irix-657m-src/eoe/man/man1/netstat.1

'\"macro stdmacro
.\" Copyright (c) 1983 Regents of the University of California.
.\" All rights reserved.  The Berkeley software License Agreement
.\" specifies the terms and conditions for redistribution.
.\"
.\"	@(#)netstat.1	6.5 (Berkeley) 5/8/86
.\"
.if n .pH man1.netstat @(#)netstat	30.3 of 2/1/86
.TH NETSTAT 1
.UC 5
.SH NAME
netstat \- show network status 
.SH SYNOPSIS
\f3netstat\fP [ \f3\-Aanu\fP ] [ \f3\-f\fP \f2address_family\fP ]
[ \f2system\fP ] [ \f2core\fP ]
.br
\f3netstat\fP [ \f3\-imnqrstMN\fP ] [ \f3\-f\fP \f2address_family\fP ]
[ \f2system\fP ] [ \f2core\fP ]
.br
\f3netstat\fP [ \f3\-n\fP ] [ \f3\-I\fP \f2interface\fP ] \f2interval\fP
[ \f2system\fP ] [ \f2core\fP ]
.br
\f3netstat \-C \fP [ \f3\-n\fP ] [ \f2interval\fP ] [ \f2system\fP ]
.br
\f3netstat\fP [ \f3\-p\fP \f2protocol\fP ] [ \f2system\fP ] [ \f2core\fP ]
.SH DESCRIPTION
The
.I netstat 
command symbolically displays the contents of various network-related
data structures.
There are a number of output formats,
depending on the options for the information presented.
The first form of the command displays a list of active sockets for
each protocol.
The second form presents the contents of one of the other network
data structures according to the option selected.
Using the third form, with an 
.I interval
specified,
.I netstat
will continuously display the information regarding packet
traffic on the configured network interfaces.
The fourth form displays statistics about the named protocol.
.PP
The options have the following meaning:
.TP 
.B \-A
With the default display,
show the address of any protocol control blocks associated with sockets; used
for debugging.
.TP
.B \-a
With the default display,
show the state of all sockets; normally sockets used by
server processes are not shown.
If
.B \-q
is used in conjunction with
.BR -a ,
information about pending connections on
listening endpoints will be displayed.  This includes the number of
partially-synchronized connections, the number of fully-synchronized
connections, and the maximum number of pending connections specified in the
.IR listen (2)
call.  Note that system provides some scaling on the
.I listen
backlog, such that a request for a queue limit of 32 will actually result
in 49 connections being allowed prior to new connection requests being
ignored.  This means that it is possible for the sum of the two queue
lengths to be larger than the limit.
.TP
.B \-l
With the default display, 
on systems supporting IP security options,
show the mandatory and discretionary access control attributes
associated with sockets.  These consist of
a mandatory access control label, printed at the
beginning of each line, and a socket uid and acl,
printed at the end of each line.
(For
.B AF_INET
sockets only, a second mandatory access control label,
.I SndLabel,
is also shown.
.I SndLabel
is a copy of the label in the u_area.)
On systems not supporting IP security options, 
.B -l
is silently ignored.
.\".TP
.\".B \-h
.\"Show the state of the IMP host table.
.TP
.B \-C
Display the contents of several of the other formats in dynamic
"full-screen" forms.
Many of the values can be displayed as simple totals (\f2r\fP or "reset"),
changes during the previous interval (\f2d\fP or "delta"),
or changes since a fix moment (\f2z\fP or "zero").
Note that turning interfaces off or on or otherwise reseting them can
make it seem that counters are changing wildly, since that often
resets the counters to zero.
.TP
.B \-i
Show the state of interfaces which have been auto-configured
(interfaces statically configured into a system, but not
located at boot time are not shown).
When
.B \-a
is also present, show all addresses (unicast, multicast and link-level)
associated with each interface.
.TP
.B \-iq
Show the information for
.B \-i 
with the number of packets currently in the output queue, the queue
size, and the number of dropped packets due to a full queue.
.TP
.BI \-I " interface"
Show information only about this interface;
used with an
.I interval
as described below.
.TP
.B \-m
Show statistics recorded by the memory management routines
(the network manages a private pool of memory buffers).
.TP
.B \-n
Show network addresses as numbers (normally 
.I netstat
interprets addresses and attempts to display them
symbolically).
This option may be used with any of the display formats.
.TP
.BI \-p " protocol"
Show statistics about 
.IR protocol ,
which is either a well-known name for a protocol or an alias for it.  Some
protocol names and aliases are listed in the file 
.IR /etc/protocols .
A null response typically means that there are no interesting numbers to 
report.
The program will complain if
.I protocol
is unknown or if there is no statistics routine for it.  (This
includes counting packets for the HELO routing protocol as unknown.)
.TP
.B \-s
Show per-protocol statistics.
.TP
.B \-r
Show the routing tables.
When
.B \-s
is also present, show routing statistics instead.
.TP
.B \-M
Show the kernel multicast routing tables.
When
.B \-s
is also present, show multicast routing statistics instead.
.TP
.B \-N
Show socket addresses of family AF_LINK symbolically or numerically,
depending on whether the
.B \-n
option is used, rather
than in the default format of
.B link#
where # corresponds to the numerical index into the ifnet array in the kernel.
This option is typically only useful when displaying the routing
tables
using the
.B -r
option.
.TP
.BI \-f " address_family"
Limit statistics or address control block reports to those
of the specified
.IR address\ family .
The following address families
are recognized:
.IR inet ,
for
.BR AF_INET ,
and
.IR unix ,
for
.BR AF_UNIX .
(\f2ns\fP, for
.BR AF_NS
is not currently supported.)
.TP
.B \-t
If used in conjunction with
.BR \-i ,
displays the value of the interface watchdog timer.
.TP
.B \-u 
A synonym for 
.BR "\-f unix" .
.PP
The arguments, 
.I system
and
.I core
allow substitutes for the defaults ``/unix'' and ``/dev/kmem''.
.PP
The default display, for active sockets, shows the local
and remote addresses, send and receive queue sizes (in bytes), protocol,
and the internal state of the protocol.
Address formats are of the form ``host.port'' or ``network.port''
if a socket's address specifies a network but no specific host address.
When known the host and network addresses are displayed symbolically
according to the data bases
.I /etc/hosts
and
.IR /etc/networks ,
respectively.  If a symbolic name for an address is unknown, or if
the 
.B \-n
option is specified, the address is printed numerically, according
to the address family.
For more information regarding 
the Internet ``dot format,''
refer to 
.IR inet (3N).
Unspecified,
or ``wildcard'', addresses and ports appear as ``*''.  
.PP
The interface display provides a table of cumulative
statistics regarding packets transferred, errors, and collisions.
The network addresses of the interface
and the maximum transmission unit (``mtu'') are also displayed.
.PP
The routing table display indicates the available routes and
their status.  Each route consists of a destination host or network
and a gateway to use in forwarding packets.  The flags field shows a collection
of information about the route stored as binary choices.  The individual flags
are discussed in more detail in the
.IR route (1M)
and
.IR route (7)
manual pages.  The mapping between letters and flags is:
.PP
.nf
.\".ta \w'1'u +\w'RTF_BLACKHOLExxxx'u +\w'RTF_XXX'u
.ta \w'RTF_SNOX'u +\w'RTF_BLACKHOLExxxx'u
1	RTF_PROTO1	Protocol-specific routing flag #1
.br
2	RTF_PROTO2	Protocol-specific routing flag #2
.br
B	RTF_BLACKHOLE	Just discard pkts (during updates) 
.br
C	RTF_CLONING	Generate new routes on use 
.br
D	RTF_DYNAMIC	Created dynamically (by redirect) 
.br
G	RTF_GATEWAY	Destination requires forwarding by intermediary
.br
H	RTF_HOST	Host entry (net otherwise) 
.br
L	RTF_LLINFO	Valid protocol to link address translation.
.br
M	RTF_MODIFIED	Modified dynamically (by redirect) 
.br
R	RTF_REJECT	Host or net unreachable 
.br
S	RTF_STATIC	Manually added 
.br
U	RTF_UP	Route usable 
.br
X	RTF_XRESOLVE	External daemon translates proto to link address
.br
c	RTF_CKSUM	TCP/UDP checksumming done on this route
.br
.ta
.fi
.PP
Direct routes are created for each
interface attached to the local host;
the gateway field for such entries shows the address of the outgoing interface.
The MTU field shows the MTU value set with the
.IR route (1M)
command for that route.
The RTT and RTTvar fields show the estimated round-trip time (RTT) and the
variance in RTT for routes with large amounts of TCP traffic.
The RTT and RTTvar values are in seconds with a resolution of .125 seconds.
The use field provides a count of the number of packets
sent using that route.  The interface entry indicates the network
interface utilized for the route.
.PP
When 
.I netstat
is invoked with an
.I interval
argument, it displays a running count of statistics related to
network interfaces.  This display consists of a
column for the primary interface
(the first interface found during autoconfiguration)
and a column summarizing
information for all interfaces.
The primary interface may be replaced with another interface with the
.B \-I
option.
The first line of each screen of information contains a summary since the
system was last rebooted.  Subsequent lines of output show values
accumulated over the preceding interval.
.SH "DETERMINING SERVICE USAGE"
To match a socket to a process, the \f2fuser\f1(1M) command can be used.  For
example, the command
.Ex
fuser 25/tcp
.Ee
.PP
will display information about any processes listening on TCP port 25.  Note that
\f2fuser\f1 requires the numeric value for the port, not the name of the
service.  The
.B \-n
option will force \f2netstat\fP to display service information numerically.
.SH SEE ALSO
fuser(1M),
nfsstat(1M),
route(1M),
smtstat(1),
hosts(4),
networks(4),
protocols(4),
services(4),
route(7)
.SH BUGS
The notion of errors is ill-defined.  
.\"Collisions mean something else for the IMP.