I'd just download Openindiana (OI-hipster-gui-20170502.iso)
and install it on my VirtualBox(5.1.22, macOS 10.12.5)
Two network interface enabled, one for NAT another for bridge(i want to use it in static ip)
# svcadm disable network/physical:nwam
# svcadm enable network/physical:default
# ipadm enable-if -t e1000g1
# ipadm create-addr -T static -a a.b.c.d/24 e1000g1/v4
ipadm: Could not create address: Persistent operation on temporary object
How can I configure it?
using Solaris11.3, i did
# ipadm create-ip net1
# ipadm create-addr -T static -a a.b.c.d/24 net1/v4
works fine.
Anybody tell me the difference between OpenIndiana(Illumos) and Solaris11
Best regards,
Related
I'm trying to run a rippled non-validator node.
I'm using an 32GB RAM C5 class instance in aws with an external volume - io1 storage with 10000 iops.
I had node reboot for patching and since then it seems fine but it returns
curl --data-binary '{"method": "fee","params": []}' -H 'content-type:text/plain;' http://:5005/
A normal response is like;
{"result":{"current_ledger_size":"68","current_queue_size":"0","drops":{"base_fee":"10","median_fee":"5000","minimum_fee":"10","open_ledger_fee":"10"},"expected_ledger_size":"150","ledger_current_index":51375387,"levels":{"median_level":"128000","minimum_level":"256","open_ledger_level":"256","reference_level":"256"},"max_queue_size":"3000","status":"success"}}
err;
{"result":{"error":"noNetwork","error_code":17,"error_message":"Not synced to Ripple network.","request":{"command":"fee"},"status":"error"}}
After reboot though I just get this Not synced error.
When I spin up a node from fresh it has to download 95GB of data at about 1 a day and it gets the same error while I'm waiting.
I'm wondering what I need to do to keep these nodes stable.
[server]
port_rpc_admin_local
port_peer
port_ws_admin_local
#port_ws_public
#ssl_key = /etc/ssl/private/server.key
#ssl_cert = /etc/ssl/certs/server.crt
[port_rpc_admin_local]
port = 5005
ip = 0.0.0.0
admin = 127.0.0.1
protocol = http
[port_peer]
port = 51235
ip = 0.0.0.0
# alternatively, to accept connections on IPv4 + IPv6, use:
#ip = ::
protocol = peer
[port_ws_admin_local]
port = 6006
ip = 0.0.0.0
admin = 127.0.0.1
protocol = ws
#[port_ws_public]
#port = 6005
#ip = 0.0.0.0
#protocol = wss
#-------------------------------------------------------------------------------
[node_size]
huge
# This is primary persistent datastore for rippled. This includes transaction
# metadata, account states, and ledger headers. Helpful information can be
# found here: https://ripple.com/wiki/NodeBackEnd
# delete old ledgers while maintaining at least 2000. Do not require an
# external administrative command to initiate deletion.
[node_db]
type=RocksDB
path=/data01/rippled/db/rocksdb
open_files=2000
filter_bits=12
cache_mb=256
file_size_mb=8
file_size_mult=2
online_delete=120000
advisory_delete=0
# This is the persistent datastore for shards. It is important for the health
# of the ripple network that rippled operators shard as much as practical.
# NuDB requires SSD storage. Helpful information can be found here
# https://ripple.com/build/history-sharding
#[shard_db]
#path=/data01/rippled/db/shards/nudb
#max_size_gb=500
[database_path]
/data01/rippled/db
# This needs to be an absolute directory reference, not a relative one.
# Modify this value as required.
[debug_logfile]
/var/log/rippled/debug.log
[sntp_servers]
time.windows.com
time.apple.com
time.nist.gov
pool.ntp.org
# To use the XRP test network (see https://ripple.com/build/xrp-test-net/),
# use the following [ips] section:
# [ips]
# r.altnet.rippletest.net 51235
# File containing trusted validator keys or validator list publishers.
# Unless an absolute path is specified, it will be considered relative to the
# folder in which the rippled.cfg file is located.
[validators_file]
validators.txt
# Turn down default logging to save disk space in the long run.
# Valid values here are trace, debug, info, warning, error, and fatal
[rpc_startup]
{ "command": "log_level", "severity": "warning" }
# If ssl_verify is 1, certificates will be validated.
# To allow the use of self-signed certificates for development or internal use,
# set to ssl_verify to 0.
[ssl_verify]
1
This is my run command:
/opt/ripple/bin/rippled --silent --conf /etc/opt/ripple/rippled.cfg
I ran a C5.xlarge with an io1 storage volume with 10000 iops.
/opt/ripple/bin/rippled --net --silent --conf /etc/opt/ripple/rippled.cfg
[server]
port_rpc_admin_local
port_peer
port_ws_admin_local
#port_ws_public
#ssl_key = /etc/ssl/private/server.key
#ssl_cert = /etc/ssl/certs/server.crt
[port_rpc_admin_local]
port = 5005
ip = 0.0.0.0
admin = 127.0.0.1
protocol = http
[port_peer]
port = 51235
ip = 0.0.0.0
# alternatively, to accept connections on IPv4 + IPv6, use:
#ip = ::
protocol = peer
[port_ws_admin_local]
port = 6006
ip = 0.0.0.0
admin = 127.0.0.1
protocol = ws
#[port_ws_public]
#port = 6005
#ip = 0.0.0.0
#protocol = wss
#-------------------------------------------------------------------------------
[node_size]
medium
# This is primary persistent datastore for rippled. This includes transaction
# metadata, account states, and ledger headers. Helpful information can be
# found here: https://ripple.com/wiki/NodeBackEnd
# delete old ledgers while maintaining at least 2000. Do not require an
# external administrative command to initiate deletion.
[node_db]
type=RocksDB
path=/data01/rippled/db/rocksdb
open_files=2000
filter_bits=12
cache_mb=256
file_size_mb=8
file_size_mult=2
online_delete=120000
advisory_delete=0
# This is the persistent datastore for shards. It is important for the health
# of the ripple network that rippled operators shard as much as practical.
# NuDB requires SSD storage. Helpful information can be found here
# https://ripple.com/build/history-sharding
#[shard_db]
#path=/data01/rippled/db/shards/nudb
#max_size_gb=500
[database_path]
/data01/rippled/db
# This needs to be an absolute directory reference, not a relative one.
# Modify this value as required.
[debug_logfile]
/var/log/rippled/debug.log
[sntp_servers]
time.windows.com
time.apple.com
time.nist.gov
pool.ntp.org
# To use the XRP test network (see https://ripple.com/build/xrp-test-net/),
# use the following [ips] section:
# [ips]
# r.altnet.rippletest.net 51235
# File containing trusted validator keys or validator list publishers.
# Unless an absolute path is specified, it will be considered relative to the
# folder in which the rippled.cfg file is located.
[validators_file]
validators.txt
# Turn down default logging to save disk space in the long run.
# Valid values here are trace, debug, info, warning, error, and fatal
[rpc_startup]
{ "command": "log_level", "severity": "warning" }
# If ssl_verify is 1, certificates will be validated.
# To allow the use of self-signed certificates for development or internal use,
# set to ssl_verify to 0.
[ssl_verify]
1
/etc/init.d/rippled
#
# rippled -- startup script for rippled
#
# chkconfig: - 85 15
# processname: rippled
#
### BEGIN INIT INFO
# Provides: rippled
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop rippled
### END INIT INFO
#
#
#PIDFILE="/data01/bitcoin/bitcoind.pid"
start() {
echo -n "Starting rippled: "
exec /opt/ripple/bin/rippled --net --conf /etc/opt/ripple/rippled.cfg "$#"
}
stop() {
echo "shutting down rippled"
exec /opt/ripple/bin/rippled stop"
RETVAL=$?
rm $PIDFILE
[ $RETVAL -eq 0 ] && rm -f $PIDFILE
return $RETVAL
}
force_start() {
echo -n "Force starting Bitcoind: "
echo -n "Starting rippled: "
exec /opt/ripple/bin/rippled --net --conf /etc/opt/ripple/rippled.cfg "$#"
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 30
start
;;
force-start)
force_start
;;
*)
echo "Usage: {start|stop|restart|force-start}"
exit 1
;;
esac
exit $?```
I am trying to install net-snmp from scratch to make snmpv3 to work on my computer.
I did install net-snmp and create the user, but when I want to make snmpget it reject me with snmpget: Unknown user name
To install net-snmp I followed the official guide
I did install the packages libperl-dev, snmp-mibs-downloader and snmp too using sudo apt-get install
Here is my /usr/local/share/snmp configuration where you can find the particular line rouser neutg
###############################################################################
#
# EXAMPLE.conf:
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
# See the 'snmpd.conf(5)' man page for details
#
# Some entries are deliberately commented out, and will need to be explicitly activated
#
###############################################################################
#
# AGENT BEHAVIOUR
#
# Listen for connections from the local system only
# agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161
###############################################################################
#
# SNMPv3 AUTHENTICATION
#
# Note that these particular settings don't actually belong here.
# They should be copied to the file /var/lib/snmp/snmpd.conf
# and the passwords changed, before being uncommented in that file *only*.
# Then restart the agent
# createUser authOnlyUser MD5 "remember to change this password"
# createUser authPrivUser SHA "remember to change this one too" DES
# createUser internalUser MD5 "this is only ever used internally, but still change the password"
# If you also change the usernames (which might be sensible),
# then remember to update the other occurances in this example config file to match.
###############################################################################
#
# ACCESS CONTROL
#
# system + hrSystem groups only
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
# Full access from the local host
#rocommunity public localhost
# Default access to basic system info
rocommunity public default -V systemonly
# rocommunity6 is for IPv6
rocommunity6 public default -V systemonly
# Full access from an example network
# Adjust this network address to match your local
# settings, change the community string,
# and check the 'agentAddress' setting above
#rocommunity secret 10.0.0.0/16
# Full read-only access for SNMPv3
rouser authOnlyUser
# Full write access for encrypted requests
# Remember to activate the 'createUser' lines above
#rwuser authPrivUser priv
# It's no longer typically necessary to use the full 'com2sec/group/access' configuration
# r[ow]user and r[ow]community, together with suitable views, should cover most requirements
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
# See snmpd.conf(5) for more details
sysLocation Sitting on the Dock of the Bay
sysContact Me <me#example.org>
# Application + End-to-End layers
sysServices 72
#
# Process Monitoring
#
# At least one 'mountd' process
proc mountd
# No more than 4 'ntalkd' processes - 0 is OK
proc ntalkd 4
# At least one 'sendmail' process, but no more than 10
proc sendmail 10 1
# Walk the UCD-SNMP-MIB::prTable to see the resulting output
# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
#
# Disk Monitoring
#
# 10MBs required on root disk, 5% free on /var, 10% free on all other disks
disk / 10000
disk /var 5%
includeAllDisks 10%
# Walk the UCD-SNMP-MIB::dskTable to see the resulting output
# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
#
# System Load
#
# Unacceptable 1-, 5-, and 15-minute load averages
load 12 10 5
# Walk the UCD-SNMP-MIB::laTable to see the resulting output
# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
###############################################################################
#
# ACTIVE MONITORING
#
# send SNMPv1 traps
trapsink localhost public
# send SNMPv2c traps
#trap2sink localhost public
# send SNMPv2c INFORMs
#informsink localhost public
# Note that you typically only want *one* of these three lines
# Uncommenting two (or all three) will result in multiple copies of each notification.
#
# Event MIB - automatically generate alerts
#
# Remember to activate the 'createUser' lines above
iquerySecName internalUser
rouser internalUser
# generate traps on UCD error conditions
defaultMonitors yes
# generate traps on linkUp/Down
linkUpDownNotifications yes
###############################################################################
#
# EXTENDING THE AGENT
#
#
# Arbitrary extension commands
#
extend test1 /bin/echo Hello, world!
extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35
#extend-sh test3 /bin/sh /tmp/shtest
# Note that this last entry requires the script '/tmp/shtest' to be created first,
# containing the same three shell commands, before the line is uncommented
# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
# and nsExtendOutput2Table) to see the resulting output
# Note that the "extend" directive supercedes the previous "exec" and "sh" directives
# However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
# as well as the fuller results in the above tables.
#
# "Pass-through" MIB extension command
#
#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest
#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl
# Note that this requires one of the two 'passtest' scripts to be installed first,
# before the appropriate line is uncommented.
# These scripts can be found in the 'local' directory of the source distribution,
# and are not installed automatically.
# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
#
# AgentX Sub-agents
#
# Run as an AgentX master agent
master agentx
# Listen for network connections (from localhost)
# rather than the default named socket /var/agentx/master
#agentXSocket tcp:localhost:705
rouser neutg
Here is my persistant configuration file /var/net-snmp/snmpd.conf
createUser neutg SHA "password" AES passphrase
The command I run is :
snmpget -u neutg -A password -a SHA -X 'passphrase'
-x AES -l authPriv localhost -v 3 1.3.6.1.2.1.1
I don't understand why it do not take in count my user. (I did restart the snmpd after entering the user - multiple times!)
The version of net-snmp I use :
Thanks in advance :)
After many research I've found what the problem is.
snmpd was not taking in count my configuration files. I saw it using the command :
snmpd -Dread_config -H 2>&1 | grep "Reading" | sort -u
Which tells you which configurations files are loaded by snmpd.
You can see it as well looking at the configuration file /var/lib/snmp/snmpd.conf. When snmpd handle your users it creates special lines in the file. It looks like :
usmUser 1 3 0x80001f888074336938f74f7c5a00000000 "neutg" "neutg" NULL .1.3.6.1.6.3.10.1.1.3 0xf965e4ab0f35eebb3f0e3b30\
6bc0797c025821c5 .1.3.6.1.6.3.10.1.2.4 0xe277044beccd9991d70144c4c8f4b672 0x
usmUser 1 3 0x80001f888074336938f74f7c5a00000000 "myuser" "myuser" NULL .1.3.6.1.6.3.10.1.1.2 0x2223c2d00758353b7c3076\
236be02152 .1.3.6.1.6.3.10.1.2.2 0x2223c2d00758353b7c3076236be02152 0x
setserialno 1424757026
So if you do not see any usmUser it's probably that your badly added your users.
The soluce
sudo /usr/local/sbin/snmpd -c /var/net-snmp/snmpd.conf -c /usr/local/share/snmp/snmpd.conf
I'm running an application which builds and sends ICMP ECHO requests to a few different ip addresses. The application is written in Crystal. When attempting to open a socket from within the crystal docker container, Crystal raises an exception: Permission Denied.
From within the container, I have no problem running ping 8.8.8.8.
Running the application on macos, I have no problem.
Reading the https://docs.docker.com/engine/security/apparmor/ and https://docs.docker.com/engine/security/seccomp/ pages on apparmor and seccomp I was sure I'd found the solution, but the problem remains unresolved, even when running as docker run --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined socket_permission
update/edit: After digging into capabilities(7), I added the following line to my dockerfile: RUN setcap cap_net_raw+ep bin/ping trying to let the socket get opened but without change.
Thanks!
Relevant crystal socket code, full working code sample below:
# send request
address = Socket::IPAddress.new host, 0
socket = IPSocket.new Socket::Family::INET, Socket::Type::DGRAM, Socket::Protocol::ICMP
socket.send slice, to: address
Dockerfile:
FROM crystallang/crystal:0.23.1
WORKDIR /opt
COPY src/ping.cr src/
RUN mkdir bin
RUN crystal -v
RUN crystal build -o bin/ping src/ping.cr
ENTRYPOINT ["/bin/sh","-c"]
CMD ["/opt/bin/ping"]
Running the code, first native, then via docker:
#!/bin/bash
crystal run src/ping.cr
docker build -t socket_permission .
docker run --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined socket_permission
And finally, a 50 line crystal script which fails to open a socket in docker:
require "socket"
TYPE = 8_u16
IP_HEADER_SIZE_8 = 20
PACKET_LENGTH_8 = 16
PACKET_LENGTH_16 = 8
MESSAGE = " ICMP"
def ping
sequence = 0_u16
sender_id = 0_u16
host = "8.8.8.8"
# initialize packet with MESSAGE
packet = Array(UInt16).new PACKET_LENGTH_16 do |i|
MESSAGE[ i % MESSAGE.size ].ord.to_u16
end
# build out ICMP header
packet[0] = (TYPE.to_u16 << 8)
packet[1] = 0_u16
packet[2] = sender_id
packet[3] = sequence
# calculate checksum
checksum = 0_u32
packet.each do |byte|
checksum += byte
end
checksum += checksum >> 16
checksum = checksum ^ 0xffff_ffff_u32
packet[1] = checksum.to_u16
# convert packet to 8 bit words
slice = Bytes.new(PACKET_LENGTH_8)
eight_bit_packet = packet.map do |word|
[(word >> 8), (word & 0xff)]
end.flatten.map(&.to_u8)
eight_bit_packet.each_with_index do |chr, i|
slice[i] = chr
end
# send request
address = Socket::IPAddress.new host, 0
socket = IPSocket.new Socket::Family::INET, Socket::Type::DGRAM, Socket::Protocol::ICMP
socket.send slice, to: address
# receive response
buffer = Bytes.new(PACKET_LENGTH_8 + IP_HEADER_SIZE_8)
count, address = socket.receive buffer
length = buffer.size
icmp_data = buffer[IP_HEADER_SIZE_8, length-IP_HEADER_SIZE_8]
end
ping
It turns out the answer is that Linux (and by extension docker) does not give the same permissions that macOS does for DGRAM sockets. Changing the socket declaration to socket = IPSocket.new Socket::Family::INET, Socket::Type::RAW, Socket::Protocol::ICMP allows the socket to connect under docker.
A little more still is required to run the program in a non-root context. Because raw sockets are restricted to root, the binary must also be issued the correct capability for access to a raw socket, CAP_NET_RAW. However, in docker, this isn't necessary. I was able to get the program to run outside of super-user context by running sudo setcap cap_net_raw+ep bin/ping. This is a decent primer on capabilities and the setpcap command
MacOS doesn't use the same system of permissions, so setcap is just an unrecognized command. As a result, to get the above code to compile and run successfully on macOS without super-user context, I changed the socket creation code to:
socket_type = Socket::Type::RAW
{% if flag?(:darwin) %}
socket_type = Socket::Type::DGRAM
{% end %}
socket = IPSocket.new Socket::Family::INET, socket_type, Socket::Protocol::ICMP
Applying the CAP_NET_RAW capability for use in linux happens elsewhere in the build process if needed.
With those changes, I'm not seeing any requirement for changes to seccomp or apparmor from the default shipped with Docker in order to run the program.
I have a postfix mail server which sends email from both virtual addresses and from local Unix accounts, through a PHP script using mail().
I've installed Amavis and have successfully configured filtering and and the addition of mail signatures for the virtual addresses, but the signatures are not added for any mail sent by the local accounts (e.g. through a script or the mail command)
I've tried a heap of config and routing changes but no luck- does anyone please know how to filter such local outgoing mail?
Thanks!
For future reference, the answer was a postfix configuration setting:
non_smtpd_milters =
The postfix content filtering setting (content_filter) does not seem to apply to non-smtpd traffic, such as that sent by Unix accounts or PHP mail() script.
Actually this is wrong. From Stef on the mailing list changing the message body is not implemented via milter interface:
Have a look at the following documentation:
- http://www.amavis.org/README.postfix.html
- http://www.postfix.org/FILTER_README.html [Advanced content filter example]
A quick run through the config files [this is a quick cut-and-paste from my config files; beware that the port numbers might not match the above documents]:
/etc/amavisd.conf
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';
$inet_socket_port = [10024, 10026];
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
}
/etc/postfix/master.cf
smtp inet n - n - - smtpd
-o content_filter = smtp-amavis:[127.0.0.1]:10024
[ you can also have the above config_filter configuration in /etc/postfix/main.cf as a default setting.
The options below override the defaults in main.cf ]
smtp-amavis unix - - n - 4 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
-o smtp_generic_maps=
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_delay_reject=no
-o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
-o smtpd_authorized_xclient_hosts=127.0.0.0/8,[::1]/128
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8,[::1]/128
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o local_header_rewrite_clients=
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
pickup unix n - n 60 1 pickup
-o content_filter=smtp-amavis:[127.0.0.1]:10026
Quick comments:
- incoming e-mail enters on port 25; with the “content-filter” option, it is sent to a mavis on port 10024
- amavis scans, tags, quarantines, … — if mail goes through, it goes to (postfix) port 10025 (this is done with the “$forward_method” in amavisd.conf)
- postfix (listening on port 10025) delivers the e-mail
outgoing e-mail should enter on the submission port [587] or delivered with the pickup service (“local e-mail”).
postfix forwards this e-mail to amavis on port 10026 (!)
the configuration of amavis is changed because of a “policy bank”
again, amavis forwards e-mail to postfix on port 10025
postfix (listening on port 10025) delivers e-mail
Kind regards,
Stef
I had a similar problem (in my case I use amavis to add the dkim signature) and it turns out that the problem was that, in master.cf, the pickup service was defined with "-o content_filter=", that's why content_filter wasn't working for locally generated emails, i.e.
pickup fifo n - n 60 1 pickup
-o content_filter=
-o receive_override_options=
Once I commented out the "-o content_filter=" amavis started filtering even the locally generated messages.
I'm adding a solution since I cannot add a comment and this is the first result when I searched for "postfix content_filter doesn't work for locally generated mail".
I have some Vxworks embedded os and I want to check the netstat.
This is what I tried:
-> inetstatShow
And the output is:
C interp: unknown symbol name 'inetstatShow'.
How can I have netstat command in this?
inetstatShow is provided by netShow library - you need to be sure that your OS configuration includes netShow, or you can dynamically load it using ld.
The lkup function can be used to list symbols that are available to the shell. Try lkup "Show" to list all symbols that include the sub-string "Show" for example.
VxWorks supports netstat command.
-> netstat "-n -a" /* state of sockets */
-> netstat "-n -r" /* routing table */