netstat(1)
NAME
netstat - show network status
DESCRIPTION
- The netstat command symbolically displays the contents of
- various network-related data structures. There are a number of output
- formats,
depending on the options for the information presented. - netstat [-AaLnSW] [-f protocol_family | -p protocol] [-M
- core]
- [-N system]
Display a list of active sockets (protocol control - blocks) for
each network protocol, for a particular - protocol_family, or for a
single protocol. If -A is also present, show the - address of a
protocol control block (PCB) associated with a sock - et; used for
debugging. If -a is also present, show the state of - all sockets;
normally sockets used by server processes are not - shown. If -L
is also present, show the size of the various listen - queues. The
first count shows the number of unaccepted connec - tions, the second count shows the amount of unaccepted incomplete
- connections,
and the third count is the maximum number of queued - connections.
If -S is also present, show network addresses as - numbers (as with
-n) but show ports symbolically. - netstat -i | -I interface [-abdhntW] [-f address_family] [-M
- core]
- [-N system]
Show the state of all network interfaces or a single - interface
which have been auto-configured (interfaces stati - cally configured
into a system, but not located at boot time are not - shown). An
asterisk (``*'') after an interface name indicates - that the
interface is ``down''. If -a is also present, mul - ticast
addresses currently in use are shown for each Ether - net interface
and for each IP interface address. Multicast ad - dresses are shown
on separate lines following the interface address - with which they
are associated. If -b is also present, show the - number of bytes
in and out. If -d is also present, show the number - of dropped
packets. If -h is also present, print all counters - in human
readable form. If -t is also present, show the con - tents of
watchdog timers. If -W is also present, print in - terface names
using a wider field size. - netstat -w wait [-I interface] [-d] [-M core] [-N system]
- At intervals of wait seconds, display the informa
- tion regarding
packet traffic on all configured network interfaces - or a single
interface. If -d is also present, show the number - of dropped
packets. - netstat -s [-s] [-z] [-f protocol_family | -p protocol] [-M
- core]
- [-N system]
Display system-wide statistics for each network pro - tocol, for a
particular protocol_family, or for a single - protocol. If -s is
repeated, counters with a value of zero are sup - pressed. If -z is
also present, reset statistic counters after dis - playing them.
- netstat -i | -I interface -s [-f protocol_family | -p
- protocol] [-M core]
- [-N system]
Display per-interface statistics for each network - protocol, for a
particular protocol_family, or for a single - protocol.
- netstat -m [-M core] [-N system]
- Show statistics recorded by the memory management
- routines
(mbuf(9)). The network manages a private pool of - memory buffers.
- netstat -r [-AanW] [-f address_family] [-M core] [-N system]
- Display the contents of all routing tables, or a
- routing table
for a particular address_family. If -A is also pre - sent, show the
contents of the internal Patricia tree structures; - used for
debugging. If -a is also present, show protocol - cloned routes
(routes generated by an RTF_PRCLONING parent route); - normally
these routes are not shown. When -W is also pre - sent, show the
path MTU for each route, and print interface names - with a wider
field size. - netstat -rs [-s] [-M core] [-N system]
- Display routing statistics. If -s is repeated,
- counters with a
value of zero are suppressed. - netstat -g [-W] [-f address_family] [-M core] [-N system]
- Show information related to multicast (group ad
- dress) routing.
By default, show the IP Multicast virtual-interface - and routing
tables, and multicast group memberships. - netstat -gs [-s] [-f address_family] [-M core] [-N system]
- Show multicast routing statistics. If -s is repeat
- ed, counters
with a value of zero are suppressed. - Some options have the general meaning:
- -f address_family, -p protocol
- Limit display to those records of the specified
- address_family or a
single protocol. The following address families and - protocols are
recognized: - Family Protocols inet (AF_INET) bdg, divert,
- icmp, igmp, ip,
ipsec, pim, tcp,udp
- inet6 (AF_INET6) bdg, icmp6, ip6,
- ipsec6, rip6,
tcp, udp
- pfkey (PF_KEY) pfkey
atalk (AF_APPLETALK) ddp
netgraph, ng (AF_NETGRAPH) ctrl, data ipx (AF_IPX) ipx, spx
unix (AF_UNIX)
link (AF_LINK) - The program will complain if protocol is unknown or if
- there is no
statistics routine for it. - -M Extract values associated with the name list from the
- specified
- core instead of the default /dev/kmem.
- -N Extract the name list from the specified system in
- stead of the
- default, which is the kernel image the system has
- booted from.
- -n Show network addresses and ports as numbers. Normally
- netstat
- attempts to resolve addresses and ports, and display
- them symbolically.
- -W In certain displays, avoid truncating addresses even
- if this causes
- some fields to overflow.
- The default display, for active sockets, shows the local and
- remote
addresses, send and receive queue sizes (in bytes), proto - col, and the
internal state of the protocol. Address formats are of the - form
``host.port'' or ``network.port'' if a socket's address - specifies a network but no specific host address. When known, the host and
- network
addresses are displayed symbolically according to the - databases hosts(5)
and networks(5), respectively. If a symbolic name for an - address is
unknown, or if the -n option is specified, the address is - printed numerically, according to the address family. For more informa
- tion regarding
the Internet IPv4 ``dot format'', refer to inet(3). Unspec - ified, or
``wildcard'', addresses and ports appear as ``*''. - The interface display provides a table of cumulative statis
- tics regarding
packets transferred, errors, and collisions. The network - addresses of
the interface and the maximum transmission unit (``mtu'') - are also displayed.
- The routing table display indicates the available routes and
- their status. Each route consists of a destination host or network,
- and a gateway
to use in forwarding packets. The flags field shows a col - lection of
information about the route stored as binary choices. The - individual
flags are discussed in more detail in the route(8) and - route(4) manual
pages. The mapping between letters and flags is: - 1 RTF_PROTO1 Protocol specific routing flag
- #1
2 RTF_PROTO2 Protocol specific routing flag - #2
3 RTF_PROTO3 Protocol specific routing flag - #3
B RTF_BLACKHOLE Just discard pkts (during up - dates)
b RTF_BROADCAST The route represents a broad - cast address
C RTF_CLONING Generate new routes on use
c RTF_PRCLONING Protocol-specified generate - new routes on
- use
- D RTF_DYNAMIC Created dynamically (by redi
- rect)
G RTF_GATEWAY Destination requires forward - ing by
- intermediary
- H RTF_HOST Host entry (net otherwise)
L RTF_LLINFO Valid protocol to link address - translation
M RTF_MODIFIED Modified dynamically (by redi - rect)
R RTF_REJECT Host or net unreachable
S RTF_STATIC Manually added
U RTF_UP Route usable
W RTF_WASCLONED Route was generated as a re - sult of cloning
X RTF_XRESOLVE External daemon translates - proto to link
- address
- Direct routes are created for each interface attached to the
- local host;
the gateway field for such entries shows the address of the - outgoing
interface. The refcnt field gives the current number of ac - tive uses of
the route. Connection oriented protocols normally hold on - to a single
route for the duration of a connection while connectionless - protocols
obtain a route while sending to the same destination. The - use field provides a count of the number of packets sent using that
- route. The interface entry indicates the network interface utilized for the
- route.
- When netstat is invoked with the -w option and a wait inter
- val argument,
it displays a running count of statistics related to network - interfaces.
An obsolescent version of this option used a numeric parame - ter with no
option, and is currently supported for backward compatibili - ty. By
default, this display summarizes information for all inter - faces. Information for a specific interface may be displayed with the -I
- option.
- The bpf(4) flags displayed when netstat is invoked with the
- -B option
represents the underlying parameters of the bpf peer. Each - flag is represented as a single lower case letter. The mapping between
- the letters
and flags in order of appearance are: - p Set if listening promiscuously
i BIOCIMMEDIATE has been set on the device
f BIOCGHDRCMPLT status: source link addresses are be - ing filled
- automatically
- s BIOCGSEESENT status: see packets originating local
- ly and
- remotely on the interface.
- a Packet reception generates a signal
l BIOCLOCK status: descriptor has been locked - For more information about these flags, please refer to
- bpf(4).
SEE ALSO
- fstat(1), nfsstat(1), ps(1), sockstat(1), bpf(4), inet(4),
- route(4),
unix(4), hosts(5), networks(5), protocols(5), services(5), - iostat(8),
route(8), trpt(8), vmstat(8), mbuf(9)
HISTORY
The netstat command appeared in 4.2BSD.
IPv6 support was added by WIDE/KAME project.
BUGS
- The notion of errors is ill-defined.
- BSD August 19, 2005