Print this page
XXXX adding PID information to netstat output
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/netstat.1m.man.txt
+++ new/usr/src/man/man1m/netstat.1m.man.txt
1 1 NETSTAT(1M) Maintenance Commands NETSTAT(1M)
2 2
3 3
4 4
5 5 NAME
6 6 netstat - show network status
7 7
8 8 SYNOPSIS
9 - netstat [-anvR] [-f address_family] [-P protocol]
9 + netstat [-anuvR] [-f address_family] [-P protocol]
10 10
11 11
12 12 netstat -g [-nv] [-f address_family]
13 13
14 14
15 15 netstat -p [-n] [-f address_family]
16 16
17 17
18 18 netstat -s [-f address_family] [-P protocol]
19 19 [-T u | d ] [interval [count]]
20 20
21 21
22 22 netstat -m [-T u | d ] [-v] [interval [count]]
23 23
24 24
25 25 netstat -i [-I interface] [-an] [-f address_family]
26 26 [-T u | d ] [interval [count]]
27 27
28 28
29 29 netstat -r [-anvR] [-f address_family | filter]
30 30
31 31
32 32 netstat -M [-ns] [-f address_family]
33 33
34 34
35 35 netstat -D [-I interface] [-f address_family]
36 36
37 37
38 38 DESCRIPTION
39 39 The netstat command displays the contents of certain network-related
40 40 data structures in various formats, depending on the options you
41 41 select.
42 42
43 43 The netstat command has the several forms shown in the SYNOPSIS
44 44 section, above, listed as follows:
45 45
46 46 o The first form of the command (with no required arguments)
47 47 displays a list of active sockets for each protocol.
48 48
49 49 o The second, third, and fourth forms (-g, -p, and -s options)
50 50 display information from various network data structures.
51 51
52 52 o The fifth form (-m option) displays STREAMS memory
53 53 statistics.
54 54
55 55 o The sixth form (-i option) shows the state of the
56 56 interfaces.
57 57
58 58 o The seventh form (-r option) displays the routing table.
59 59
60 60 o The eighth form (-M option) displays the multicast routing
61 61 table.
62 62
63 63 o The ninth form (-D option) displays the state of DHCP on one
64 64 or all interfaces.
65 65
66 66 These forms are described in greater detail below.
67 67
68 68 With no arguments (the first form), netstat displays connected sockets
69 69 for PF_INET, PF_INET6, and PF_UNIX, unless modified otherwise by the -f
70 70 option.
71 71
72 72 OPTIONS
73 73 -a
74 74
75 75 Show the state of all sockets, all routing table entries, or all
76 76 interfaces, both physical and logical. Normally, listener sockets
77 77 used by server processes are not shown. Under most conditions, only
78 78 interface, host, network, and default routes are shown and only the
79 79 status of physical interfaces is shown.
80 80
81 81
82 82 -f address_family
83 83
84 84 Limit all displays to those of the specified address_family. The
85 85 value of address_family can be one of the following:
86 86
87 87 inet
88 88 For the AF_INET address family showing IPv4 information.
89 89
90 90
91 91 inet6
92 92 For the AF_INET6 address family showing IPv6 information.
93 93
94 94
95 95 unix
96 96 For the AF_UNIX address family.
97 97
98 98
99 99
100 100 -f filter
101 101
102 102 With -r only, limit the display of routes to those matching the
103 103 specified filter. A filter rule consists of a keyword:value pair.
104 104 The known keywords and the value syntax are:
105 105
106 106 af:{inet|inet6|unix|number}
107 107
108 108 Selects an address family. This is identical to -f
109 109 address_family and both syntaxes are supported.
110 110
111 111
112 112 outif:{name|ifIndex|any|none}
113 113
114 114 Selects an output interface. You can specify the interface by
115 115 name (such as hme0) or by ifIndex number (for example, 2). If
116 116 any is used, the filter matches all routes having a specified
117 117 interface (anything other than null). If none is used, the
118 118 filter matches all routes having a null interface. Note that
119 119 you can view the index number (ifIndex) for an interface with
120 120 the -a option of ifconfig(1M).
121 121
122 122
123 123 dst:{ip-address[/mask]|any|none}
124 124
125 125 Selects a destination IP address. If specified with a mask
126 126 length, then any routes with matching or longer (more specific)
127 127 masks are selected. If any is used, then all but addresses but
128 128 0 are selected. If none is used, then address 0 is selected.
129 129
130 130
131 131 flags:[+ -]?[ABDGHLMSU]+
132 132
133 133 Selects routes tagged with the specified flags. By default, the
134 134 flags as specified must be set in order to match. With a
135 135 leading +, the flags specified must be set but others are
136 136 ignored. With a leading -, the flags specified must not be set
137 137 and others are permitted.
138 138
139 139 You can specify multiple instances of -f to specify multiple
140 140 filters. For example:
141 141
142 142 % netstat -nr -f outif:hme0 -f outif:hme1 -f dst:10.0.0.0/8
143 143
144 144
145 145 The preceding command displays routes within network 10.0.0.0/8,
146 146 with mask length 8 or greater, and an output interface of either
147 147 hme0 or hme1, and excludes all other routes.
148 148
149 149
150 150 -g
151 151
152 152 Show the multicast group memberships for all interfaces. If the -v
153 153 option is included, source-specific membership information is also
154 154 displayed. See DISPLAYS, below.
155 155
156 156
157 157 -i
158 158
159 159 Show the state of the interfaces that are used for IP traffic.
160 160 Normally this shows statistics for the physical interfaces. When
161 161 combined with the -a option, this will also report information for
162 162 the logical interfaces. See ifconfig(1M).
163 163
164 164
165 165 -m
166 166
167 167 Show the STREAMS memory statistics.
168 168
169 169
170 170 -n
171 171
172 172 Show network addresses as numbers. netstat normally displays
173 173 addresses as symbols. This option may be used with any of the
174 174 display formats.
175 175
176 176
177 177 -p
178 178
179 179 Show the net to media tables. See DISPLAYS, below.
180 180
181 181
182 182 -r
183 183
184 184 Show the routing tables. Normally, only interface, host, network,
185 185 and default routes are shown, but when this option is combined with
186 186 the -a option, all routes will be displayed, including cache. If
187 187 you have not set up a multicast route, -ra might not show any
188 188 multicast routing entries, although the kernel will derive such an
189 189 entry if needed.
190 190
191 191
192 192 -s
193 193
194 194 Show per-protocol statistics. When used with the -M option, show
195 195 multicast routing statistics instead. When used with the -a option,
196 196 per-interface statistics will be displayed, when available, in
197 197 addition to statistics global to the system. See DISPLAYS, below.
198 198
|
↓ open down ↓ |
179 lines elided |
↑ open up ↑ |
199 199
200 200 -T u | d
201 201
202 202 Display a time stamp.
203 203
204 204 Specify u for a printed representation of the internal
205 205 representation of time. See time(2). Specify d for standard date
206 206 format. See date(1).
207 207
208 208
209 + -u
210 +
211 + When specified, for each network endpoint netstat will print the
212 + list of the processes currently have an open file descriptor
213 + pointing to that endpoint. netstat will list the username, process
214 + id, and the program for each process in that list.
215 +
216 +
209 217 -v
210 218
211 219 Verbose. Show additional information for the sockets, STREAMS
212 220 memory statistics, routing table, and multicast group memberships.
213 221
214 222
215 223 -I interface
216 224
217 225 Show the state of a particular interface. interface can be any
218 226 valid interface such as hme0 or eri0. Normally, the status and
219 227 statistics for physical interfaces are displayed. When this option
220 228 is combined with the -a option, information for the logical
221 229 interfaces is also reported.
222 230
223 231
224 232 -M
225 233
226 234 Show the multicast routing tables. When used with the -s option,
227 235 show multicast routing statistics instead.
228 236
229 237
230 238 -P protocol
231 239
232 240 Limit display of statistics or state of all sockets to those
233 241 applicable to protocol. The protocol can be one of ip, ipv6, icmp,
234 242 icmpv6, icmp, icmpv6, igmp, udp, tcp, rawip. rawip can also be
235 243 specified as raw. The command accepts protocol options only as all
236 244 lowercase.
237 245
238 246
239 247 -D
240 248
241 249 Show the status of DHCP configured interfaces.
242 250
243 251
244 252 -R
245 253
246 254 This modifier displays extended security attributes for sockets and
247 255 routing table entries. The -R modifier is available only if the
248 256 system is configured with the Solaris Trusted Extensions feature.
249 257
250 258 With -r only, this option displays the routing entries' gateway
251 259 security attributes. See route(1M) for more information on security
252 260 attributes.
253 261
254 262 When displaying socket information using the first form of the
255 263 command, this option displays additional information for Multi-
256 264 Level Port(MLP) sockets. This includes:
257 265
258 266 o The label for the peer if the socket is connected.
259 267
260 268 o The following flags can be appended to the socket's
261 269 "State" output:
262 270
263 271
264 272 P
265 273 The socket is a MLP on zone-private IP addresses.
266 274
267 275
268 276 S
269 277 The socket is a MLP on IP addresses shared between
270 278 zones.
271 279
272 280 OPERANDS
273 281 interval
274 282 Display statistics accumulated since last display every
275 283 interval seconds, repeating forever, unless count is
276 284 specified. When invoked with interval, the first row of
277 285 netstat output shows statistics accumulated since last
278 286 reboot.
279 287
280 288 The following options support interval: -i, -m, -s and -Ms.
281 289 Some values are configuration parameters and are just
282 290 redisplayed at each interval.
283 291
284 292
285 293 count
286 294 Display interface statistics the number of times specified
287 295 by count, at the interval specified by interval.
288 296
289 297
290 298 DISPLAYS
291 299 Active Sockets (First Form)
292 300 The display for each active socket shows the local and remote address,
293 301 the send and receive queue sizes (in bytes), the send and receive
294 302 windows (in bytes), and the internal state of the protocol.
295 303
296 304 The symbolic format normally used to display socket addresses is
297 305 either:
298 306
299 307 hostname.port
300 308
301 309 when the name of the host is specified, or
302 310
303 311 network.port
304 312
305 313 if a socket address specifies a network but no specific host.
306 314
307 315 The numeric host address or network number associated with the socket
308 316 is used to look up the corresponding symbolic hostname or network name
309 317 in the hosts or networks database.
310 318
311 319 If the network or hostname for an address is not known, or if the -n
312 320 option is specified, the numerical network address is shown.
313 321 Unspecified, or "wildcard", addresses and ports appear as an asterisk
314 322 (*). For more information regarding the Internet naming conventions,
315 323 refer to inet(7P) and inet6(7P).
316 324
317 325 For SCTP sockets, because an endpoint can be represented by multiple
318 326 addresses, the verbose option (-v) displays the list of all the local
319 327 and remote addresses.
320 328
321 329 TCP Sockets
322 330 The possible state values for TCP sockets are as follows:
323 331
324 332 BOUND
325 333 Bound, ready to connect or listen.
326 334
327 335
328 336 CLOSED
329 337 Closed. The socket is not being used.
330 338
331 339
332 340 CLOSING
333 341 Closed, then remote shutdown; awaiting acknowledgment.
334 342
335 343
336 344 CLOSE_WAIT
337 345 Remote shutdown; waiting for the socket to close.
338 346
339 347
340 348 ESTABLISHED
341 349 Connection has been established.
342 350
343 351
344 352 FIN_WAIT_1
345 353 Socket closed; shutting down connection.
346 354
347 355
348 356 FIN_WAIT_2
349 357 Socket closed; waiting for shutdown from remote.
350 358
351 359
352 360 IDLE
353 361 Idle, opened but not bound.
354 362
355 363
356 364 LAST_ACK
357 365 Remote shutdown, then closed; awaiting acknowledgment.
358 366
359 367
360 368 LISTEN
361 369 Listening for incoming connections.
362 370
363 371
364 372 SYN_RECEIVED
365 373 Initial synchronization of the connection under way.
366 374
367 375
368 376 SYN_SENT
369 377 Actively trying to establish connection.
370 378
371 379
372 380 TIME_WAIT
373 381 Wait after close for remote shutdown retransmission.
374 382
375 383
376 384 SCTP Sockets
377 385 The possible state values for SCTP sockets are as follows:
378 386
379 387 CLOSED
380 388 Closed. The socket is not being used.
381 389
382 390
383 391 LISTEN
384 392 Listening for incoming associations.
385 393
386 394
387 395 ESTABLISHED
388 396 Association has been established.
389 397
390 398
391 399 COOKIE_WAIT
392 400 INIT has been sent to the peer, awaiting
393 401 acknowledgment.
394 402
395 403
396 404 COOKIE_ECHOED
397 405 State cookie from the INIT-ACK has been sent to
398 406 the peer, awaiting acknowledgement.
399 407
400 408
401 409 SHUTDOWN_PENDING
402 410 SHUTDOWN has been received from the upper layer,
403 411 awaiting acknowledgement of all outstanding DATA
404 412 from the peer.
405 413
406 414
407 415 SHUTDOWN_SENT
408 416 All outstanding data has been acknowledged in the
409 417 SHUTDOWN_SENT state. SHUTDOWN has been sent to
410 418 the peer, awaiting acknowledgement.
411 419
412 420
413 421 SHUTDOWN_RECEIVED
414 422 SHUTDOWN has been received from the peer, awaiting
415 423 acknowledgement of all outstanding DATA.
416 424
417 425
418 426 SHUTDOWN_ACK_SENT
419 427 All outstanding data has been acknowledged in the
420 428 SHUTDOWN_RECEIVED state. SHUTDOWN_ACK has been
421 429 sent to the peer.
422 430
423 431
424 432 Network Data Structures (Second Through Fifth Forms)
425 433 The form of the display depends upon which of the -g, -m, -p, or -s
426 434 options you select.
427 435
428 436 -g
429 437 Displays the list of multicast group membership.
430 438
431 439
432 440 -m
433 441 Displays the memory usage, for example, STREAMS mblks.
434 442
435 443
436 444 -p
437 445 Displays the net to media mapping table. For IPv4, the address
438 446 resolution table is displayed. See arp(1M). For IPv6, the
439 447 neighbor cache is displayed.
440 448
441 449
442 450 -s
443 451 Displays the statistics for the various protocol layers.
444 452
445 453
446 454
447 455 The statistics use the MIB specified variables. The defined values for
448 456 ipForwarding are:
449 457
450 458 forwarding(1)
451 459 Acting as a gateway.
452 460
453 461
454 462 not-forwarding(2)
455 463 Not acting as a gateway.
456 464
457 465
458 466
459 467 The IPv6 and ICMPv6 protocol layers maintain per-interface statistics.
460 468 If the -a option is specified with the -s option, then the per-
461 469 interface statistics as well as the total sums are displayed.
462 470 Otherwise, just the sum of the statistics are shown.
463 471
464 472 For the second, third, and fourth forms of the command, you must
465 473 specify at least -g, -p, or -s. You can specify any combination of
466 474 these options. You can also specify -m (the fifth form) with any set of
467 475 the -g, -p, and -s options. If you specify more than one of these
468 476 options, netstat displays the information for each one of them.
469 477
470 478 Interface Status (Sixth Form)
471 479 The interface status display lists information for all current
472 480 interfaces, one interface per line. If an interface is specified using
473 481 the -I option, it displays information for only the specified
474 482 interface.
475 483
476 484 The list consists of the interface name, mtu (maximum transmission
477 485 unit, or maximum packet size)(see ifconfig(1M)), the network to which
478 486 the interface is attached, addresses for each interface, and counter
479 487 associated with the interface. The counters show the number of input
480 488 packets, input errors, output packets, output errors, and collisions,
481 489 respectively. For Point-to-Point interfaces, the Net/Dest field is the
482 490 name or address on the other side of the link.
483 491
484 492 If the -a option is specified with either the -i option or the -I
485 493 option, then the output includes names of the physical interface(s),
486 494 counts for input packets and output packets for each logical interface,
487 495 plus additional information.
488 496
489 497 If the -n option is specified, the list displays the IP address instead
490 498 of the interface name.
491 499
492 500 If an optional interval is specified, the output will be continually
493 501 displayed in interval seconds until interrupted by the user or until
494 502 count is reached. See OPERANDS.
495 503
496 504 The physical interface is specified using the -I option. When used with
497 505 the interval operand, output for the -I option has the following
498 506 format:
499 507
500 508 input eri0 output input (Total) output
501 509 packets errs packets errs colls packets errs packets errs colls
502 510 227681 0 659471 1 502 261331 0 99597 1 502
503 511 10 0 0 0 0 10 0 0 0 0
504 512 8 0 0 0 0 8 0 0 0 0
505 513 10 0 2 0 0 10 0 2 0 0
506 514
507 515
508 516 If the input interface is not specified, the first interface of address
509 517 family inet or inet6 will be displayed.
510 518
511 519 Routing Table (Seventh Form)
512 520 The routing table display lists the available routes and the status of
513 521 each. Each route consists of a destination host or network, and a
514 522 gateway to use in forwarding packets. The flags column shows the status
515 523 of the route. These flags are as follows:
516 524
517 525 U
518 526 Indicates route is up.
519 527
520 528
521 529 G
522 530 Route is to a gateway.
523 531
524 532
525 533 H
526 534 Route is to a host and not a network.
527 535
528 536
529 537 M
530 538 Redundant route established with the -multirt option.
531 539
532 540
533 541 S
534 542 Route was established using the -setsrc option.
535 543
536 544
537 545 D
538 546 Route was created dynamically by a redirect.
539 547
540 548
541 549
542 550 If the -a option is specified, there will be routing entries with the
543 551 following flags:
544 552
545 553 A
546 554 Combined routing and address resolution entries.
547 555
548 556
549 557 B
550 558 Broadcast addresses.
551 559
552 560
553 561 L
554 562 Local addresses for the host.
555 563
556 564
557 565 Interface routes are created for each interface attached to the local
558 566 host; the gateway field for such entries shows the address of the
559 567 outgoing interface.
560 568
561 569 The use column displays the number of packets sent using a combined
562 570 routing and address resolution (A) or a broadcast (B) route. For a
563 571 local (L) route, this count is the number of packets received, and for
564 572 all other routes it is the number of times the routing entry has been
565 573 used to create a new combined route and address resolution entry.
566 574
567 575 The interface entry indicates the network interface utilized for the
568 576 route.
569 577
570 578 Multicast Routing Tables (Eighth Form)
571 579 The multicast routing table consists of the virtual interface table and
572 580 the actual routing table.
573 581
574 582 DHCP Interface Information (Ninth Form)
575 583 The DHCP interface information consists of the interface name, its
576 584 current state, lease information, packet counts, and a list of flags.
577 585
578 586 The states correlate with the specifications set forth in RFC 2131.
579 587
580 588 Lease information includes:
581 589
582 590 o when the lease began;
583 591
584 592 o when lease renewal will begin; and
585 593
586 594 o when the lease will expire.
587 595
588 596
589 597 The flags currently defined include:
590 598
591 599 BOOTP
592 600 The interface has a lease obtained through BOOTP (IPv4
593 601 only).
594 602
595 603
596 604 BUSY
597 605 The interface is busy with a DHCP transaction.
598 606
599 607
600 608 PRIMARY
601 609 The interface is the primary interface. See dhcpinfo(1) and
602 610 ifconfig(1M).
603 611
604 612
605 613 FAILED
606 614 The interface is in failure state and must be manually
607 615 restarted.
608 616
609 617
610 618 Packet counts are maintained for the number of packets sent, the number
611 619 of packets received, and the number of lease offers declined by the
612 620 DHCP client. All three counters are initialized to zero and then
613 621 incremented while obtaining a lease. The counters are reset when the
614 622 period of lease renewal begins for the interface. Thus, the counters
615 623 represent either the number of packets sent, received, and declined
616 624 while obtaining the current lease, or the number of packets sent,
617 625 received, and declined while attempting to obtain a future lease.
618 626
619 627 FILES
620 628 /etc/default/inet_type
621 629 DEFAULT_IP setting
622 630
623 631
624 632 SEE ALSO
625 633 arp(1M), dhcpinfo(1), dhcpagent(1M), ifconfig(1M), iostat(1M),
626 634 kstat(1M), mibiisa(1M), ndp(1M), savecore(1M), vmstat(1M), hosts(4),
627 635 inet_type(4), networks(4), protocols(4), services(4), attributes(5),
628 636 dhcp(5), kstat(7D), inet(7P), inet6(7P)
629 637
630 638
631 639 Droms, R., RFC 2131, Dynamic Host Configuration Protocol, Network
632 640 Working Group, March 1997.
633 641
634 642
635 643 Droms, R. RFC 3315, Dynamic Host Configuration Protocol for IPv6
636 644 (DHCPv6). Cisco Systems. July 2003.
637 645
638 646 NOTES
639 647 When displaying interface information, netstat honors the DEFAULT_IP
640 648 setting in /etc/default/inet_type. If it is set to IP_VERSION4, then
641 649 netstat will omit information relating to IPv6 interfaces, statistics,
642 650 connections, routes and the like.
643 651
644 652 However, you can override the DEFAULT_IP setting in
645 653 /etc/default/inet_type on the command-line. For example, if you have
646 654 used the command-line to explicitly request IPv6 information by using
647 655 the inet6 address family or one of the IPv6 protocols, it will override
648 656 the DEFAULT_IP setting.
649 657
650 658 If you need to examine network status information following a kernel
651 659 crash, use the mdb(1) utility on the savecore(1M) output.
652 660
653 661 The netstat utility obtains TCP statistics from the system by opening
654 662 /dev/tcp and issuing queries. Because of this, netstat might display an
655 663 extra, unused connection in IDLE state when reporting connection
656 664 status.
657 665
|
↓ open down ↓ |
439 lines elided |
↑ open up ↑ |
658 666 Previous versions of netstat had undocumented methods for reporting
659 667 kernel statistics published using the kstat(7D) facility. This
660 668 functionality has been removed. Use kstat(1M) instead.
661 669
662 670 netstat restricts its output to information that is relevant to the
663 671 zone in which netstat runs. (This is true for both shared-IP and
664 672 exclusive-IP zones.)
665 673
666 674
667 675
668 - September 2, 2015 NETSTAT(1M)
676 + July 12, 2016 NETSTAT(1M)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX