------------------------------------------------------------------------------- Commands Reference, Volume 4 ------------------------------------------------------------------------------- netstat Command Purpose Shows network status. Syntax To Display Active Sockets for Each Protocol or Routing Table Information /bin/netstat [ -n ] [ { -A -a } | { -r -C -i -I Interface } ] [ -f AddressFamily ] [ -p Protocol ] [ Interval ] [ System ] To Display the Contents of a Network Data Structure /bin/netstat [ -m | -s | -ss | -u | -v ] [ -f AddressFamily ] [ -p Protocol ] [ Interval ] [ System ] To Display the Packet Counts Throughout the Communications Subsystem /bin/netstat -D To Display the Network Buffer Cache Statistics /bin/netstat -c To Display the Data Link Provider Interface Statistics /bin/netstat -P To Clear the Associated Statistics /bin/netstat [ -Zc | -Zi | -Zm | -Zs ] Description The netstat command symbolically displays the contents of various network-related data structures for active connections. The Interval parameter, specified in seconds, continuously displays information regarding packet traffic on the configured network interfaces. The Interval parameter takes no flags. The System parameter specifies the memory used by the current kernel. Unless you are looking at a dump file, the System parameter should be /unix. Flags -A Shows the address of any protocol control blocks associated with the sockets. This flag acts with the default display and is used for debugging purposes. -a Shows the state of all sockets. Without this flag, sockets used by server processes are not shown. -c Shows the statistics of the Network Buffer Cache. The Network Buffer Cache is a list of network buffers which contains data objects that can be transmitted to networks. The Network Buffer Cache grows dynamically as data objects are added to or removed from it. The Network Buffer Cache is used by some network kernel interfaces for performance enhancement on the network I/O. The netstat -c command prints the following statistic: Network Buffer Cache Statistics: Current total cache buffer size: 0 Maximum total cache buffer size: 0 Current total cache data size: 0 Maximum total cache data size: 0 Current number of cache: 0 Maximum number of cache: 0 Number of cache with data: 0 Number of searches in cache: 0 Number of cache hit: 0 Number of cache miss: 0 Number of cache newly added: 0 Number of cache updated: 0 Number of cache removed: 0 Number of successful cache accesses: 0 Number of unsuccessful cache accesses: 0 Number of cache validation: 0 Current total cache data size in private segments: 0 Maximum total cache data size in private segments: 0 Current total number of private segments: 0 Maximum total number of private segments: 0 Current number of free private segments: 0 Current total NBC_NAMED_FILE entries: 0 Maximum total NBC_NAMED_FILE entries: 0 Note: The -c flag is only valid on AIX 4.3.2 and above. -C Shows the routing tables, including the user-configured and current costs of each route. The user-configured cost is set using the -hopcount flag of the route command. The current cost may be different than the user-configured cost if Dead Gateway Detection has changed the cost of the route. -D Shows the number of packets received, transmitted, and dropped in the communications subsystem. Note: In the statistics output, a N/A displayed in a field value indicates the count is not applicable. For the NFS/RPC statistics, the number of incoming packets that pass through RPC are the same packets which pass through NFS, so these numbers are not summed in the NFS/RPC Total field, thus the N/A. NFS has no outgoing packet or outgoing packet drop counters specific to NFS and RPC. Therefore, individual counts have a field value of N/A, and the cumulative count is stored in the NFS/RPC Total field. -f AddressFamily Limits reports of statistics or address control blocks to those items specified by the AddressFamily variable. The following address families are recognized: inet Indicates the AF_INET address family. inet6 Indicates the AF_INET6 address family. ns Indicates the AF_NS address family. unix Indicates the AF_UNIX address family. -i Shows the state of all configured interfaces. See "Interface Display." Note: The collision count for Ethernet interfaces is not supported. -I Interface Shows the state of the configured interface specified by the Interface variable. -m Shows statistics recorded by the memory management routines. -n Shows network addresses as numbers. When this flag is not specified, the netstat command interprets addresses where possible and displays them symbolically. This flag can be used with any of the display formats. -p Protocol Shows statistics about the value specified for the Protocol variable, which is either a well-known name for a protocol or an alias for it. Some protocol names and aliases are listed in the /etc/protocols file. A null response means that there are no numbers to report. The program report of the value specified for the Protocol variable is unknown if there is no statistics routine for it. -P Shows the statistics of the Data Link Provider Interface (DLPI). The netstat -P command prints the following statistic: DLPI statistics: Number of received packets = 0 Number of transmitted packets = 0 Number of received bytes = 0 Number of transmitted bytes = 0 Number of incoming pkts discard = 0 Number of outgoing pkts discard = 0 Number of times no buffers = 0 Number of successful binds = 0 Number of unknown message types = 0 Status of phys level promisc = 0 Status of sap level promisc = 0 Status of multi level promisc = 0 Number of enab_multi addresses = 0 If DLPI is not loaded, it displays: can't find symbol: dl_stats Note: The -P flag is only valid on AIX 4.3.2 and above. -r Shows the routing tables. When used with the -s flag, the -r flag shows routing statistics. See "Routing Table Display." -s Shows statistics for each protocol. -ss Displays all the non-zero protocol statistics and provides a concise display. -u Displays information about domain sockets. -v Shows statistics for CDLI-based communications adapters. This flag causes the netstat command to run the statistics commands for the entstat, tokstat, and fddistat commands. No flags are issued to these device driver commands. See the specific device driver statistics command to obtain descriptions of the statistical output. -Zc Clear network buffer cache statistics. -Zi Clear interface statistics. -Zm Clear network memory allocator statistics. -Zs Clear protocol statistics. To clear statistics for a specific protocol, use -p . For example, to clear TCP statistics, enter netstat -Zs -p tcp. Default Display The default display for active sockets shows the following items: o Local and remote addresses o Send and receive queue sizes (in bytes) o Protocol o Internal state of the protocol Internet address formats are of the form host.port or network.port if a socket's address specifies a network but no specific host address. The host address is displayed symbolically if the address can be resolved to a symbolic host name, while network addresses are displayed symbolically according to the /etc/networks file. NS addresses are 12-byte quantities, consisting of a 4-byte network number, a 6-byte host number and a 2-byte port number, all stored in network standard format. For VAX architecture, these are word and byte reversed; for the Sun systems, they are not reversed. If a symbolic name for a host is not known or if the -n flag is used, the address is printed numerically, according to the address family. Unspecified addresses and ports appear as an * (asterisk). Interface Display (netstat -i) The interface display format provides a table of cumulative statistics for the following items: o Errors o Collisions Note: The collision count for Ethernet interfaces is not supported. o Packets transferred The interface display also provides the interface name, number, and address as well as the maximum transmission units (MTUs). Routing Table Display (netstat -r) The routing table display indicates the available routes and their statuses. Each route consists of a destination host or network and a gateway to use in forwarding packets. A route is given in the format A.B.C.D/XX, which presents two pieces of information. A.B.C.D indicates the destination address and XX indicates the netmask associated with the route. The netmask is represented by the number of bits set. For example, the route 9.3.252.192/26 has a netmask of 255.255.255.192, which has 26 bits set. The routing table contains the following ten fields: Flags The flags field of the routing table shows the state of the route: A An Active Dead Gateway Detection is enabled on the route. This field only applies to AIX 5.1 or later. U Up. H The route is to a host rather than to a network. G The route is to a gateway. D The route was created dynamically by a redirect. M The route has been modified by a redirect. L The link-level address is present in the route entry. c Access to this route creates a cloned route. This field only applies to AIX 4.2.1 or later. W The route is a cloned route. This field only applies to AIX 4.2.1 or later. 1 Protocol specific routing flag #1. 2 Protocol specific routing flag #2. 3 Protocol specific routing flag #3. b The route represents a broadcast address. e Has a binding cache entry. l The route represents a local address. m The route represents a multicast address. P Pinned route. R Host or net unreachable. S Manually added. u Route usable. Direct routes are created for each interface attached to the local host. Gateway The gateway field for these entries shows the address of the outgoing interface. Refs Gives the current number of active uses for the route. Connection-oriented protocols hold on to a single route for the duration of a connection, while connectionless protocols obtain a route while sending to the same destination. Use Provides a count of the number of packets sent using that route. PMTU Gives the Path Maximum Transfer Unit (PMTU). This field only applies to AIX 4.2.1 or later. Interface Indicates the network interfaces utilized for the route. Exp Displays the time (in minutes) remaining before the route expires. This field only applies to AIX 4.2.1 or later. Groups Provides a list of group IDs associated with that route. This field only applies to AIX 4.2.1 or later. Netmasks Lists the netmasks applied on the system. Route Tree for Protocol Family Specifies the active address families for existing routes. Supported values for this field are: 1 Specifies the UNIX address family. 2 Specifies the Internet address family (for example, TCP and UDP). 6 Specifies the Xerox Network System (XNS) address family. For more information on other address families, refer to the /usr/include/sys/socket.h file. When a value is specified for the Interval parameter, the netstat command displays a running count of statistics related to network interfaces. This display contains two columns: a column for the primary interface (the first interface found during autoconfiguration) and a column summarizing information for all interfaces. The primary interface may be replaced with another interface by using the -I flag. The first line of each screen of information contains a summary of statistics accumulated since the system was last restarted. The subsequent lines of output show values accumulated over intervals of the specified length. Inet Examples 1. To display routing table information for an Internet interface, enter: netstat -r -f inet This produces the following output: Routing tables Destination Gateway Flags Refs Use PMTU If Exp Groups Netmasks: (root node) (0)0 ffff f000 0 (0)0 ffff f000 0 (0)0 8123 262f 0 0 0 0 0 (root node) Route Tree for Protocol Family 2: (root node) default 129.35.38.47 UG 0 564 - tr0 - loopback 127.0.0.1 UH 1 202 - lo0 - 129.35.32 129.35.41.172 U 4 30 - tr0 - +staff 129.35.32.117 129.35.41.172 UGHW 0 13 1492 tr0 30 192.100.61 192.100.61.11 U 1 195 - en0 - (root node) Route Tree for Protocol Family 6: (root node) (root node) The -r -f inet flags indicate a request for routing table information for all configured Internet interfaces. The network interfaces are listed in the Interface column; en designates a Standard Ethernet interface, while tr specifies a Token-Ring interface. Gateway addresses are in dotted decimal format. 2. To display interface information for an Internet interface, enter: netstat -i -f inet This produces the following output if you are using AIX 4.2: Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll lo0 1536 4 0 4 0 0 lo0 1536 127 loopback 4 0 4 0 0 en0 1500 96 0 67 0 0 en0 1500 192.100.61 nullarbor 96 0 67 0 0 tr0 1500 44802 0 11134 0 0 tr0 1500 129.35.32 stnullarb 44802 0 11134 0 0 This produces the following output if you are using AIX 4.3: Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll lo0 16896 Link#1 5161 0 5193 0 0 lo0 16896 127 localhost 5161 0 5193 0 0 lo0 16896 ::1 5161 0 5193 0 0 en1 1500 Link#2 8.0.38.22.8.34 221240 0 100284 0 0 en1 1500 129.183.64 infoserv.frec.bul 221240 0 100284 0 0 The -i -f inet flags indicate a request for the status of all configured Internet interfaces. The network interfaces are listed in the Name column; lo designates a loopback interface, en designates a Standard Ethernet interface, while tr specifies a Token-Ring interface. 3. To display statistics for each protocol, enter: netstat -s -f inet This produces the following output: ip: : 44485 total packets received 0 bad header checksums 0 with size smaller than minimum 0 with data size < data length 0 with header length < data size 0 with data length < header length 0 with bad options 0 with incorrect version number 0 fragments received 0 fragments dropped (dup or out of space) 0 fragments dropped after timeout 0 packets reassembled ok 44485 packets for this host 0 packets for unknown/unsupported protocol 0 packets forwarded 0 packets not forwardable 0 redirects sent 1506 packets sent from this host 0 packets sent with fabricated ip header 0 output packets dropped due to no bufs, etc. 0 output packets discarded due to no route 0 output datagrams fragmented 0 fragments created 0 datagrams that can't be fragmented 0 IP Multicast packets dropped due to no receiver 0 successful path MTU discovery cycles 0 path MTU rediscovery cycles attempted 0 path MTU discovery no-response estimates 0 path MTU discovery response timeouts 0 path MTU discovery decreases detected 0 path MTU discovery packets sent 0 path MTU discovery memory allocation failures 0 ipintrq overflows icmp: 0 calls to icmp_error 0 errors not generated 'cuz old message was icmp Output histogram: echo reply: 6 0 messages with bad code fields 0 messages < minimum length 0 bad checksums 0 messages with bad length Input histogram: echo: 19 6 message responses generated igmp:defect 0 messages received 0 messages received with too few bytes 0 messages received with bad checksum 0 membership queries received 0 membership queries received with invalid field(s) 0 membership reports received 0 membership reports received with invalid field(s) 0 membership reports received for groups to which we belong 0 membership reports sent tcp: 1393 packets sent 857 data packets (135315 bytes) 0 data packets (0 bytes) retransmitted 367 URG only packets 0 URG only packets 0 window probe packets 0 window update packets 170 control packets 1580 packets received 790 acks (for 135491 bytes) 60 duplicate acks 0 acks for unsent data 638 packets (2064 bytes) received in-sequence 0 completely duplicate packets (0 bytes) 0 packets with some dup. data (0 bytes duped) 117 out-of-order packets (0 bytes) 0 packets (0 bytes) of data after window 0 window probes 60 window update packets 0 packets received after close 0 discarded for bad checksums 0 discarded for bad header offset fields 0 connection request 58 connection requests 61 connection accepts 118 connections established (including accepts) 121 connections closed (including 0 drops) 0 embryonic connections dropped 845 segments updated rtt (of 847 attempts) 0 resends due to path MTU discovery 0 path MTU discovery terminations due to retransmits 0 retransmit timeouts 0 connections dropped by rexmit timeout 0 persist timeouts 0 keepalive timeouts 0 keepalive probes sent 0 connections dropped by keepalive udp: 42886 datagrams received : 0 incomplete headers 0 bad data length fields 0 bad checksums 0 dropped due to no socket 42860 broadcast/multicast datagrams dropped due to no socket 0 socket buffer overflows 26 delivered 106 datagrams output ip specifies the Internet Protocol; icmp specifies the Information Control Message Protocol; tcp specifies the Transmission Control Protocol; udp specifies the User Datagram Protocol. 4. To display device driver statistics, enter: netstat -v The netstat -v command displays the statistics for each CDLI-based device driver that is up. To see sample output for this command, see the tokstat command, the entstat command, or the fddistat command. 5. To display information regarding an interface for which multicast is enabled, and to see group membership, enter: netstat -a -I interface For example, if an 802.3 interface was specified, the following output will be produced: Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll et0 1492 0 0 2 0 0 et0 1492 9.4.37 hun-eth 0 0 2 0 0 224.0.0.1 02:60:8c:0a:02:e7 01:00:5e:00:00:01 If instead of -I interface the flag -i is given, then all configured interfaces will be listed. The network interfaces are listed in the Name column; lo designates a loopback interface, et designates an IEEE 802.3 interface, tr designates a Token-Ring interface, while fi specifies an FDDI interface. The address column has the following meaning. A symbolic name for each interface is shown. Below this symbolic name, the group addresses of any multicast groups which have been joined on that interface are shown. Group address 224.0.0.1 is the special all-hosts-group to which all multicast interfaces belong. The MAC address of the interface (in colon notation) follows the group addresses, plus a list of any other MAC level addresses which are enabled on behalf of IP Multicast for the particular interface. 6. To display the packet counts in the communication subsystem, enter: netstat -D The following output will be produced: Source Ipkts Opkts Idrops Odrops - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tok_dev0 720 542 0 0 ent_dev0 114 4 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - Devices Total 834 546 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tok_dd0 720 542 0 0 ent_dd0 114 4 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - Drivers Total 834 546 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tok_dmx0 720 N/A 0 N/A ent_dmx0 114 N/A 0 N/A - - - - - - - - - - - - - - - - - - - - - - - - - Demuxer Total 834 N/A 0 N/A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IP 773 767 0 0 TCP 536 399 0 0 UDP 229 93 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - Protocols Total 1538 1259 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - lo_if0 69 69 0 0 en_if0 22 8 0 0 tr_if0 704 543 0 1 - - - - - - - - - - - - - - - - - - - - - - - - - Net IF Total 795 620 0 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NFS/RPC Client 519 N/A 0 N/A NFS/RPC Server 0 N/A 0 N/A NFS Client 519 N/A 0 N/A NFS Server 0 N/A 0 N/A - - - - - - - - - - - - - - - - - - - - - - - - - NFS/RPC Total N/A 519 0 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Note: N/A -> Not Applicable) Xerox Network System (XNS) Examples 1. To display network information for an XNS interface, enter: netstat -i -f ns This produces the following output: Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll en1 1500 ns:6EH 2608C2EA9F7H 281 0 3055 0 0 et1 1492 ns:78H 2608C2EA9F7H 44 0 3043 0 0 nsip0 1536 ns:1H 2608C2EA9F7H 0 0 0 0 0 The -i -f ns flags indicate a request for the status of all configured XNS interfaces. The network interfaces are listed in the Name column; en designates a Standard Ethernet interface, while et specifies an IEEE 802.3 Ethernet interface. The ns: in the Network column designates the XNS family address. All network and address numbers are in hexadecimal with the letter H appended to the end of the number. The nsip0 is the Internet encapsulated XNS packet. The Internet destination address used for encapsulation is specified in the ipdst field in the ifconfig command. 2. To display routing table information for an XNS interface, enter: netstat -r -f ns This produces the following output: Routing tables Destination Gateway Flags Refcnt Use Interface Route Tree for Protocol Family 6: (root node) 1H.2608C2EA394H 1H.2608C2EA9F7H UH 1 0 nsip0 18H.* 78H.2608C2EA9F7H UG 0 0 et1 6EH.* 6EH.2608C2EA9F7H U 1 0 en1 78H.* 78H.2608C2EA9F7H U 1 0 et1 (root node) The -r -f ns flags indicate a request for routing table information for all configured XNS interfaces. The network interfaces are listed in the Interface column; en designates a Standard Ethernet interface, while et specifies an IEEE 802.3 Ethernet interface. The nsip0 in the Interface column designates an XNS to Internet encapsulation interface. All Destination and Gateway address numbers are in hexadecimal with the letter H appended to the end of the number. The * (asterisk) in the Destination column indicates the network is not a point-to-point network. Related Information The atmstat command, entstat command, fddistat command, iostat command, tokstat command, trpt command, vmstat command. The hosts file format, networks file format, protocols file format, services file format. Monitoring and Tuning Communications I/O in AIX 5L Version 5.1 Performance Management Guide. Gateways, Naming, TCP/IP Addressing, TCP/IP Network Interfaces, TCP/IP Protocols, and TCP/IP Routing in AIX 5L Version 5.1 System Management Guide: Communications and Networks. Xerox Network Systems (XNS) Overview for Programming in AIX 5L Version 5.1 Communications Programming Concepts. -------------------------------------------------------------------------------