netstat Command
Purpose
Shows network status.
Syntax
To Display Active Sockets for Each Protocol or Routing Table Information
/bin/netstat [ -n ] [ { -A -a -o } | { -r -C -i -I Interface } ] [ -f AddressFamily ] [ -p Protocol ] [ Interval ]
To Display the Contents of a Network Data Structure
/bin/netstat [ -m | -M | -s | -ss | -u | -v ] [ -f AddressFamily ] [ -p Protocol ] [ Interval ]
To Display the Virtual Interface Table and Multicast Forwarding Cache
/bin/netstat -g
To Display the Packet Counts Throughout the Communications Subsystem
/bin/netstat -D
To Display the Network Buffer Cache Statistics
/bin/netstat -c
To Display the Data Link Provider Interface Statistics
/bin/netstat -P
To Clear the Associated Statistics
/bin/netstat [ -Zc | -Zi | -Zm | -Zs ]
Description
The netstat command symbolically displays the contents of various network-related data structures for active connections. The Interval parameter,
specified in seconds, continuously displays information regarding packet traffic on the configured network interfaces. The Interval parameter takes
no flags.
Flags
-A
Shows the address of any protocol control blocks associated with the sockets. This flag acts with the default display and is used for debugging
purposes.
-a
Shows the state of all sockets. Without this flag, sockets used by server processes are not shown.
-c
Shows the statistics of the Network Buffer Cache.
The Network Buffer Cache is a list of network buffers that contain data objects that can be transmitted to networks. The Network Buffer Cache
grows dynamically as data objects are added to or removed from it. The Network Buffer Cache is used by some network kernel interfaces for
performance enhancement on the network I/O. The netstat -c command prints the following statistic:
Network Buffer Cache Statistics:
Current total cache buffer size: 0
Maximum total cache buffer size: 0
Current total cache data size: 0
Maximum total cache data size: 0
Current number of cache: 0
Maximum number of cache: 0
Number of cache with data: 0
Number of searches in cache: 0
Number of cache hit: 0
Number of cache miss: 0
Number of cache newly added: 0
Number of cache updated: 0
Number of cache removed: 0
Number of successful cache accesses: 0
Number of unsuccessful cache accesses: 0
Number of cache validation: 0
Current total cache data size in private segments: 0
Maximum total cache data size in private segments: 0
Current total number of private segments: 0
Maximum total number of private segments: 0
Current number of free private segments: 0
Current total NBC_NAMED_FILE entries: 0
Maximum total NBC_NAMED_FILE entries: 0
-C
Shows the routing tables, including the user-configured and current costs of each route. The user-configured cost is set using the -hopcount
flag of the route command. The current cost may be different than the user-configured cost if Dead Gateway Detection has changed the cost of
the route.
In addition to the costs of the route, it also shows the weight and policy information associated with each route. These fields are applicable
only when the Multipath Routing Feature is used. The policy information displays the routing policy that has been currently selected to choose
between the multiple routes available. The policies available are:
* Default - Weighted Round Robin (WRR)
* Hashed (HSH)
* Random (RND)
* Weighted Random (WRND)
* Lowest Utilization (LUT)
The weight field is a user-configured weight associated with the route that will be used for Weighted Round-Robin and Weighted Random Policies.
For more information about these policies, see the no command.
-D
Shows the number of packets received, transmitted, and dropped in the communications subsystem. Note: In the statistics output, a N/A displayed
in a field value indicates the count is not applicable. For the NFS/RPC statistics, the number of incoming packets that pass through RPC are
the same packets that pass through NFS, so these numbers are not summed in the NFS/RPC Total field, thus the N/A. NFS has no outgoing packet or
outgoing packet drop counters specific to NFS and RPC. Therefore, individual counts have a field value of N/A, and the cumulative count is
stored in the NFS/RPC Total field.
-f AddressFamily
Limits reports of statistics or address control blocks to those items specified by the AddressFamily variable. The following address families
are recognized:
inet
Indicates the AF_INET address family.
inet6
Indicates the AF_INET6 address family.
unix
Indicates the AF_UNIX address family.
-g
Shows Virtual Interface Table and Multicast Forwarding Cache information. If used in conjunction with the -s flag, it will show the multicast
routing information.
-i
Shows the state of all configured interfaces. See "Interface Display." Note: The collision count for Ethernet interfaces is not supported.
-I Interface
Shows the state of the configured interface specified by the Interface variable.
-M
Shows network memory's mbuf cluster pool statistics.
-m
Shows statistics recorded by the memory management routines.
-n
Shows network addresses as numbers. When this flag is not specified, the netstat command interprets addresses where possible and displays them
symbolically. This flag can be used with any of the display formats.
-o
Used in conjunction with the -a flag to display detailed data about a socket, such as socket options, flags, and buffer statistics.
-p Protocol
Shows statistics about the value specified for the Protocol variable, which is either a well-known name for a protocol or an alias for it. Some
protocol names and aliases are listed in the /etc/protocols file. A null response means that there are no numbers to report. The program report
of the value specified for the Protocol variable is unknown if there is no statistics routine for it.
-P
Shows the statistics of the Data Link Provider Interface (DLPI). The netstat -P command prints the following statistic:
DLPI statistics:
Number of received packets = 0
Number of transmitted packets = 0
Number of received bytes = 0
Number of transmitted bytes = 0
Number of incoming pkts discard = 0
Number of outgoing pkts discard = 0
Number of times no buffers = 0
Number of successful binds = 0
Number of unknown message types = 0
Status of phys level promisc = 0
Status of sap level promisc = 0
Status of multi level promisc = 0
Number of enab_multi addresses = 0
If DLPI is not loaded, it displays:
can't find symbol: dl_stats
-r
Shows the routing tables. When used with the -s flag, the -r flag shows routing statistics. See "Routing Table Display."
-s
Shows statistics for each protocol.
-ss
Displays all the non-zero protocol statistics and provides a concise display.
-u
Displays information about domain sockets.
-v
Shows statistics for CDLI-based communications adapters. This flag causes the netstat command to run the statistics commands for the entstat,
tokstat, and fddistat commands. No flags are issued to these device driver commands. See the specific device driver statistics command to
obtain descriptions of the statistical output.
-Zc
Clear network buffer cache statistics.
-Zi
Clear interface statistics.
-Zm
Clear network memory allocator statistics.
-Zs
Clear protocol statistics. To clear statistics for a specific protocol, use -p <protocol>. For example, to clear TCP statistics, type netstat
-Zs -p tcp.
Default Display
The default display for active sockets shows the following items:
* Local and remote addresses
* Send and receive queue sizes (in bytes)
* Protocol
* Internal state of the protocol
Internet address formats are of the form host.port or network.port if a socket's address specifies a network but no specific host address. The host
address is displayed symbolically if the address can be resolved to a symbolic host name, while network addresses are displayed symbolically
according to the /etc/networks file.
If a symbolic name for a host is not known or if the -n flag is used, the address is printed numerically, according to the address family.
Unspecified addresses and ports appear as an * (asterisk).
Interface Display (netstat -i)
The interface display format provides a table of cumulative statistics for the following items:
* Errors
* Collisions Note: The collision count for Ethernet interfaces is not supported.
* Packets transferred
The interface display also provides the interface name, number, and address as well as the maximum transmission units (MTUs).
Routing Table Display (netstat -r)
The routing table display indicates the available routes and their statuses. Each route consists of a destination host or network and a gateway to
use in forwarding packets.
A route is given in the format A.B.C.D/XX, which presents two pieces of information. A.B.C.D indicates the destination address and XX indicates the
netmask associated with the route. The netmask is represented by the number of bits set. For example, the route 9.3.252.192/26 has a netmask of
255.255.255.192, which has 26 bits set.
The routing table contains the following ten fields:
Flags
The flags field of the routing table shows the state of the route:
A
An Active Dead Gateway Detection is enabled on the route. This field only applies to AIX 5.1 or later.
U
Up.
H
The route is to a host rather than to a network.
G
The route is to a gateway.
D
The route was created dynamically by a redirect.
M
The route has been modified by a redirect.
L
The link-level address is present in the route entry.
c
Access to this route creates a cloned route.
W
The route is a cloned route.
1
Protocol specific routing flag #1.
2
Protocol specific routing flag #2.
3
Protocol specific routing flag #3.
b
The route represents a broadcast address.
e
Has a binding cache entry.
l
The route represents a local address.
m
The route represents a multicast address.
P
Pinned route.
R
Host or net unreachable.
S
Manually added.
u
Route usable.
s
The Group Routing stopsearch option is enabled on the route.
Direct routes are created for each interface attached to the local host.
Gateway
The gateway field for these entries shows the address of the outgoing interface.
Refs
Gives the current number of active uses for the route. Connection-oriented protocols hold on to a single route for the duration of a
connection, while connectionless protocols obtain a route while sending to the same destination.
Use
Provides a count of the number of packets sent using that route.
PMTU
Gives the Path Maximum Transfer Unit (PMTU). AIX 5.3 does not display the PMTU column.
Interface
Indicates the network interfaces utilized for the route.
Exp
Displays the time (in minutes) remaining before the route expires.
Groups
Provides a list of group IDs associated with that route.
Netmasks
Lists the netmasks applied on the system.
Route Tree for
Protocol Family
Specifies the active address families for existing routes. Supported values for this field are:
1
Specifies the UNIX address family.
2
Specifies the Internet address family (for example, TCP and UDP).
For more information on other address families, refer to the /usr/include/sys/socket.h file.
When a value is specified for the Interval parameter, the netstat command displays a running count of statistics related to network interfaces. This
display contains two columns: a column for the primary interface (the first interface found during autoconfiguration) and a column summarizing
information for all interfaces.
The primary interface may be replaced with another interface by using the -I flag. The first line of each screen of information contains a summary
of statistics accumulated since the system was last restarted. The subsequent lines of output show values accumulated over intervals of the
specified length.
Examples
1 To display routing table information for an Internet interface, type:
netstat -r -f inet
This produces the following output:
Routing tables
Destination Gateway Flags Refs Use PMTU If Exp Groups Netmasks:
(root node)
(0)0 ffff f000 0
(0)0 ffff f000 0
(0)0 8123 262f 0 0 0 0 0
(root node)
Route Tree for Protocol Family 2:
(root node)
default 129.35.38.47 UG 0 564 - tr0 -
loopback 127.0.0.1 UH 1 202 - lo0 -
129.35.32 129.35.41.172 U 4 30 - tr0 - +staff
129.35.32.117 129.35.41.172 UGHW 0 13 1492 tr0 30
192.100.61 192.100.61.11 U 1 195 - en0 -
(root node)
Route Tree for Protocol Family 6:
(root node)
(root node)
The -r -f inet flags indicate a request for routing table information for all configured Internet interfaces. The network interfaces are listed
in the Interface column; en designates a Standard Ethernet interface, while tr specifies a Token-Ring interface. Gateway addresses are in
dotted decimal format. Note: AIX 5.3 does not display the PMTU column.
2 To display statistics for GRE Protocol, type:
netstat -s -p gre
This produces the following output:
GRE Interface gre0
10 number of times gre_input got called
8 number of times gre_output got called
0 packets received with protocol not supported
0 packets received with checksum on
0 packets received with routing present
0 packets received with key present
0 packets received with sequence number present
0 packets received with strict source route present
0 packets received with recursion control present
0 packets received where reserved0 non-zero
0 packets received where version non-zero
0 packets discarded
0 packets dropped due to network down
0 packets dropped due to protocol not supported
0 packets dropped due to error in ip output routine
0 packets got by NAT
0 packets got by NAT but not TCP packet
0 packets got by NAT but with IP options
3 To display interface information for an Internet interface, type:
netstat -i -f inet
This produces the following output if you are using AIX 4.2:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lo0 1536 <Link> 4 0 4 0 0
lo0 1536 127 loopback 4 0 4 0 0
en0 1500 <Link> 96 0 67 0 0
en0 1500 192.100.61 nullarbor 96 0 67 0 0
tr0 1500 <Link> 44802 0 11134 0 0
tr0 1500 129.35.32 stnullarb 44802 0 11134 0 0
This produces the following output if you are using AIX 4.3:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lo0 16896 Link#1 5161 0 5193 0 0
lo0 16896 127 localhost 5161 0 5193 0 0
lo0 16896 ::1 5161 0 5193 0 0
en1 1500 Link#2 8.0.38.22.8.34 221240 0 100284 0 0
en1 1500 129.183.64 infoserv.frec.bul 221240 0 100284 0 0
The -i -f inet flags indicate a request for the status of all configured Internet interfaces. The network interfaces are listed in the Name
column; lo designates a loopback interface, en designates a Standard Ethernet interface, while tr specifies a Token-Ring interface.
4 To display statistics for each protocol, type:
netstat -s -f inet
This produces the following output:
ip:
:
44485 total packets received
0 bad header checksums
0 with size smaller than minimum
0 with data size < data length
0 with header length < data size
0 with data length < header length
0 with bad options
0 with incorrect version number
0 fragments received
0 fragments dropped (dup or out of space)
0 fragments dropped after timeout
0 packets reassembled ok
44485 packets for this host
0 packets for unknown/unsupported protocol
0 packets forwarded
0 packets not forwardable
0 redirects sent
1506 packets sent from this host
0 packets sent with fabricated ip header
0 output packets dropped due to no bufs, etc.
0 output packets discarded due to no route
0 output datagrams fragmented
0 fragments created
0 datagrams that can't be fragmented
0 IP Multicast packets dropped due to no receiver
0 successful path MTU discovery cycles
0 path MTU rediscovery cycles attempted
0 path MTU discovery no-response estimates
0 path MTU discovery response timeouts
0 path MTU discovery decreases detected
0 path MTU discovery packets sent
0 path MTU discovery memory allocation failures
0 ipintrq overflows
icmp:
0 calls to icmp_error
0 errors not generated 'cuz old message was icmp
Output histogram:
echo reply: 6
0 messages with bad code fields
0 messages < minimum length
0 bad checksums
0 messages with bad length
Input histogram:
echo: 19
6 message responses generated
igmp:defect
0 messages received
0 messages received with too few bytes
0 messages received with bad checksum
0 membership queries received
0 membership queries received with invalid field(s)
0 membership reports received
0 membership reports received with invalid field(s)
0 membership reports received for groups to which we belong
0 membership reports sent
tcp:
1393 packets sent
857 data packets (135315 bytes)
0 data packets (0 bytes) retransmitted
367 URG only packets
0 URG only packets
0 window probe packets
0 window update packets
170 control packets
1580 packets received
790 acks (for 135491 bytes)
60 duplicate acks
0 acks for unsent data
638 packets (2064 bytes) received in-sequence
0 completely duplicate packets (0 bytes)
0 packets with some dup. data (0 bytes duped)
117 out-of-order packets (0 bytes)
0 packets (0 bytes) of data after window
0 window probes
60 window update packets
0 packets received after close
0 discarded for bad checksums
0 discarded for bad header offset fields
0 connection request
58 connection requests
61 connection accepts
118 connections established (including accepts)
121 connections closed (including 0 drops)
0 embryonic connections dropped
845 segments updated rtt (of 847 attempts)
0 resends due to path MTU discovery
0 path MTU discovery terminations due to retransmits
0 retransmit timeouts
0 connections dropped by rexmit timeout
0 persist timeouts
0 keepalive timeouts
0 keepalive probes sent
0 connections dropped by keepalive
udp:
42886 datagrams received
:
0 incomplete headers
0 bad data length fields
0 bad checksums
0 dropped due to no socket
42860 broadcast/multicast datagrams dropped due to no
socket
0 socket buffer overflows
26 delivered
106 datagrams output
ip specifies the Internet Protocol; icmp specifies the Information Control Message Protocol; tcp specifies the Transmission Control Protocol;
udp specifies the User Datagram Protocol. Note: AIX 5.3 does not display the PMTU statistics for the IP protocol.
5 To display device driver statistics, type:
netstat -v
The netstat -v command displays the statistics for each CDLI-based device driver that is up. To see sample output for this command, see the
tokstat command, the entstat command, or the fddistat command.
6 To display information regarding an interface for which multicast is enabled, and to see group membership, type:
netstat -a -I interface
For example, if an 802.3 interface was specified, the following output will be produced:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
et0 1492 <Link> 0 0 2 0 0
et0 1492 9.4.37 hun-eth 0 0 2 0 0
224.0.0.1
02:60:8c:0a:02:e7
01:00:5e:00:00:01
If instead of -I interface the flag -i is given, then all configured interfaces will be listed. The network interfaces are listed in the Name
column; lo designates a loopback interface, et designates an IEEE 802.3 interface, tr designates a Token-Ring interface, while fi specifies an
FDDI interface.
The address column has the following meaning. A symbolic name for each interface is shown. Below this symbolic name, the group addresses of any
multicast groups that have been joined on that interface are shown. Group address 224.0.0.1 is the special all-hosts-group to which all
multicast interfaces belong. The MAC address of the interface (in colon notation) follows the group addresses, plus a list of any other MAC
level addresses that are enabled on behalf of IP Multicast for the particular interface.
7 To display the packet counts in the communication subsystem, type:
netstat -D
The following output will be produced:
Source Ipkts Opkts Idrops Odrops
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
tok_dev0 720 542 0 0
ent_dev0 114 4 0 0
- - - - - - - - - - - - - - - - - - - - - - - - -
Devices Total 834 546 0 0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
tok_dd0 720 542 0 0
ent_dd0 114 4 0 0
- - - - - - - - - - - - - - - - - - - - - - - - -
Drivers Total 834 546 0 0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
tok_dmx0 720 N/A 0 N/A
ent_dmx0 114 N/A 0 N/A
- - - - - - - - - - - - - - - - - - - - - - - - -
Demuxer Total 834 N/A 0 N/A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IP 773 767 0 0
TCP 536 399 0 0
UDP 229 93 0 0
- - - - - - - - - - - - - - - - - - - - - - - - -
Protocols Total 1538 1259 0 0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
lo_if0 69 69 0 0
en_if0 22 8 0 0
tr_if0 704 543 0 1
- - - - - - - - - - - - - - - - - - - - - - - - -
Net IF Total 795 620 0 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NFS/RPC Client 519 N/A 0 N/A
NFS/RPC Server 0 N/A 0 N/A
NFS Client 519 N/A 0 N/A
NFS Server 0 N/A 0 N/A
- - - - - - - - - - - - - - - - - - - - - - - - -
NFS/RPC Total N/A 519 0 0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Note: N/A -> Not Applicable)
8 To display detailed data of active sockets, type:
netstat -aon
Output similar to the following is displayed:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 *.13 *.* LISTEN
so_options: (ACCEPTCONN|REUSEADDR)
q0len:0 qlen:0 qlimit:1000 so_state: (PRIV)
timeo:0 uid:0
so_special: (LOCKBALE|MEMCOMPRESS|DISABLE)
so_special2: (PROC)
sndbuf:
hiwat:16384 lowat:4096 mbcnt:0 mbmax:65536
rcvbuf:
hiwat:16384 lowat:1 mbcnt:0 mbmax:65536
sb_flags: (SEL)
TCP:
mss:512
tcp 0 0 *.21 *.* LISTEN
so_options: (ACCEPTCONN|REUSEADDR)
q0len:0 qlen:0 qlimit:1000 so_state: (PRIV)
timeo:0 uid:0
so_special: (LOCKBALE|MEMCOMPRESS|DISABLE)
so_special2: (PROC)
sndbuf:
hiwat:16384 lowat:4096 mbcnt:0 mbmax:65536
rcvbuf:
hiwat:16384 lowat:1 mbcnt:0 mbmax:65536
sb_flags: (SEL)
TCP:
mss:512
...................
...................
9 To display the routing table, type the following:
netstat -rn
Output similar to the following is displayed:
Routing tables
Destination Gateway Flags Refs Use If PMTU Exp Groups
Route Tree for Protocol Family 2 (Internet):
default 9.3.149.65 UG 0 24 en0 - -
9.3.149.64 9.3.149.88 UHSb 0 0 en0 - - =>
9.3.149.64/27 9.3.149.88 U 1 0 en0 - -
9.3.149.88 127.0.0.1 UGHS 0 1 lo0 - -
9.3.149.95 9.3.149.88 UHSb 0 0 en0 - -
127/8 127.0.0.1 U 11 174 lo0 - -
Route Tree for Protocol Family 24 (Internet v6):
::1 ::1 UH 0 0 lo0 - -
Note: AIX 5.3 does not display the PMTU column.
The character => at the end of the line means the line is a duplicate route of the route on the next line.
The loopback route (9.3.149.88, 127.0.0.1) and the broadcast routes (with the flags field containing b indicating broadcast) are automatically
created when an interface is configured. Two broadcast routes are added: one to the subnet address and one to the broadcast address of the
subnet. The presence of the loopback routes and broadcast routes improve performance.
Related Information
The atmstat command, entstat command, fddistat command, iostat command, no command, tokstat command, trpt command, vmstat command.
The hosts file format, networks file format, protocols file format, services file format.
Network performance in Performance management.
TCP/IP routing gateways, Naming, TCP/IP addressing, TCP/IP network interfaces, TCP/IP protocols, and TCP/IP routing in Networks and communication
management.