Monitoring Network Status With the netstat Command
The netstat command generates displays that show network status and protocol statistics. You
can display the status of TCP, SCTP, and UDP endpoints in table format.
You can also display routing table information and interface information.
The netstat command displays various types of network data, depending on the selected
command-line option. These displays are the most useful for system administration. The basic
syntax for netstat follows:
netstat [-m] [-n] [-s] [-i | -r] [-faddress-family]
This section describes the most commonly used options of the netstat command.
For a detailed description of all netstat options, refer to the netstat(1M) man page.
How to Display Statistics by Protocol
The netstat -s option displays protocol statistics for the UDP, TCP, SCTP, ICMP,
and IP protocols.
Note - You can us your Solaris user account to obtain output from the
netstat command.
- Display the protocol status.
$ netstat -s
Example 8-5 Network Protocol Statistics
The following example shows the output of the netstat -s command. Parts
of the output have been truncated. The output can indicate areas where a
protocol is having problems. For example, statistical information from ICMPv4 and ICMPv6 can
indicate where the ICMP protocol has found errors.
RAWIP
rawipInDatagrams = 4701 rawipInErrors = 0
rawipInCksumErrs = 0 rawipOutDatagrams = 4
rawipOutErrors = 0
UDP
udpInDatagrams = 10091 udpInErrors = 0
udpOutDatagrams = 15772 udpOutErrors = 0
TCP tcpRtoAlgorithm = 4 tcpRtoMin = 400
tcpRtoMax = 60000 tcpMaxConn = -1
.
.
tcpListenDrop = 0 tcpListenDropQ0 = 0
tcpHalfOpenDrop = 0 tcpOutSackRetrans = 0
IPv4 ipForwarding = 2 ipDefaultTTL = 255
ipInReceives =300182 ipInHdrErrors = 0
ipInAddrErrors = 0 ipInCksumErrs = 0
.
.
ipsecInFailed = 0 ipInIPv6 = 0
ipOutIPv6 = 3 ipOutSwitchIPv6 = 0
IPv6 ipv6Forwarding = 2 ipv6DefaultHopLimit = 255
ipv6InReceives = 13986 ipv6InHdrErrors = 0
ipv6InTooBigErrors = 0 ipv6InNoRoutes = 0
.
.
rawipInOverflows = 0 ipv6InIPv4 = 0
ipv6OutIPv4 = 0 ipv6OutSwitchIPv4 = 0
ICMPv4 icmpInMsgs = 43593 icmpInErrors = 0
icmpInCksumErrs = 0 icmpInUnknowns = 0
.
.
icmpInOverflows = 0
ICMPv6 icmp6InMsgs = 13612 icmp6InErrors = 0
icmp6InDestUnreachs = 0 icmp6InAdminProhibs = 0
.
.
icmp6OutGroupQueries= 0 icmp6OutGroupResps = 2
icmp6OutGroupReds = 0
IGMP:
12287 messages received
0 messages received with too few bytes
0 messages received with bad checksum
12287 membership queries received
SCTP sctpRtoAlgorithm = vanj
sctpRtoMin = 1000
sctpRtoMax = 60000
sctpRtoInitial = 3000
sctpTimHearBeatProbe = 2
sctpTimHearBeatDrop = 0
sctpListenDrop = 0
sctpInClosed = 0
How to Display the Status of Transport Protocols
You can display the status of the transport protocols through the netstat
command. For detailed information, refer to the netstat(1M) man page.
- Display the status of the TCP and SCTP transport protocols on a system.
$ netstat
- Display the status of a particular transport protocol on a system.
$ netstat -P transport-protocol
Values for the transport-protocol variable are tcp, sctp, or udp.
Example 8-6 Displaying the Status of the TCP and SCTP Transport Protocols
This example shows the output of the basic netstat command. Note that IPv4-only
information is displayed.
$ netstat
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
----------------- -------------------- ----- ------ ----- ------ -------
lhost-1.login abc.def.local.Sun.COM.980 49640 0 49640 0 ESTABLISHED
lhost-1.login ghi.jkl.local.Sun.COM.1020 49640 1 49640 0 ESTABLISHED
remhost-1.1014 mno.pqr.remote.Sun.COM.nfsd 49640 0 49640 0 TIME_WAIT
SCTP:
Local Address Remote Address Swind Send-Q Rwind Recv-Q StrsI/O State
---------------- -------------- ----- ------ ------ ------ ------ -------
*.echo 0.0.0.0 0 0 102400 0 128/1 LISTEN
*.discard 0.0.0.0 0 0 102400 0 128/1 LISTEN
*.9001 0.0.0.0 0 0 102400 0 128/1 LISTEN
Example 8-7 Displaying the Status of a Particular Transport Protocol
This example shows the results when you specify the -P option of netstat.
$ netstat -P tcp
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
----------------- -------------------- ----- ------ ----- ------ -------
lhost-1.login abc.def.local.Sun.COM.980 49640 0 49640 0 ESTABLISHED
lhost.login ghi.jkl.local.Sun.COM.1020 49640 1 49640 0 ESTABLISHED
remhost.1014 mno.pqr.remote.Sun.COM.nfsd 49640 0 49640 0 TIME_WAIT
TCP: IPv6
Local Address Remote Address Swind Send-Q Rwind Recv-Q State If
---------------- ---------------------- ------ ----- ------ ----------- -----
localhost.38983 localhost.32777 49152 0 49152 0 ESTABLISHED
localhost.32777 localhost.38983 49152 0 49152 0 ESTABLISHED
localhost.38986 localhost.38980 49152 0 49152 0 ESTABLISHED
How to Display Network Interface Status
The i option of the netstat command shows the state of the network
interfaces that are configured on the local system. With this option, you can
determine the number of packets a system transmits and receives on each network.
- Display the status of interfaces on the network.
$ netstat -i
Example 8-8 Network Interface Status Display
The next example shows the status of IPv4 and IPv6 packet flow
through the host's interfaces.
For example, the input packet count (Ipkts) that is displayed for a server
can increase each time a client tries to boot, while the output packet
count (Opkts) remains steady. This outcome suggests that the server is seeing the
boot request packets from the client. However, the server does not know to
respond to them. This confusion might be caused by an incorrect address in
the hosts, or ethers database.
However, if the input packet count is steady over time, then the
machine does not see the packets at all. This outcome suggests a different
type of failure, possibly a hardware problem.
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
lo0 8232 loopback localhost 142 0 142 0 0 0
hme0 1500 host58 host58 1106302 0 52419 0 0 0
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis
lo0 8252 localhost localhost 142 0 142 0 0
hme0 1500 fe80::a00:20ff:feb9:4c54/10 fe80::a00:20ff:feb9:4c54 1106305 0 52422 0 0
How to Display the Status of Sockets
The -a option of the netstat command enables you to view the status
of sockets on the local host.
Example 8-9 Displaying All Sockets and Routing Table Entries
The output of the netstat -a command shows extensive statistics. The following example
shows portions of typical netstat -a output.
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- -------
*.bootpc Idle
host85.bootpc Idle
*.* Unbound
*.* Unbound
*.sunrpc Idle
*.* Unbound
*.32771 Idle
*.sunrpc Idle
*.* Unbound
*.32775 Idle
*.time Idle
.
.
*.daytime Idle
*.echo Idle
*.discard Idle
UDP: IPv6
Local Address Remote Address State If
--------------------------------- --------------------------------- ---------- -----
*.* Unbound
*.* Unbound
*.sunrpc Idle
*.* Unbound
*.32771 Idle
*.32778 Idle
*.syslog Idle
.
.
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
*.* *.* 0 0 49152 0 IDLE
localhost.4999 *.* 0 0 49152 0 LISTEN
*.sunrpc *.* 0 0 49152 0 LISTEN
*.* *.* 0 0 49152 0 IDLE
*.sunrpc *.* 0 0 49152 0 LISTEN
.
.
*.printer *.* 0 0 49152 0 LISTEN
*.time *.* 0 0 49152 0 LISTEN
*.daytime *.* 0 0 49152 0 LISTEN
*.echo *.* 0 0 49152 0 LISTEN
*.discard *.* 0 0 49152 0 LISTEN
*.chargen *.* 0 0 49152 0 LISTEN
*.shell *.* 0 0 49152 0 LISTEN
*.shell *.* 0 0 49152 0 LISTEN
*.kshell *.* 0 0 49152 0 LISTEN
*.login
.
.
*.* 0 0 49152 0 LISTEN
*TCP: IPv6
Local Address Remote Address Swind Send-Q Rwind Recv-Q State If
----------------------- ----------------------- ----- ------ ----- ------ ----
*.* *.* 0 0 49152 0 IDLE
*.sunrpc *.* 0 0 49152 0 LISTEN
*.* *.* 0 0 49152 0 IDLE
*.32774 *.* 0 0 49152
How to Display the Status of Transmissions for Packets of a Specific Address Type
Use the -f option of the netstat command to view statistics related to
packet transmissions of a particular address family.
- View statistics for transmissions of either IPv4 or IPv6 packets.
$ netstat -f inet | inet6
To view IPv4 transmission information, type inet as the argument to netstat -f. Use
inet6 as the argument to netstat -f to view IPv6 information.
Example 8-10 Status of IPv4 Packet Transmission
The following example shows output from the netstat -f inet command.
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
host58.734 host19.nfsd 49640 0 49640 0 ESTABLISHED
host58.38063 host19.32782 49640 0 49640 0 CLOSE_WAIT
host58.38146 host41.43601 49640 0 49640 0 ESTABLISHED
host58.996 remote-host.login 49640 0 49206 0 ESTABLISHED
Example 8-11 Status of IPv6 Packet Transmission
The following example shows output from the netstat -f inet6 command.
TCP: IPv6
Local Address Remote Address Swind Send-Q Rwind Recv-Q State If
------------------ ------------------------- ----- ------ ----- ------ --------- -----
localhost.38065 localhost.32792 49152 0 49152 0 ESTABLISHED
localhost.32792 localhost.38065 49152 0 49152 0 ESTABLISHED
localhost.38089 localhost.38057 49152 0 49152 0 ESTABLISHED
How to Display the Status of Known Routes
The -r option of the netstat command displays the routing table for the
local host. This table shows the status of all routes that the host
knows about. You can run this option of netstat from your user
account.
- Display the IP routing table.
$ netstat -r
Example 8-12 Routing Table Output by the
netstat Command
The following example shows output from the netstat -r command.
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
host15 myhost U 1 31059 hme0
10.0.0.14 myhost U 1 0 hme0
default distantrouter UG 1 2 hme0
localhost localhost UH 42019361 lo0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------ -----
2002:0a00:3010:2::/64 2002:0a00:3010:2:1b2b:3c4c:5e6e:abcd U 1 0 hme0:1
fe80::/10 fe80::1a2b:3c4d:5e6f:12a2 U 1 23 hme0
ff00::/8 fe80::1a2b:3c4d:5e6f:12a2 U 1 0 hme0
default fe80::1a2b:3c4d:5e6f:12a2 UG 1 0 hme0
localhost localhost UH 9 21832 lo0
Parameter |
Description |
|---|
Destination Destination/Mask |
Specifies the host
that is the destination endpoint of the route. Note that the IPv6 routing
table shows the prefix for a 6to4 tunnel endpoint (2002:0a00:3010:2::/64) as the
route destination endpoint. |
Gateway |
Specifies the gateway to use for forwarding packets. |
Flags |
Indicates the current
status of the route. The U flag indicates that the route is up.
The G flag indicates that the route is to a gateway. |
Use |
Shows the
number of packets sent. |
Interface |
Indicates the particular interface on the local host that
is the source endpoint of the transmission. |
