Skip to main content
NetApp Knowledge Base

What are the netstat arguments and what do they mean?

Views:
1,933
Visibility:
Public
Votes:
2
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

ONTAP 9

Answer

  • The available arguments for netstat vary on ONTAP version. The best option to see what arguments are available for your version of ONTAP and what each of the arguments display is to review the man page for netstat in the node shell.
  • To view the netstat man page use the following command:
    • node run -node local man netstat
    • Example output from ONTAP 9.9
node run -node local man netstat
NETSTAT(1)                                             NETSTAT(1)



NAME
       netstat - show network status

DESCRIPTION
       The  netstat command symbolically displays the contents of
       various network-related data structures.  There are a num-
       ber  of  output  formats, depending on the options for the
       information presented.

       netstat [-AaCcELnOoPSTUWxy]  [-v  vserver_id]  [-f  proto-
       col_family | -p protocol] [-M core] [-N system]
              Display a list of active sockets (protocol  control
              blocks) for each network protocol, for a particular
              protocol_family , or for a single protocol.  If  -v
              is present, display the output specific to the par-
              ticular vserver id requested. If -A  is  also  pre-
              sent,  show the address of a protocol control block
              (PCB) associated with a socket; used for debugging.
              If  -a is also present, show the state of all sock-
              ets; normally sockets used by server processes  are
              not  shown. If -L is also present, show the size of
              the various listen queues. The  first  count  shows
              the  number  of  unaccepted connections, the second
              count shows the  amount  of  unaccepted  incomplete
              connections,  and  the  third  count is the maximum
              number of queued connections.  If -S is  also  pre-
              sent,  show  network  addresses as numbers (as with
              -n) but show ports symbolically. If -x is  present,
              display  socket buffer and tcp timer statistics for
              each internet socket.If -U is present, display  the
              time  of  the  last  received upcall, the last sent
              upcall and the last read for each active socket. If
              -P  is  present,  display  the  per  TCP connection
              statistics.  If -E is present,  display  the  total
              bytes  sent  and received per connection.  If -e is
              present, display  the  total  raw  bytes  sent  and
              received per connection.  If -O is present, display
              the application id associated with  the  connection
              and/or the Type of Service value for QOS Marking if
              enabled. If -C is present, display  the  connection
              group id for the connection. If -c is present, dis-
              play the congestion window details for TCP  connec-
              tions.  If  -o  is  present,  display the number of
              route looksups done for the connection.  If  -y  is
              present,  display  the  connections  that  met  the
              extreme flow control condition The output  displays
              the local and remote address of the connection, the
              count of the number of times the connection met the
              condition  and  the time.  When -T is present, dis-
              play  information  from  the  TCP  control   block,
              including    retransmits,    out-of-order   packets
              received, and zero-sized windows advertised.

       netstat -i | -I interface  [-abdhnW]  [-f  address_family]
       [-M core] [-N system]
              Show the state of all network interfaces or a  sin-
              gle   interface  which  have  been  auto-configured
              (interfaces statically configured  into  a  system,
              but  not  located  at  boot time are not shown). An
              asterisk (''*'') after an interface name  indicates
              that  the  interface  is  (''down''). If -a is also
              present, multicast addresses currently in  use  are
              shown  for  each Ethernet interface and for each IP
              interface address.  Multicast addresses  are  shown
              on  separate  lines following the interface address
              with which they are associated.  If -b is also pre-
              sent, show the number of bytes in and out. If -d is
              also present, show the number of  dropped  packets.
              If  -h is also present, print all counters in human
              readable form. If -W is also present, print  inter-
              face names using a wider field size.

       netstat  -w wait [-I interface] [-d] [-M core] [-N system]
       [-q howmany]
              At  intervals of wait seconds, display the informa-
              tion regarding packet  traffic  on  all  configured
              network  interfaces or a single.I interface.  If -q
              is also present, exit after howmany outputs. If  -d
              is  also  present, show the number of dropped pack-
              ets.

       netstat -s [-s] [-z] [-f protocol_family |  -p   protocol]
       [-M core] [-N system]
              Display system-wide  statistics  for  each  network
              protocol,  for a particular protocol_family ,or for
              a single protocol. If -s is repeated, counters with
              a  value of zero are suppressed. If -z is also pre-
              sent, reset  statistic  counters  after  displaying
              them.

       netstat  -i | -I  interface  -s [-f  protocol_family  | -p
       protocol] [-M core] [-N system]
              Display  per-interface  statistics for each network
              protocol, for a particular protocol_family ,or  for
              a single protocol.

       netstat -m [-M core] [-N system]
              Show  statistics  recorded by the memory management
              routines mbuf(9). The  network  manages  a  private
              pool of memory buffers.

       netstat -B [-z] [-I interface]
              Show  statistics  about bpf(4) peers. This includes
              information  like  how  many  packets   have   been
              matched,  dropped  and  received by the bpf device,
              also information about  current  buffer  sizes  and
              device states.

       netstat  -r  [--AaGnW] [-F fibnum] [-f address_family] [-M
       core] [-N system]
              Display the contents of routing tables.  When -f is
              specified,  a  routing  table  for   a   particular
              address_family  is displayed. When -F is specified,
              a routing table with  the  number  fibnum  is  dis-
              played.  If the specified fibnum is -1 or -F is not
              specified, the default routing table is  displayed.
              If  -A  is  also  present, show the contents of the
              internal Patricia tree structures; used for  debug-
              ging.  If  -a is also present, show protocol-cloned
              routes (routes generated by an RTF_PRCLONING parent
              route);  normally  these routes are not shown. When
              -W is also present, show  the  path  MTU  for  each
              route, and print interface names with a wider field
              size. If the -G is also present, the routing tables
              for all active fibnums are displayed.

       netstat -rs [-s] [-M core] [-N system]
              Display  routing  statistics.  If  -s  is repeated,
              counters with a value of zero are suppressed.

       netstat -g [-W] [-f address_family] [-M core] [-N system]
              Display  the  contents  of  the  multicast  virtual
              interface  tables, and multicast forwarding caches.
              Entries in these tables will appear only  when  the
              kernel  is  actively forwarding multicast sessions.
              This option is applicable  only  to  the  inet  and
              inet6 address families.

       netstat -gs [-s] [-f address_family] [-M core] [-N system]
              Show   multicast   routing  statistics.  If  -s  is
              repeated, counters with a value of  zero  are  sup-
              pressed.

       netstat -Q
              Show  netisr(9)  statistics.  The flags field shows
              available ISR handlers:

                     C    NETISR_SNP_FLAGS_M2CPUID       Able  to
                     map mbuf to cpu id

                     D    NETISR_SNP_FLAGS_DRAINEDCPU   Has queue
                     drain handler

                     F    NETISR_SNP_FLAGS_M2FLOW        Able  to
                     map mbuf to flow id

       Some options have the general meaning:

       -f address_family, -p  protocol
              Limit  display  to  those  records of the specified
              address_family or a single  protocol.  The  follow-
              ing address families and protocols are recognized:

              inet(AF_INET)
                     divert  ,  icmp  ,  igmp , ip , ipsec , pim,
                     sctp , tcp , udp

              inet6(AF_INET6)
                     icmp6 , ip6 , ipsec6 , rip6 , tcp , udp

              pfket(PF_KEY)
                     pfkey

              atalk(AF_APPLETALK)
                     ddp

              netgraph(AF_NETGRAPH)
                     ctrl , data

              ipx(AF_IPX)
                     ipx , spx

              unix(AF_UNIX)
                     None

              link(AF_LINK)
                     None

              The program will complain if protocol is unknown or
              if there is no statistics routine for it.

       -M Extract values associated with the name list  from  the
       specified core instead of the default /dev/kmem.

       -N Extract the name list from the specified system instead
       of the default, which is the kernel image the  system  has
       booted from.

       -n  Show network addresses and ports as numbers.  Normally
       netstat attempts to resolve addresses and ports, and  dis-
       play them symbolically.

       -W In certain displays, avoid truncating addresses even if
       this causes some fields to overflow.

       The default display, for active sockets, shows  the  local
       and  remote  addresses,  send  and receive queue sizes (in
       bytes), protocol, and the internal state of the  protocol.
       Address  formats  are  of the form ''host.port'' or ''net-
       work.port''if a socket's address specifies a  network  but
       no specific host address. When known, the host and network
       addresses are  displayed  symbolically  according  to  the
       databases  hosts(5)  and  networks(5), respectively.  If a
       symbolic name for an address is  unknown,  or  if  the  -n
       option  is  specified, the address is printed numerically,
       according to the  address  family.  For  more  information
       regarding  the  Internet  IPv4  ''dot  format'',  refer to
       inet(3). Unspecified, or ''wildcard'', addresses and ports
       appear as ''*''.

       The  interface  display  provides  a  table  of cumulative
       statistics regarding packets transferred, errors, and col-
       lisions.   The  network addresses of the interface and the
       maximum transmission unit (''mtu'') are also displayed.

       The routing table display indicates the  available  routes
       and  their  status.   Each route consists of a destination
       host or network, and a gateway to use in forwarding  pack-
       ets.   The  flags  field shows a collection of information
       about the route stored as binary choices.  The  individual
       flags  are  discussed  in  more detail in the route(8) and
       route(4) manual pages.  The mapping  between  letters  and
       flags is:

              1    RTF_PROTO1      Protocol specific routing flag
              #1

              2   RTF_PROTO2      Protocol specific routing  flag
              #2

              3    RTF_PROTO3      Protocol specific routing flag
              #3

              B    RTF_BLACKHOLE    Just  discard  pkts   (during
              updates)

              b    RTF_BROADCAST    The route represents a broad-
              cast address

              C   RTF_CLONING     Generate new routes on use

              c   RTF_PRCLONING   Protocol-specified generate new
              routes on use

              D    RTF_DYNAMIC      Created dynamically (by redi-
              rect)

              G   RTF_GATEWAY     Destination requires forwarding
              by intermediary

              H   RTF_HOST        Host entry (net otherwise)

              L    RTF_LLINFO      Valid protocol to link address
              translation

              M   RTF_MODIFIEDL   Modified dynamically (by  redi-
              rect)

              R   RTF_REJECT      Host or net unreachable

              S   RTF_STATIC      Manually added

              U   RTF_UP          Route usable

              W   RTF_WASCLONED   Route was generated as a result
              of cloning

              X    RTF_XRESOLVE     External  daemon   translates
              proto to link address

       Direct  routes  are created for each interface attached to
       the local host; the gateway field for such  entries  shows
       the  address  of the outgoing interface.  The refcnt field
       gives the current number of  active  uses  of  the  route.
       Connection oriented protocols normally hold on to a single
       route for the duration of a connection  while  connection-
       less  protocols  obtain  a route while sending to the same
       destination.  The use field provides a count of the number
       of  packets  sent  using  that route.  The interface entry
       indicates the network interface utilized for the route.

       When netstat is invoked with the -w   option  and  a  wait
       interval  argument, it displays a running count of statis-
       tics related to network interfaces. An obsolescent version
       of  this  option  used a numeric parameter with no option,
       and is currently supported for backward compatibility.  By
       default,  this  display  summarizes  information  for  all
       interfaces.  Information for a specific interface  may  be
       displayed with the -I option.

       The  bpf(4)  flags  displayed when netstat is invoked with
       the -B option represent the underlying parameters  of  the
       bpf peer.  Each flag is represented as a single lower case
       letter.  The mapping between  the  letters  and  flags  in
       order of appearance are:

              p   Set if listening promiscuously

              i   BIOCIMMEDIATE has been set on the device

              f   BIOCGHDRCMPLT status: source link addresses are
              being filled automatically

              s   BIOCGSEESENT status:  see  packets  originating
              locally and remotely on the interface.

              a   Packet reception generates a signal

              l   BIOCLOCK No status: descriptor has been locked

       For  more  information  about these flags, please refer to
       bpf(4).

       The -x flag causes netstat to output all  the  information
       recorded  about  data  stored  in the socket buffers.  The
       fields are:

              R-MBUF   Number of mbufs in the receive queue.

              S-MBUF   Number of mbufs in the send queue.

              R-CLUS   Number of clusters, of any  type,  in  the
              receive queue.

              S-CLUS    Number  of  clusters, of any type, in the
              send queue.

              R-HIWA   Receive buffer high water mark, in  bytes.

              S-HIWA   Send buffer high water mark, in bytes.

              R-LOWA   Receive buffer low water mark, in bytes.

              S-LOWA   Send buffer low water mark, in bytes.

              R-BCNT   Receive buffer byte count.

              S-BCNT   Send buffer byte count.

              R-BMAX    Maximum  bytes  that  can  be used in the
              receive buffer.

              S-BMAX   Maximum bytes that can be used in the send
              buffer.



SEE ALSO
       fstat(1),  nfsstat(1),  procstat(1),  ps(1),  sockstat(1),
       bpf(4), inet(4), route(4), unix(4), hosts(5), networks(5),
       protocols(5),  services(5),  iostat(8), route(8), trpt(8),
       vmstat(8), mbuf(9)


HISTORY
       The netstat command appeared in 4.2BSD.


       IPv6 support was added by WIDE/KAME project.


BUGS
       The notion of errors is ill-defined.



                           May 17, 2013                NETSTAT(1)
ing
              by intermediary

Additional Information

Versions of ONTAP not including the fix for bug 1278897 could see disruption when using the netstat command.

How to use netstat to troubleshoot network problems in ONTAP 9.5 or newer

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.