netstat(1m) 맨 페이지 - 윈디하나의 솔라나라




     netstat - show network status

     netstat [-uanvR] [-f address_family] [-P protocol]

     netstat -g [-nv] [-f address_family]

     netstat -p [-n] [-f address_family]

     netstat -s [-f address_family] [-P protocol]
          [-T u | d ] [interval [count]]

     netstat -m [-T u | d ] [-v] [interval [count]]

     netstat -i [-I interface] [-an] [-f address_family]
          [-T u | d ] [interval [count]]

     netstat -r [-anvR] [-f address_family | filter]

     netstat -M [-ns] [-f address_family]

     netstat -D [-I interface] [-f address_family]

     netstat -d [-f address_family]

     The  netstat  command  displays  the  contents  of   certain
     network-related  data structures in various formats, depend-
     ing on the options you select.

     The netstat command has  the  several  forms  shown  in  the
     SYNOPSIS section, above, listed as follows:

         o    The first form of the  command  (with  no  required
              arguments)  displays  a  list of active sockets for
              each protocol.

         o    The second, third, and fourth forms (-g, -p, and -s
              options)  display  information from various network
              data structures.

         o    The fifth form (-m option) displays STREAMS  memory

         o    The sixth form (-i option) shows the state  of  the

         o    The seventh form (-r option) displays  the  routing

         o    The eighth form (-M option) displays the  multicast
              routing table.

         o    The ninth form (-D option) displays  the  state  of
              DHCP on one or all interfaces.

         o    The tenth form (-d option) displays  the  table  of
              destination cache entries.

     These forms are described in greater detail below.

     With no arguments (the first form),  netstat  displays  con-
     nected  sockets  for  PF_INET, PF_INET6, and PF_UNIX, unless
     modified otherwise by the -f option.

         Show  the  state  of  all  sockets,  all  routing  table
         entries,  or  all interfaces, both physical and logical.
         Normally, listener sockets used by server processes  are
         not  shown. Under most conditions, only interface, host,
         network, and default  routes  are  shown  and  only  the
         status of physical interfaces is shown.

         Show the destination cache entry  table.  See  DISPLAYS,

     -f address_family
         Limit  all  displays   to   those   of   the   specified
         address_family.  The  value of address_family can be one
         of the following:

                  For the AF_INET  address  family  showing  IPv4

                  For the AF_INET6 address  family  showing  IPv6

                  For the AF_UNIX address family.

                  For the Socket Description Protocol (SDP)  pro-
                  tocol  and  address  family.  The address state
                  displayed for an SDP socket are  listed  below.
                  Flags  displayed  by  netstat  are  followed by
                  their meanings.
                    LST Listen
                    EST Established
                    PL  Path Lookup
                    HS  Hello Request Sent
                    HR  Hello Request Received
                    HAR Hello Ack Recvd
                    HAS Hello Ack sent
                    DR  Fin received
                    DS  Fin sent
                    DSA Fin Ack recvd
                    DRC Simultaneous Disconnect
                    DSC Disconnect sent (peer already closed)
                    TW1 Time Wait 1
                    TW2 Time Wait 2
                    CLD Closed
                    ERR Error
                    INV Invalid
                    UNK Unknown
                  For  the  SDP  protocol  and  address   family,
                  netstat displays the following column headings:

                  Local Address
                                    Local IP address

                  Remote Address
                                    Remote IP address

                                    Current state of the socket

                                    Bytes unread

                                    Bytes queued for Tx (includes

                                    Bytes   sent   to   HW    for

                                    Local advertised buffer size

                                    Remote advertised buffer size

                                    Number of local advertised Rx

                                    Number of  remote  advertised
                                    Rx buffers

                                    Number    of    Rx    buffers
                                    currently posted

     -f filter
         With -r only, limit  the  display  of  routes  to  those
         matching the specified filter. A filter rule consists of
         a keyword:value pair. The known keywords and  the  value
         syntax are:

             Selects an address family. This is identical  to  -f
             address_family and both syntaxes are supported.

             Selects an output interface.  You  can  specify  the
             interface  by  name  (such  as  hme0)  or by ifIndex
             number (for example, 2). If any is used, the  filter
             matches  all  routes  having  a  specified interface
             (anything other than null). If  none  is  used,  the
             filter  matches  all routes having a null interface.
             Note that you can view the  index  number  (ifIndex)
             for an interface with the -a option of ifconfig(1M).

             Selects a destination IP address. If specified  with
             a  mask  length,  then  any  routes with matching or
             longer (more specific) masks are selected. If any is
             used,  then all but addresses but 0 are selected. If
             none is used, then address 0 is selected.

         flags:[+ -]?[ABDGHLMSU]+
             Selects routes tagged with the specified  flags.  By
             default, the flags as specified must be set in order
             to match. With a leading +, the flags specified must
             be set but others are ignored. With a leading -, the
             flags specified must not be set and others are  per-

         You can specify multiple instances of -f to specify mul-
         tiple filters. For example:

           % netstat -nr -f outif:hme0 -f outif:hme1 -f dst:

         The preceding command  displays  routes  within  network, with mask length 8 or greater, and an output
         interface of either hme0 or hme1, and excludes all other

         Show the multicast group memberships for all interfaces.
         If the -v option is included, source-specific membership
         information is also displayed. See DISPLAYS, below.

         Show the state of the interfaces that are  used  for  IP
         traffic. Normally this shows statistics for the physical
         interfaces. When combined with the -a option, this  will
         also  report information for the logical interfaces. See

         Show the STREAMS memory statistics.

         Show network  addresses  as  numbers.  netstat  normally
         displays  addresses  as symbols. This option may be used
         with any of the display formats.

         Show the net to media tables. See DISPLAYS, below.

         Show the routing tables. Normally, only interface, host,
         network,  and  default  routes  are shown, but when this
         option is combined with the -a option, all  routes  will
         be  displayed, including cache. If you have not set up a
         multicast route, -ra might not show any multicast  rout-
         ing  entries,  although  the  kernel will derive such an
         entry if needed.

         Show per-protocol statistics.  When  used  with  the  -M
         option,  show multicast routing statistics instead. When
         used with the -a option, per-interface  statistics  will
         be  displayed, when available, in addition to statistics
         global to the system. See DISPLAYS, below.

     -T u | d
         Display a time stamp.

         Specify u for a printed representation of  the  internal
         representation of time. See time(2). Specify d for stan-
         dard date format. See date(1).

         Lists the user, process id, and the program which origi-
         nally created the network endpoint or controls it now.

         Verbose. Show additional information  for  the  sockets,
         STREAMS memory statistics, routing table, processes, and
         multicast group memberships.

     -I interface
         Show the state of a particular interface. interface  can
         be  any  valid interface such as hme0 or eri0. Normally,
         the status and statistics for  physical  interfaces  are
         displayed.  When  this  option  is  combined with the -a
         option, information for the logical interfaces  is  also

         Show the multicast routing tables. When used with the -s
         option, show multicast routing statistics instead.

     -P protocol
         Limit display of statistics or state of all  sockets  to
         those applicable to protocol. The protocol can be one of
         ip, ipv6, icmp, icmpv6, icmp, icmpv6,  igmp,  udp,  tcp,
         rawip.  rawip  can also be specified as raw. The command
         accepts protocol options only as all lowercase.

         Show the status of DHCP configured interfaces.

         This modifier displays extended security attributes  for
         sockets  and  routing  table entries. The -R modifier is
         available only if the  system  is  configured  with  the
         Solaris Trusted Extensions feature.

         With -r only, this option displays the routing  entries'
         gateway  security  attributes.  See  route(1M)  for more
         information on security attributes.

         When displaying socket information using the first  form
         of  the commmand, this option displays additional infor-
         mation for Multi-Level Port(MLP) sockets. This includes:

             o    The label for the peer if the  socket  is  con-

             o    The following flags  can  be  appended  to  the
                  socket's "State" output:

                       The socket is a  MLP  on  zone-private  IP

                       The socket is a MLP on IP addresses shared
                       between zones.

                 Display  statistics   accumulated   since   last
                 display  every  interval seconds, repeating for-
                 ever, unless count is  specified.  When  invoked
                 with  interval,  the first row of netstat output
                 shows statistics accumulated since last reboot.

                 The following options support interval: -i,  -m,
                 -s and -Ms. Some values are configuration param-
                 eters and are just redisplayed at each interval.

                 Display interface statistics the number of times
                 specified by count, at the interval specified by

  Active Sockets (First Form)
     The display for each  active  socket  shows  the  local  and
     remote address, the send and receive queue sizes (in bytes),
     the send and receive windows (in bytes),  and  the  internal
     state of the protocol.

     The  symbolic  format  normally  used  to   display   socket
     addresses is either:


     when the name of the host is specified, or


     if a socket address specifies  a  network  but  no  specific

     The numeric host address or network number  associated  with
     the  socket  is  used  to look up the corresponding symbolic
     hostname or network name in the hosts or networks database.

     If the network or hostname for an address is not  known,  or
     if the -n option is specified, the numerical network address
     is shown. Unspecified, or "wildcard",  addresses  and  ports
     appear  as  an  asterisk (*). For more information regarding
     the Internet  naming  conventions,  refer  to  inet(7P)  and

     For SCTP sockets, because an endpoint can be represented  by
     multiple  addresses,  the  verbose  option (-v) displays the
     list of all the local and remote addresses.

  TCP Sockets
     The possible state values for TCP sockets are as follows:

                     Bound, ready to connect or listen.

                     Closed. The socket is not being used.

                     Closed, then remote shutdown; awaiting  ack-

                     Remote shutdown; waiting for the  socket  to

                     Connection has been established.

                     Socket closed; shutting down connection.

                     Socket closed;  waiting  for  shutdown  from

                     Idle, opened but not bound.

                     Remote shutdown, then closed; awaiting  ack-

                     Listening for incoming connections.

                     Initial synchronization  of  the  connection
                     under way.

                     Actively trying to establish connection.

                     Wait  after  close   for   remote   shutdown

  SCTP Sockets
     The possible state values for SCTP sockets are as follows:

                          Closed. The socket is not being used.

                          Listening for incoming associations.

                          Association has been established.

                          INIT has been sent to the peer,  await-
                          ing acknowledgment.

                          State cookie from the INIT-ACK has been
                          sent to the peer, awaiting acknowledge-

                          SHUTDOWN has  been  received  from  the
                          upper  layer,  awaiting acknowledgement
                          of all outstanding DATA from the peer.

                          All  outstanding  data  has  been  ack-
                          nowledged  in  the SHUTDOWN_SENT state.
                          SHUTDOWN has been  sent  to  the  peer,
                          awaiting acknowledgement.

                          SHUTDOWN has  been  received  from  the
                          peer,  awaiting  acknowledgement of all
                          outstanding DATA.

                          All  outstanding  data  has  been  ack-
                          nowledged   in   the  SHUTDOWN_RECEIVED
                          state. SHUTDOWN_ACK has  been  sent  to
                          the peer.

  Network Data Structures (Second Through Fifth Forms)
     The form of the display depends upon which of  the  -g,  -m,
     -p, or -s options you select.

           Displays the list of multicast group membership.

           Displays the memory usage, for example, STREAMS mblks.

           Displays the net to media mapping table. For IPv4, the
           address  resolution  table  is displayed. See arp(1M).

           For IPv6, the neighbor cache is displayed.

           Displays  the  statistics  for  the  various  protocol

     The statistics use the MIB specified variables. The  defined
     values for ipForwarding are:

                          Acting as a gateway.

                          Not acting as a gateway.

     The IPv6 and ICMPv6 protocol layers  maintain  per-interface
     statistics.  If  the  -a  option  is  specified  with the -s
     option, then the per-interface statistics  as  well  as  the
     total  sums  are  displayed.  Otherwise, just the sum of the
     statistics are shown.

     For the second, third, and fourth forms of the command,  you
     must  specify  at  least  -g, -p, or -s. You can specify any
     combination of these options. You can also specify  -m  (the
     fifth  form)  with any set of the -g, -p, and -s options. If
     you specify more than one of these options, netstat displays
     the information for each one of them.

  Interface Status (Sixth Form)
     The interface  status  display  lists  information  for  all
     current  interfaces, one interface per line. If an interface
     is specified using the -I option,  it  displays  information
     for only the specified interface.

     The list  consists  of  the  interface  name,  mtu  (maximum
     transmission    unit,    or    maximum    packet   size)(see
     ifconfig(1M)),  the  network  to  which  the  interface   is
     attached,  addresses for each interface, and counter associ-
     ated with the interface. The counters  show  the  number  of
     input  packets, input errors, output packets, output errors,
     and collisions, respectively. For Point-to-Point interfaces,
     the  Net/Dest field is the name or address on the other side
     of the link.

     If the -a option is specified with either the -i  option  or
     the  -I  option,  then  the  output  includes  names  of the
     physical interface(s), counts for input packets  and  output
     packets for each logical interface, plus additional informa-

     If the -n option is specified,  the  list  displays  the  IP
     address instead of the interface name.

     If an optional interval is specified,  the  output  will  be
     continually  displayed in interval seconds until interrupted
     by the user or until count is reached. See OPERANDS.

     The physical interface is specified  using  the  -I  option.
     When  used  with  the  interval  operand,  output for the -I
     option has the following format:

       input    eri0          output        input          (Total)   output
       packets  errs  packets errs  colls   packets  errs  packets  errs   colls
       227681   0     659471  1     502     261331   0     99597    1   502
       10       0     0       0     0       10    0     0        0      0
       8        0     0       0     0       8   0     0        0      0
       10       0     2       0     0       10    0     2        0      0

     If the input interface is not specified, the first interface
     of address family inet or inet6 will be displayed.

  Routing Table (Seventh Form)
     The routing table display lists the available routes and the
     status of each. Each route consists of a destination host or
     network, and a gateway to use  in  forwarding  packets.  The
     flags  column shows the status of the route. These flags are
     as follows:

          Indicates route is up.

          Route is to a gateway.

          Route is to a host and not a network.

          Redundant route established with the -multirt option.

          Route was established using the -setsrc option.

          Route was created dynamically by a redirect.

          Packets will be silently dropped (RTF_BLACKHOLE set).

          Packets  will  be  dropped   with   ICMP   error   sent
          (RTF_REJECT set).

          Indirect routes (gateway not directly reachable)  esta-
          blished with the -indirect option.

          (non-global exclusive-IP zone only) The route was stat-
          ically  added on boot based on routing information con-
          figured using zonecfg(1M) in the global zone.

     If the -a option is specified, there will be routing entries
     with the following flags:

          Broadcast addresses.

          Clones interface host route entries for on-link  desti-

          Local addresses for the host.

     Interface routes are created for each interface attached  to
     the local host; the gateway field for such entries shows the
     address of the outgoing interface.

     The use column displays the number of packets sent  or  for-
     warded using the route in question.

     The interface entry indicates the network interface utilized
     for the route.

  Multicast Routing Tables (Eighth Form)
     The multicast routing table consists of the  virtual  inter-
     face table and the actual routing table.

  DHCP Interface Information (Ninth Form)

     The DHCP interface information  consists  of  the  interface
     name,  its  current state, lease information, packet counts,
     and a list of flags.

     The states correlate with the specifications  set  forth  in
     RFC 2131.

     Lease information includes:

         o    when the lease began;

         o    when lease renewal will begin; and

         o    when the lease will expire.

     The flags currently defined include:

                The interface has a lease obtained through  BOOTP
                (IPv4 only).

                The interface is busy with a DHCP transaction.

                The  interface  is  the  primary  interface.  See
                dhcpinfo(1) and ifconfig(1M).

                The interface is in failure  state  and  must  be
                manually restarted.

     Packet counts are maintained for the number of packets sent,
     the  number  of  packets  received,  and the number of lease
     offers declined by the DHCP client. All three  counters  are
     initialized  to  zero and then incremented while obtaining a
     lease. The counters are  reset  when  the  period  of  lease
     renewal   begins  for  the  interface.  Thus,  the  counters
     represent either the number of packets sent,  received,  and
     declined while obtaining the current lease, or the number of
     packets sent, received, and  declined  while  attempting  to
     obtain a future lease.

  Destination Cache Entry Table (Tenth Form)
     The destination cache entry display shows the recorded  path
     MTU,  the  age  (in  seconds) of the entry, and flags. The P
     flag indicates that a path MTU is recorded. The S flag indi-
     cates  that the path MTU is smaller than the minumum that IP
     will allow. The U flag indicates that some transport metrics
     (round-trip  time,  and so forth) are cached in the destina-
     tion cache entry.

                               DEFAULT_IP setting

     See attributes(5) for descriptions of the  following  attri-

     tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i)  ATTRI-
     BUTE TYPEATTRIBUTE VALUE _ Availabilitysystem/core-os

See Also
     arp(1M),    dhcpinfo(1),    dhcpagent(1M),     ifconfig(1M),
     iostat(1M),     kstat(1M),     savecore(1M),     vmstat(1M),
     zonecfg(1M),  hosts(4),  inet_type(4),  networks(4),  protocols(4),
     services(4),  attributes(5),  dhcp(5),  kstat(7D),
     inet(7P), inet6(7P)

     Droms, R., RFC 2131, Dynamic  Host  Configuration  Protocol,
     Network Working Group, March 1997.

     Droms, R. RFC 3315, Dynamic Host Configuration Protocol  for
     IPv6 (DHCPv6). Cisco Systems. July 2003.

     When displaying interface information,  netstat  honors  the
     DEFAULT_IP  setting  in /etc/default/inet_type. If it is set
     to IP_VERSION4, then netstat will omit information  relating
     to  IPv6 interfaces, statistics, connections, routes and the

     However,  you  can  override  the  DEFAULT_IP   setting   in
     /etc/default/inet_type  on the command-line. For example, if
     you have used the command-line to  explicitly  request  IPv6
     information  by using the inet6 address family or one of the
     IPv6 protocols, it will override the DEFAULT_IP setting.

     If you need to examine network status information  following
     a  kernel  crash, use the mdb(1) utility on the savecore(1M)

     The netstat utility obtains TCP statistics from  the  system
     by  opening  /dev/tcp  and issuing queries. Because of this,
     netstat might display an extra, unused  connection  in  IDLE
     state when reporting connection status.

     Previous versions of netstat had  undocumented  methods  for
     reporting  kernel  statistics  published using the kstat(7D)
     facility. This functionality has been removed. Use kstat(1M)

     netstat restricts its output to information that is relevant
     to  the  zone  in which netstat runs. (This is true for both
     shared-IP and exclusive-IP zones.)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.