What are the netstat arguments and what do they mean?
Applies to
ONTAP 9
Answer
- The available arguments for
netstatvary on ONTAP version. The best option to see what arguments are available for your version of ONTAP and what each of the arguments display is to review the man page fornetstatin the node shell. - To view the
netstatman page use the following command:node run -node local man netstat- Example output from ONTAP 9.9
node run -node local man netstat
NETSTAT(1) NETSTAT(1)
NAME
netstat - show network status
DESCRIPTION
The netstat command symbolically displays the contents of
various network-related data structures. There are a num-
ber of output formats, depending on the options for the
information presented.
netstat [-AaCcELnOoPSTUWxy] [-v vserver_id] [-f proto-
col_family | -p protocol] [-M core] [-N system]
Display a list of active sockets (protocol control
blocks) for each network protocol, for a particular
protocol_family , or for a single protocol. If -v
is present, display the output specific to the par-
ticular vserver id requested. If -A is also pre-
sent, show the address of a protocol control block
(PCB) associated with a socket; used for debugging.
If -a is also present, show the state of all sock-
ets; normally sockets used by server processes are
not shown. If -L is also present, show the size of
the various listen queues. The first count shows
the number of unaccepted connections, the second
count shows the amount of unaccepted incomplete
connections, and the third count is the maximum
number of queued connections. If -S is also pre-
sent, show network addresses as numbers (as with
-n) but show ports symbolically. If -x is present,
display socket buffer and tcp timer statistics for
each internet socket.If -U is present, display the
time of the last received upcall, the last sent
upcall and the last read for each active socket. If
-P is present, display the per TCP connection
statistics. If -E is present, display the total
bytes sent and received per connection. If -e is
present, display the total raw bytes sent and
received per connection. If -O is present, display
the application id associated with the connection
and/or the Type of Service value for QOS Marking if
enabled. If -C is present, display the connection
group id for the connection. If -c is present, dis-
play the congestion window details for TCP connec-
tions. If -o is present, display the number of
route looksups done for the connection. If -y is
present, display the connections that met the
extreme flow control condition The output displays
the local and remote address of the connection, the
count of the number of times the connection met the
condition and the time. When -T is present, dis-
play information from the TCP control block,
including retransmits, out-of-order packets
received, and zero-sized windows advertised.
netstat -i | -I interface [-abdhnW] [-f address_family]
[-M core] [-N system]
Show the state of all network interfaces or a sin-
gle interface which have been auto-configured
(interfaces statically configured into a system,
but not located at boot time are not shown). An
asterisk (''*'') after an interface name indicates
that the interface is (''down''). If -a is also
present, multicast addresses currently in use are
shown for each Ethernet interface and for each IP
interface address. Multicast addresses are shown
on separate lines following the interface address
with which they are associated. If -b is also pre-
sent, show the number of bytes in and out. If -d is
also present, show the number of dropped packets.
If -h is also present, print all counters in human
readable form. If -W is also present, print inter-
face names using a wider field size.
netstat -w wait [-I interface] [-d] [-M core] [-N system]
[-q howmany]
At intervals of wait seconds, display the informa-
tion regarding packet traffic on all configured
network interfaces or a single.I interface. If -q
is also present, exit after howmany outputs. If -d
is also present, show the number of dropped pack-
ets.
netstat -s [-s] [-z] [-f protocol_family | -p protocol]
[-M core] [-N system]
Display system-wide statistics for each network
protocol, for a particular protocol_family ,or for
a single protocol. If -s is repeated, counters with
a value of zero are suppressed. If -z is also pre-
sent, reset statistic counters after displaying
them.
netstat -i | -I interface -s [-f protocol_family | -p
protocol] [-M core] [-N system]
Display per-interface statistics for each network
protocol, for a particular protocol_family ,or for
a single protocol.
netstat -m [-M core] [-N system]
Show statistics recorded by the memory management
routines mbuf(9). The network manages a private
pool of memory buffers.
netstat -B [-z] [-I interface]
Show statistics about bpf(4) peers. This includes
information like how many packets have been
matched, dropped and received by the bpf device,
also information about current buffer sizes and
device states.
netstat -r [--AaGnW] [-F fibnum] [-f address_family] [-M
core] [-N system]
Display the contents of routing tables. When -f is
specified, a routing table for a particular
address_family is displayed. When -F is specified,
a routing table with the number fibnum is dis-
played. If the specified fibnum is -1 or -F is not
specified, the default routing table is displayed.
If -A is also present, show the contents of the
internal Patricia tree structures; used for debug-
ging. If -a is also present, show protocol-cloned
routes (routes generated by an RTF_PRCLONING parent
route); normally these routes are not shown. When
-W is also present, show the path MTU for each
route, and print interface names with a wider field
size. If the -G is also present, the routing tables
for all active fibnums are displayed.
netstat -rs [-s] [-M core] [-N system]
Display routing statistics. If -s is repeated,
counters with a value of zero are suppressed.
netstat -g [-W] [-f address_family] [-M core] [-N system]
Display the contents of the multicast virtual
interface tables, and multicast forwarding caches.
Entries in these tables will appear only when the
kernel is actively forwarding multicast sessions.
This option is applicable only to the inet and
inet6 address families.
netstat -gs [-s] [-f address_family] [-M core] [-N system]
Show multicast routing statistics. If -s is
repeated, counters with a value of zero are sup-
pressed.
netstat -Q
Show netisr(9) statistics. The flags field shows
available ISR handlers:
C NETISR_SNP_FLAGS_M2CPUID Able to
map mbuf to cpu id
D NETISR_SNP_FLAGS_DRAINEDCPU Has queue
drain handler
F NETISR_SNP_FLAGS_M2FLOW Able to
map mbuf to flow id
Some options have the general meaning:
-f address_family, -p protocol
Limit display to those records of the specified
address_family or a single protocol. The follow-
ing address families and protocols are recognized:
inet(AF_INET)
divert , icmp , igmp , ip , ipsec , pim,
sctp , tcp , udp
inet6(AF_INET6)
icmp6 , ip6 , ipsec6 , rip6 , tcp , udp
pfket(PF_KEY)
pfkey
atalk(AF_APPLETALK)
ddp
netgraph(AF_NETGRAPH)
ctrl , data
ipx(AF_IPX)
ipx , spx
unix(AF_UNIX)
None
link(AF_LINK)
None
The program will complain if protocol is unknown or
if there is no statistics routine for it.
-M Extract values associated with the name list from the
specified core instead of the default /dev/kmem.
-N Extract the name list from the specified system instead
of the default, which is the kernel image the system has
booted from.
-n Show network addresses and ports as numbers. Normally
netstat attempts to resolve addresses and ports, and dis-
play them symbolically.
-W In certain displays, avoid truncating addresses even if
this causes some fields to overflow.
The default display, for active sockets, shows the local
and remote addresses, send and receive queue sizes (in
bytes), protocol, and the internal state of the protocol.
Address formats are of the form ''host.port'' or ''net-
work.port''if a socket's address specifies a network but
no specific host address. When known, the host and network
addresses are displayed symbolically according to the
databases hosts(5) and networks(5), respectively. If a
symbolic name for an address is unknown, or if the -n
option is specified, the address is printed numerically,
according to the address family. For more information
regarding the Internet IPv4 ''dot format'', refer to
inet(3). Unspecified, or ''wildcard'', addresses and ports
appear as ''*''.
The interface display provides a table of cumulative
statistics regarding packets transferred, errors, and col-
lisions. The network addresses of the interface and the
maximum transmission unit (''mtu'') are also displayed.
The routing table display indicates the available routes
and their status. Each route consists of a destination
host or network, and a gateway to use in forwarding pack-
ets. The flags field shows a collection of information
about the route stored as binary choices. The individual
flags are discussed in more detail in the route(8) and
route(4) manual pages. The mapping between letters and
flags is:
1 RTF_PROTO1 Protocol specific routing flag
#1
2 RTF_PROTO2 Protocol specific routing flag
#2
3 RTF_PROTO3 Protocol specific routing flag
#3
B RTF_BLACKHOLE Just discard pkts (during
updates)
b RTF_BROADCAST The route represents a broad-
cast address
C RTF_CLONING Generate new routes on use
c RTF_PRCLONING Protocol-specified generate new
routes on use
D RTF_DYNAMIC Created dynamically (by redi-
rect)
G RTF_GATEWAY Destination requires forwarding
by intermediary
H RTF_HOST Host entry (net otherwise)
L RTF_LLINFO Valid protocol to link address
translation
M RTF_MODIFIEDL Modified dynamically (by redi-
rect)
R RTF_REJECT Host or net unreachable
S RTF_STATIC Manually added
U RTF_UP Route usable
W RTF_WASCLONED Route was generated as a result
of cloning
X RTF_XRESOLVE External daemon translates
proto to link address
Direct routes are created for each interface attached to
the local host; the gateway field for such entries shows
the address of the outgoing interface. The refcnt field
gives the current number of active uses of the route.
Connection oriented protocols normally hold on to a single
route for the duration of a connection while connection-
less protocols obtain a route while sending to the same
destination. The use field provides a count of the number
of packets sent using that route. The interface entry
indicates the network interface utilized for the route.
When netstat is invoked with the -w option and a wait
interval argument, it displays a running count of statis-
tics related to network interfaces. An obsolescent version
of this option used a numeric parameter with no option,
and is currently supported for backward compatibility. By
default, this display summarizes information for all
interfaces. Information for a specific interface may be
displayed with the -I option.
The bpf(4) flags displayed when netstat is invoked with
the -B option represent the underlying parameters of the
bpf peer. Each flag is represented as a single lower case
letter. The mapping between the letters and flags in
order of appearance are:
p Set if listening promiscuously
i BIOCIMMEDIATE has been set on the device
f BIOCGHDRCMPLT status: source link addresses are
being filled automatically
s BIOCGSEESENT status: see packets originating
locally and remotely on the interface.
a Packet reception generates a signal
l BIOCLOCK No status: descriptor has been locked
For more information about these flags, please refer to
bpf(4).
The -x flag causes netstat to output all the information
recorded about data stored in the socket buffers. The
fields are:
R-MBUF Number of mbufs in the receive queue.
S-MBUF Number of mbufs in the send queue.
R-CLUS Number of clusters, of any type, in the
receive queue.
S-CLUS Number of clusters, of any type, in the
send queue.
R-HIWA Receive buffer high water mark, in bytes.
S-HIWA Send buffer high water mark, in bytes.
R-LOWA Receive buffer low water mark, in bytes.
S-LOWA Send buffer low water mark, in bytes.
R-BCNT Receive buffer byte count.
S-BCNT Send buffer byte count.
R-BMAX Maximum bytes that can be used in the
receive buffer.
S-BMAX Maximum bytes that can be used in the send
buffer.
SEE ALSO
fstat(1), nfsstat(1), procstat(1), ps(1), sockstat(1),
bpf(4), inet(4), route(4), unix(4), hosts(5), networks(5),
protocols(5), services(5), iostat(8), route(8), trpt(8),
vmstat(8), mbuf(9)
HISTORY
The netstat command appeared in 4.2BSD.
IPv6 support was added by WIDE/KAME project.
BUGS
The notion of errors is ill-defined.
May 17, 2013 NETSTAT(1)
ing
by intermediary
Additional Information
Versions of ONTAP not including the fix for bug 1278897 could see disruption when using the netstat command.
How to use netstat to troubleshoot network problems in ONTAP 9.5 or newer