netstat의 state별 설명
LISTEN : 서버의 데몬이 떠서 접속 요청을 기다리는 상태
SYS-SENT : 로컬의 클라이언트 애플리케이션이 원격 호스트에 연결을 요청한 상태
SYS-RECEIVED : 서버가 클라이언트로 부터 접속 요구를 받아 클라이언트에게 응답을 했지만 아직 클라이언트에게 확인 메세지는 받지 않은 상태
ESTALISHED : 3-way-Handshaking 이 완료된후 서로 연결된 상태
FIN-WAIT, CLOSE-WAIT, FIN-WAIT2 : 서버에서 연결을 종료하기 위해 클라이언트에게 종결을 요청하고 회신을 받아 종료하는 과정의 상태
CLOSING : 흔하지 않지만 주로 확인 메세지가 존송 도중 분실된 상태
TIME-WAIT : 연결은 종료 되었지만 분실되었을지 모를 느린 세그먼트를 위해 당분간 소켓을 열어 놓은 상태
CLOSED : 완전히 종료
-------------------------------------------------------------------------------------
Maintenance Commands netstat(1M)
NAME
netstat - show network status
SYNOPSIS
netstat [-anv] [-f address_family] [-P protocol]
netstat -g [-nv] [-f address_family]
netstat -p [-n] [-f address_family]
netstat -s [-f address_family] [-P protocol] [interval
[count]]
netstat -m [-v] [interval [count]]
netstat -i [-I interface] [-an] [-f address_family] [inter-
val [count]]
netstat -r [-anv] [-f address_family | filter]
netstat -M [-ns] [-f address_family]
netstat -D [-I interface] [-f address_family]
The netstat command displays the contents of certain
network-related data structures in various formats, depend-
ing on the options you select.
The netstat command has the several forms shown in the sec-
tion, above, listed as follows:
o The first form of the command (with no required argu-
ments) displays a list of active sockets for each pro-
tocol.
o The second, third, and fourth forms (-g, -p, and -s
options) display information from various network data
structures.
o The fifth form (-m option) displays STREAMS memory
statistics.
o The sixth form (-i option) shows the state of the
interfaces.
o The seventh form (-r option) displays the routing
table.
o The eighth form (-M option) displays the multicast
routing table.
SunOS 5.10 Last change: 4 Mar 2005 1
Maintenance Commands netstat(1M)
o The ninth form (-D option) displays the state of DHCP
on one or all interfaces.
These forms are described in greater detail below.
With no arguments (the first form), netstat displays con-
nected sockets for PF_INET, PF_INET6, and PF_UNIX, unless
modified otherwise by the -f option.
-a Show the state of all sockets, all
routing table entries, or all inter-
faces, both physical and logical.
Normally, listener sockets used by
server processes are not shown.
Under most conditions, only inter-
face, host, network, and default
routes are shown and only the status
of physical interfaces is shown.
-f address_family Limit all displays to those of the
specified address_family. The value
of address_family can be one of the
following:
inet For the AF_INET address
family showing IPv4 infor-
mation.
inet6 For the AF_INET6 address
family showing IPv6 infor-
mation.
unix For the AF_UNIX address
family.
-f filter With -r only, limit the display of
routes to those matching the speci-
fied filter. A filter rule consists
of a "keyword:value" pair. The known
keywords and the value syntax are:
SunOS 5.10 Last change: 4 Mar 2005 2
Maintenance Commands netstat(1M)
af:{inet|inet6|unix|number}
Selects an address family. This
is identical to -f
address_family and both syntaxes
are supported.
{inif|outif}:{name|ifIndex|any|none}
Selects an input or output
interface. You can specify the
interface by name (such as hme0)
or by ifIndex number (for exam-
ple, 2). If any is used, the
filter matches all routes having
a specified interface (anything
other than null). If none is
used, the filter matches all
routes having a null interface.
Note that you can view the index
number (ifIndex) for an inter-
face with the -a option of
ifconfig(1M).
{src|dst}:{ip-
address[/mask]|any|none}
Selects a source or destination
IP address. If specified with a
mask length, then any routes
with matching or longer (more
specific) masks are selected. If
any is used, then all but
addresses but 0 are selected. If
none is used, then address 0 is
selected.
flags:[+ -]?[ABDGHLMSU]+
Selects routes tagged with the
specified flags. By default, the
flags as specified must be set
in order to match. With a lead-
ing +, the flags specified must
be set but others are ignored.
SunOS 5.10 Last change: 4 Mar 2005 3
Maintenance Commands netstat(1M)
With a leading -, the flags
specified must not be set and
others are permitted.
You can specify multiple instances
of -f to specify multiple filters.
For example:
% netstat -nr -f outif:hme0 -f outif:hme1 -f dst:10
.0.0.0/8
The preceding command displays
routes within network 10.0.0.0/8,
with mask length 8 or greater, and
an output interface of either hme0
or hme1, and excludes all other
routes.
-g Show the multicast group memberships
for all interfaces. If the -v option
is included, source-specific member-
ship information is also displayed.
See DISPLAYS, below.
-i Show the state of the interfaces
that are used for IP traffic. Nor-
mally this shows statistics for the
physical interfaces. When combined
with the -a option, this will also
report information for the logical
interfaces. See ifconfig(1M).
-m Show the STREAMS memory statistics.
-n Show network addresses as numbers.
netstat normally displays addresses
as symbols. This option may be used
with any of the display formats.
-p Show the net to media tables. See
DISPLAYS, below.
SunOS 5.10 Last change: 4 Mar 2005 4
Maintenance Commands netstat(1M)
-r Show the routing tables. Normally,
only interface, host, network, and
default routes are shown, but when
this option is combined with the -a
option, all routes will be
displayed, including cache.
-s Show per-protocol statistics. When
used with the -M option, show multi-
cast routing statistics instead.
When used with the -a option, per-
interface statistics will be
displayed, when available, in addi-
tion to statistics global to the
system. See DISPLAYS, below.
-v Verbose. Show additional information
for the sockets, STREAMS memory
statistics, routing table, and mul-
ticast group memberships.
-I interface Show the state of a particular
interface. interface can be any
valid interface such as hme0 or
eri0. Normally, the status and
statistics for physical interfaces
are displayed. When this option is
combined with the -a option, infor-
mation for the logical interfaces is
also reported.
-M Show the multicast routing tables.
When used with the -s option, show
multicast routing statistics
instead.
-P protocol Limit display of statistics or state
of all sockets to those applicable
to protocol. The protocol can be one
of ip, ipv6, icmp, icmpv6, icmp,
icmpv6, igmp, udp, tcp, rawip. rawip
can also be specified as raw. The
SunOS 5.10 Last change: 4 Mar 2005 5
Maintenance Commands netstat(1M)
command accepts protocol options
only as all lowercase.
-D Show the status of DHCP configured
interfaces.
interval Display statistics accumulated since last
display every interval seconds, repeating
forever, unless count is specified. When
invoked with interval, the first row of
netstat output shows statistics accumulated
since last reboot.
The following options support interval: -i,
-m, -s and -Ms. Some values are configura-
tion parameters and are just redisplayed at
each interval.
count Display interface statistics the number of
times specified by count, at the interval
specified by interval.
DISPLAYS
Active Sockets (First Form)
The display for each active socket shows the local and
remote address, the send and receive queue sizes (in bytes),
the send and receive windows (in bytes), and the internal
state of the protocol.
The symbolic format normally used to display socket
addresses is either:
hostname.port
when the name of the host is specified, or
network.port
if a socket address specifies a network but no specific
host.
The numeric host address or network number associated with
the socket is used to look up the corresponding symbolic
hostname or network name in the hosts or networks database.
SunOS 5.10 Last change: 4 Mar 2005 6
Maintenance Commands netstat(1M)
If the network or hostname for an address is not known, or
if the -n option is specified, the numerical network address
is shown. Unspecified, or "wildcard", addresses and ports
appear as "*". For more information regarding the Internet
naming conventions, refer to inet(7P) and inet6(7P).
For SCTP sockets, because an endpoint can be represented by
multiple addresses, the verbose option (-v) displays the
list of all the local and remote addresses.
TCP Sockets
The possible state values for TCP sockets are as follows:
BOUND
Bound, ready to connect or listen.
CLOSED
Closed. The socket is not being used.
CLOSING
Closed, then remote shutdown; awaiting acknowledgment.
CLOSE_WAIT
Remote shutdown; waiting for the socket to close.
ESTABLISHED
Connection has been established.
FIN_WAIT_1
Socket closed; shutting down connection.
FIN_WAIT_2
Socket closed; waiting for shutdown from remote.
SunOS 5.10 Last change: 4 Mar 2005 7
Maintenance Commands netstat(1M)
IDLE
Idle, opened but not bound.
LAST_ACK
Remote shutdown, then closed; awaiting acknowledgment.
LISTEN
Listening for incoming connections.
SYN_RECEIVED
Initial synchronization of the connection under way.
SYN_SENT
Actively trying to establish connection.
TIME_WAIT
Wait after close for remote shutdown retransmission.
SCTP Sockets
The possible state values for SCTP sockets are as follows:
CLOSED
Closed. The socket is not being used.
LISTEN
Listening for incoming associations.
SunOS 5.10 Last change: 4 Mar 2005 8
Maintenance Commands netstat(1M)
ESTABLISHED
Association has been established.
COOKIE_WAIT
INIT has been sent to the peer, awaiting acknowledgment.
COOKIE_ECHOED
State cookie from the INIT-ACK has been sent to the
peer, awaiting acknowledgement.
SHUTDOWN_PENDING
SHUTDOWN has been received from the upper layer, await-
ing acknowledgement of all outstanding DATA from the
peer.
SHUTDOWN_SENT
All outstanding data has been acknowledged in the
SHUTDOWN_SENT state. SHUTDOWN has been sent to the peer,
awaiting acknowledgement.
SHUTDOWN_RECEIVED
SHUTDOWN has been received from the peer, awaiting ack-
nowledgement of all outstanding DATA.
SHUTDOWN_ACK_SENT
All outstanding data has been acknowledged in the
SHUTDOWN_RECEIVED state. SHUTDOWN_ACK has been sent to
the peer.
Network Data Structures (Second Through Fifth Forms)
SunOS 5.10 Last change: 4 Mar 2005 9
Maintenance Commands netstat(1M)
The form of the display depends upon which of the -g, -m,
-p, or -s options you select.
-g Displays the list of multicast group membership.
-m Displays the memory usage, for example, STREAMS
mblks.
-p Displays the net to media mapping table. For IPv4,
the address resolution table is displayed. See
arp(1M). For IPv6, the neighbor cache is displayed.
-s Displays the statistics for the various protocol
layers.
The statistics use the MIB specified variables. The defined
values for ipForwarding are:
forwarding(1) Acting as a gateway.
not-forwarding(2) Not acting as a gateway.
The IPv6 and ICMPv6 protocol layers maintain per-interface
statistics. If the -a option is specified with the -s
option, then the per-interface statistics as well as the
total sums are displayed. Otherwise, just the sum of the
statistics are shown.
For the second, third, and fourth forms of the command, you
must specify at least -g, -p, or -s. You can specify any
combination of these options. You can also specify -m (the
fifth form) with any set of the -g, -p, and -s options. If
you specify more than one of these options, netstat displays
the information for each one of them.
Interface Status (Sixth Form)
The interface status display lists information for all
current interfaces, one interface per line. If an interface
is specified using the -I option, it displays information
SunOS 5.10 Last change: 4 Mar 2005 10
Maintenance Commands netstat(1M)
for only the specified interface.
The list consists of the interface name, mtu (maximum
transmission unit, or maximum packet size)(see
ifconfig(1M)), the network to which the interface is
attached, addresses for each interface, and counter associ-
ated with the interface. The counters show the number of
input packets, input errors, output packets, output errors,
and collisions, respectively. For Point-to-Point interfaces,
the Net/Dest field is the name or address on the other side
of the link.
If the -a option is specified with either the -i option or
the -I option, then the output includes names of the physi-
cal interface(s), counts for input packets and output pack-
ets for each logical interface, plus additional information.
If the -n option is specified, the list displays the IP
address instead of the interface name.
If an optional interval is specified, the output will be
continually displayed in interval seconds until interrupted
by the user or until count is reached. See .
The physical interface is specified using the -I option.
When used with the interval operand, output for the -I
option has the following format:
input eri0 output input (Total) output
packets errs packets errs colls packets errs packets errs colls
227681 0 659471 1 502 261331 0 99597 1 502
10 0 0 0 0 10 0 0 0 0
8 0 0 0 0 8 0 0 0 0
10 0 2 0 0 10 0 2 0 0
If the input interface is not specified, the first interface
of address family inet or inet6 will be displayed.
Routing Table (Seventh Form)
The routing table display lists the available routes and the
status of each. Each route consists of a destination host or
network, and a gateway to use in forwarding packets. The
flags column shows the status of the route. These flags are
as follows:
U
Indicates route is "up".
SunOS 5.10 Last change: 4 Mar 2005 11
Maintenance Commands netstat(1M)
G
Route is to a gateway.
H
Route is to a host and not a network.
M
Redundant route established with the -multirt option.
S
Route was established using the -setsrc option.
D
Route was created dynamically by a redirect.
If the -a option is specified, there will be routing entries
with the following flags:
A
Combined routing and address resolution entries.
B
Broadcast addresses.
L
Local addresses for the host.
SunOS 5.10 Last change: 4 Mar 2005 12
Maintenance Commands netstat(1M)
Interface routes are created for each interface attached to
the local host; the gateway field for such entries shows the
address of the outgoing interface.
The use column displays the number of packets sent using a
combined routing and address resolution (A) or a broadcast
(B) route. For a local (L) route, this count is the number
of packets received, and for all other routes it is the
number of times the routing entry has been used to create a
new combined route and address resolution entry.
The interface entry indicates the network interface utilized
for the route.
Multicast Routing Tables (Eighth Form)
The multicast routing table consists of the virtual inter-
face table and the actual routing table.
DHCP Interface Information (Ninth Form)
The DHCP interface information consists of the interface
name, its current state, lease information, packet counts,
and a list of flags.
The states correlate with the specifications set forth in
RFC 2131.
Lease information includes:
o when the lease began;
o when lease renewal will begin; and
o when the lease will expire.
The flags currently defined include:
BOOTP The interface has a lease obtained
through BOOTP.
BUSY The interface is busy with a DHCP
transaction.
PRIMARY The interface is the primary inter-
face. See dhcpinfo(1).
SunOS 5.10 Last change: 4 Mar 2005 13
Maintenance Commands netstat(1M)
FAILED The interface is in failure state
and must be manually restarted.
Packet counts are maintained for the number of packets sent,
the number of packets received, and the number of lease
offers declined by the DHCP client. All three counters are
initialized to zero and then incremented while obtaining a
lease. The counters are reset when the period of lease
renewal begins for the interface. Thus, the counters
represent either the number of packets sent, received, and
declined while obtaining the current lease, or the number of
packets sent, received, and declined while attempting to
obtain a future lease.
/etc/default/inet_type DEFAULT_IP setting
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
arp(1M), dhcpinfo(1), dhcpagent(1M), ifconfig(1M),
iostat(1M), kstat(1M), mibiisa(1M), savecore(1M),
vmstat(1M), hosts(4), inet_type(4), networks(4), proto-
cols(4), services(4), attributes(5), kstat(7D), inet(7P),
inet6(7P)
Droms, R., RFC 2131, Dynamic Host Configuration Protocol,
Network Working Group, March 1997.
When displaying interface information, netstat honors the
DEFAULT_IP setting in /etc/default/inet_type. If it is set
to IP_VERSION4, then netstat will omit information relating
to IPv6 interfaces, statistics, connections, routes and the
like.
However, you can override the DEFAULT_IP setting in
/etc/default/inet_type on the command-line. For example, if
you have used the command-line to explicitly request IPv6
SunOS 5.10 Last change: 4 Mar 2005 14
Maintenance Commands netstat(1M)
information by using the inet6 address family or one of the
IPv6 protocols, it will override the DEFAULT_IP setting.
If you need to examine network status information following
a kernel crash, use the mdb(1) utility on the savecore(1M)
output.
The netstat utility obtains TCP statistics from the system
by opening /dev/tcp and issuing queries. Because of this,
netstat might display an extra, unused connection in IDLE
state when reporting connection status.
Previous versions of netstat had undocumented methods for
reporting kernel statistics published using the kstat(7D)
facility. This functionality has been removed. Use kstat(1M)
instead.
SunOS 5.10 Last change: 4 Mar 2005 15