over IPv6 tunnel (GIF tunnel),
enter the following command:
The command produces the following output:netstat -s -p gifGIF Interface gif0 44 total packets received 50 total packets sent 0 packets received with protocol not supported 0 packets received with checksum on 0 packets received with routing present 0 packets received with strict source route present 0 packets received where version non-zero 0 packets discarded 0 packets dropped due to network down 0 packets dropped due to protocol not supported 0 packets dropped due to error in ipv6 output routine - To display interface information for an Internet
interface, enter the following command:
netstat -i -f inetThis produces the following output:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll lo0 16896 Link#1 5161 0 5193 0 0 lo0 16896 127 localhost 5161 0 5193 0 0 lo0 16896 ::1 5161 0 5193 0 0 en1 1500 Link#2 8.0.38.22.8.34 221240 0 100284 0 0 en1 1500 129.183.64 infoserv.frec.bul 221240 0 100284 0 0The -i -f inet flags indicate a request for the status of all configured Internet interfaces. The network interfaces are listed in the Name column; lo designates a loopback interface, en designates a Standard Ethernet interface, while tr specifies a Token-Ring interface.
- To display statistics for each protocol, enter
the following command:
netstat -s -f inetThis produces the following output:
ip: : 44485 total packets received 0 bad header checksums 0 with size smaller than minimum 0 with data size < data length 0 with header length < data size 0 with data length < header length 0 with bad options 0 with incorrect version number 0 fragments received 0 fragments dropped (dup or out of space) 0 fragments dropped after timeout 0 packets reassembled ok 44485 packets for this host 0 packets for unknown/unsupported protocol 0 packets forwarded 0 packets not forwardable 0 redirects sent 1506 packets sent from this host 0 packets sent with fabricated ip header 0 output packets dropped due to no bufs, etc. 0 output packets discarded due to no route 0 output datagrams fragmented 0 fragments created 0 datagrams that can't be fragmented 0 IP Multicast packets dropped due to no receiver 0 successful path MTU discovery cycles 0 path MTU rediscovery cycles attempted 0 path MTU discovery no-response estimates 0 path MTU discovery response timeouts 0 path MTU discovery decreases detected 0 path MTU discovery packets sent 0 path MTU discovery memory allocation failures 0 ipintrq overflows icmp: 0 calls to icmp_error 0 errors not generated 'cuz old message was icmp Output histogram: echo reply: 6 0 messages with bad code fields 0 messages < minimum length 0 bad checksums 0 messages with bad length Input histogram: echo: 19 6 message responses generated igmp:defect 0 messages received 0 messages received with too few bytes 0 messages received with bad checksum 0 membership queries received 0 membership queries received with invalid field(s) 0 membership reports received 0 membership reports received with invalid field(s) 0 membership reports received for groups to which we belong 0 membership reports sent tcp: 1393 packets sent 857 data packets (135315 bytes) 0 data packets (0 bytes) retransmitted 367 URG only packets 0 URG only packets 0 window probe packets 0 window update packets 170 control packets 1580 packets received 790 acks (for 135491 bytes) 60 duplicate acks 0 acks for unsent data 638 packets (2064 bytes) received in-sequence 0 completely duplicate packets (0 bytes) 0 packets with some dup. data (0 bytes duped) 117 out-of-order packets (0 bytes) 0 packets (0 bytes) of data after window 0 window probes 60 window update packets 0 packets received after close 0 discarded for bad checksums 0 discarded for bad header offset fields 0 connection request 58 connection requests 61 connection accepts 118 connections established (including accepts) 121 connections closed (including 0 drops) 0 embryonic connections dropped 845 segments updated rtt (of 847 attempts) 0 resends due to path MTU discovery 0 path MTU discovery terminations due to retransmits 0 retransmit timeouts 0 connections dropped by rexmit timeout 0 persist timeouts 0 keepalive timeouts 0 keepalive probes sent 0 connections dropped by keepalive udp: 42886 datagrams received : 0 incomplete headers 0 bad data length fields 0 bad checksums 0 dropped due to no socket 42860 broadcast/multicast datagrams dropped due to no socket 0 socket buffer overflows 26 delivered 106 datagrams outputip specifies the Internet Protocol; icmp specifies the Information Control Message Protocol; tcp specifies the Transmission Control Protocol; udp specifies the User Datagram Protocol.
Note: AIX 5.3 does not display the PMTU statistics for the IP protocol. - To display device driver statistics, enter the
following command:
netstat -vThe netstat -v command displays the statistics for each CDLI-based device driver that is up. To see sample output for this command, see the tokstat command, the entstat command, or the fddistat command.
- To display information regarding an interface
for which multicast is enabled, and to see group membership, enter
the following command:
netstat -a -I interfaceFor example, if an 802.3 interface was specified, the following output will be produced:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll et0 1492 <Link> 0 0 2 0 0 et0 1492 9.4.37 hun-eth 0 0 2 0 0 224.0.0.1 02:60:8c:0a:02:e7 01:00:5e:00:00:01If instead of -I interface the flag -i is given, then all configured interfaces will be listed. The network interfaces are listed in the Name column; lo designates a loopback interface, et designates an IEEE 802.3 interface, tr designates a Token-Ring interface, while fi specifies an FDDI interface.
The address column has the following meaning. A symbolic name for each interface is shown. Below this symbolic name, the group addresses of any multicast groups that have been joined on that interface are shown. Group address 224.0.0.1 is the special all-hosts-group to which all multicast interfaces belong. The MAC address of the interface (in colon notation) follows the group addresses, plus a list of any other MAC level addresses that are enabled on behalf of IP Multicast for the particular interface.
- To display the packet counts in the communication
subsystem, enter the following command:
netstat -DThe following output will be produced:
Source Ipkts Opkts Idrops Odrops - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tok_dev0 720 542 0 0 ent_dev0 114 4 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - Devices Total 834 546 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tok_dd0 720 542 0 0 ent_dd0 114 4 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - Drivers Total 834 546 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tok_dmx0 720 N/A 0 N/A ent_dmx0 114 N/A 0 N/A - - - - - - - - - - - - - - - - - - - - - - - - - Demuxer Total 834 N/A 0 N/A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IP 773 767 0 0 TCP 536 399 0 0 UDP 229 93 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - Protocols Total 1538 1259 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - lo_if0 69 69 0 0 en_if0 22 8 0 0 tr_if0 704 543 0 1 - - - - - - - - - - - - - - - - - - - - - - - - - Net IF Total 795 620 0 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NFS/RPC Client 519 N/A 0 N/A NFS/RPC Server 0 N/A 0 N/A NFS Client 519 N/A 0 N/A NFS Server 0 N/A 0 N/A - - - - - - - - - - - - - - - - - - - - - - - - - NFS/RPC Total N/A 519 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Note: N/A -> Not Applicable) - To display detailed data of active sockets, enter the following
command:
Output similar to the following is displayed:netstat -aonActive Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 *.13 *.* LISTEN so_options: (ACCEPTCONN|REUSEADDR) q0len:0 qlen:0 qlimit:1000 so_state: (PRIV) timeo:0 uid:0 so_special: (LOCKBALE|MEMCOMPRESS|DISABLE) so_special2: (PROC) sndbuf: hiwat:16384 lowat:4096 mbcnt:0 mbmax:65536 rcvbuf: hiwat:16384 lowat:1 mbcnt:0 mbmax:65536 sb_flags: (SEL) TCP: mss:512 tcp 0 0 *.21 *.* LISTEN so_options: (ACCEPTCONN|REUSEADDR) q0len:0 qlen:0 qlimit:1000 so_state: (PRIV) timeo:0 uid:0 so_special: (LOCKBALE|MEMCOMPRESS|DISABLE) so_special2: (PROC) sndbuf: hiwat:16384 lowat:4096 mbcnt:0 mbmax:65536 rcvbuf: hiwat:16384 lowat:1 mbcnt:0 mbmax:65536 sb_flags: (SEL) TCP: mss:512 ................... ................... - To display the routing table, enter the following command:
Output similar to the following is displayed:netstat -rnRouting tables Destination Gateway Flags Refs Use If PMTU Exp Groups Route Tree for Protocol Family 2 (Internet): default 9.3.149.65 UG 0 24 en0 - - 9.3.149.64 9.3.149.88 UHSb 0 0 en0 - - => 9.3.149.64/27 9.3.149.88 U 1 0 en0 - - 9.3.149.88 127.0.0.1 UGHS 0 1 lo0 - - 9.3.149.95 9.3.149.88 UHSb 0 0 en0 - - 127/8 127.0.0.1 U 11 174 lo0 - - Route Tree for Protocol Family 24 (Internet v6): ::1 ::1 UH 0 0 lo0 - -Note: AIX 5.3 does not display the PMTU column.The character
=>at the end of the line means the line is a duplicate route of the route on the next line.The loopback route (9.3.149.88, 127.0.0.1) and the broadcast routes (with the flags field containing
bindicating broadcast) are automatically created when an interface is configured. Two broadcast routes are added: one to the subnet address and one to the broadcast address of the subnet. The presence of the loopback routes and broadcast routes improve performance. - To display the routing table of a workload partition named
wpar1, enter the following command:
Output similar to the following is displayed:netstat –rn@ wpar1Routing tables WPAR Destination Gateway Flags Refs Use If Exp Groups Route Tree for Protocol Family 2 (Internet): wpar1 default 9.4.150.1 UG 1 13936 en1 - - wpar1 9.4.150.0 9.4.150.57 UHSb 0 0 en1 - - => wpar1 9.4.150/24 9.4.150.57 U 0 0 en0 - - wpar1 9.4.150.57 127.0.0.1 UGHS 0 0 lo0 - - wpar1 9.4.150.255 9.4.150.57 UHSb 0 3 en0 - -