NAME¶
netstat —
show network status
DESCRIPTION¶
The
netstat command symbolically displays the contents of
various network-related data structures. There are a number of output formats,
depending on the options for the information presented.
- netstat
[-AaLnSTWx]
[-f protocol_family | -p protocol]
[-M core]
[-N system]
- Display a list of active sockets (protocol control blocks)
for each network protocol, for a particular
protocol_family, or for a single
protocol. If -A is also present,
show the address of a protocol control block (PCB) associated with a
socket; used for debugging. If -a is also present, show
the state of all sockets; normally sockets used by server processes are
not shown. If -L is also present, show the size of the
various listen queues. The first count shows the number of unaccepted
connections, the second count shows the amount of unaccepted incomplete
connections, and the third count is the maximum number of queued
connections. If -S is also present, show network
addresses as numbers (as with -n) but show ports
symbolically. If -x is present, display socket buffer
and tcp timer statistics for each internet socket. When
-T is present, display information from the TCP control
block, including retransmits, out-of-order packets received, and
zero-sized windows advertised.
- netstat
-i
| -I interface
[-abdhnW]
[-f address_family]
[-M core]
[-N system]
- Show the state of all network interfaces or a single
interface which have been auto-configured
(interfaces statically configured into a system, but not located at boot
time are not shown). An asterisk (“
*
”)
after an interface name indicates that the interface is
“down”. If -a is also present, multicast
addresses currently in use are shown for each Ethernet interface and for
each IP interface address. Multicast addresses are shown on separate lines
following the interface address with which they are associated. If
-b is also present, show the number of bytes in and out.
If -d is also present, show the number of dropped
packets. If -h is also present, print all counters in
human readable form. If -W is also present, print
interface names using a wider field size.
- netstat
-w wait
[-I interface]
[-d]
[-M core]
[-N system]
[-q howmany]
- At intervals of wait seconds, display
the information regarding packet traffic on all configured network
interfaces or a single interface. If
-q is also present, exit after
howmany outputs. If -d is also
present, show the number of dropped packets.
- netstat
-s [-s]
[-z]
[-f protocol_family | -p protocol]
[-M core]
[-N system]
- Display system-wide statistics for each network protocol,
for a particular protocol_family, or for a single
protocol. If -s is repeated,
counters with a value of zero are suppressed. If -z is
also present, reset statistic counters after displaying them.
- netstat
-i
| -I interface -s
[-f protocol_family | -p protocol]
[-M core]
[-N system]
- Display per-interface statistics for each network protocol,
for a particular protocol_family, or for a single
protocol.
- netstat
-m
[-M core]
[-N system]
- Show statistics recorded by the memory management routines
(mbuf(9)). The network manages a private pool of memory
buffers.
- netstat
-B [-z]
[-I interface]
- Show statistics about bpf(4) peers. This
includes information like how many packets have been matched, dropped and
received by the bpf device, also information about current buffer sizes
and device states.
- netstat
-r [-AanW]
[-f address_family]
[-M core]
[-N system]
- Display the contents of all routing tables, or a routing
table for a particular address_family. If
-A is also present, show the contents of the internal
Patricia tree structures; used for debugging. If -a is
also present, show protocol-cloned routes (routes generated by an
RTF_PRCLONING
parent route); normally these routes
are not shown. When -W is also present, show the path
MTU for each route, and print interface names with a wider field
size.
- netstat
-rs [-s]
[-M core]
[-N system]
- Display routing statistics. If -s is
repeated, counters with a value of zero are suppressed.
- netstat
-g [-W]
[-f address_family]
[-M core]
[-N system]
- Display the contents of the multicast virtual interface
tables, and multicast forwarding caches. Entries in these tables will
appear only when the kernel is actively forwarding multicast sessions.
This option is applicable only to the inet and
inet6 address families.
- netstat
-gs [-s]
[-f address_family]
[-M core]
[-N system]
- Show multicast routing statistics. If -s
is repeated, counters with a value of zero are suppressed.
- netstat
-Q
- Show netisr(9) statistics.
Some options have the general meaning:
- -f
address_family, -p
protocol
- Limit display to those records of the specified
address_family or a single
protocol. The following address families and
protocols are recognized:
- Family
- Protocols
- inet
(
AF_INET
)
- divert, icmp,
igmp, ip, ipsec,
pim, sctp, tcp,
udp
- inet6
(
AF_INET6
)
- icmp6, ip6,
ipsec6, rip6,
tcp, udp
- pfkey
(
PF_KEY
)
- pfkey
- atalk
(
AF_APPLETALK
)
- ddp
- netgraph,
ng (
AF_NETGRAPH
)
- ctrl, data
- ipx
(
AF_IPX
)
- ipx, spx
- unix
(
AF_UNIX
)
-
- link
(
AF_LINK
)
-
The program will complain if protocol is unknown or if
there is no statistics routine for it.
- -M
- Extract values associated with the name list from the
specified core instead of the default /dev/kmem.
- -N
- Extract the name list from the specified system instead of
the default, which is the kernel image the system has booted from.
- -n
- Show network addresses and ports as numbers. Normally
netstat attempts to resolve addresses and ports, and
display them symbolically.
- -W
- In certain displays, avoid truncating addresses even if
this causes some fields to overflow.
The default display, for active sockets, shows the local and remote addresses,
send and receive queue sizes (in bytes), protocol, and the internal state of
the protocol. Address formats are of the form “host.port” or
“network.port” if a socket's address specifies a network but no
specific host address. When known, the host and network addresses are
displayed symbolically according to the databases
hosts(5)
and
networks(5), respectively. If a symbolic name for an
address is unknown, or if the
-n option is specified, the
address is printed numerically, according to the address family. For more
information regarding the Internet IPv4 “dot format”, refer to
inet(3). Unspecified, or “wildcard”, addresses
and ports appear as “
*
”.
The interface display provides a table of cumulative statistics regarding
packets transferred, errors, and collisions. The network addresses of the
interface and the maximum transmission unit (“mtu”) are also
displayed.
The routing table display indicates the available routes and their status. Each
route consists of a destination host or network, and a gateway to use in
forwarding packets. The flags field shows a collection of information about
the route stored as binary choices. The individual flags are discussed in more
detail in the
route(8) and
route(4) manual
pages. The mapping between letters and flags is:
1 |
RTF_PROTO1 |
Protocol specific routing flag #1 |
2 |
RTF_PROTO2 |
Protocol specific routing flag #2 |
3 |
RTF_PROTO3 |
Protocol specific routing flag #3 |
B |
RTF_BLACKHOLE |
Just discard pkts (during updates) |
b |
RTF_BROADCAST |
The route represents a broadcast address |
C |
RTF_CLONING |
Generate new routes on use |
c |
RTF_PRCLONING |
Protocol-specified generate new routes on use |
D |
RTF_DYNAMIC |
Created dynamically (by redirect) |
G |
RTF_GATEWAY |
Destination requires forwarding by intermediary |
H |
RTF_HOST |
Host entry (net otherwise) |
L |
RTF_LLINFO |
Valid protocol to link address translation |
M |
RTF_MODIFIED |
Modified dynamically (by redirect) |
R |
RTF_REJECT |
Host or net unreachable |
S |
RTF_STATIC |
Manually added |
U |
RTF_UP |
Route usable |
W |
RTF_WASCLONED |
Route was generated as a result of cloning |
X |
RTF_XRESOLVE |
External daemon translates proto to link address |
Direct routes are created for each interface attached to the local host; the
gateway field for such entries shows the address of the outgoing interface.
The refcnt field gives the current number of active uses of the route.
Connection oriented protocols normally hold on to a single route for the
duration of a connection while connectionless protocols obtain a route while
sending to the same destination. The use field provides a count of the number
of packets sent using that route. The interface entry indicates the network
interface utilized for the route.
When
netstat is invoked with the
-w option
and a
wait interval argument, it displays a running
count of statistics related to network interfaces. An obsolescent version of
this option used a numeric parameter with no option, and is currently
supported for backward compatibility. By default, this display summarizes
information for all interfaces. Information for a specific interface may be
displayed with the
-I option.
The
bpf(4) flags displayed when
netstat is
invoked with the
-B option represent the underlying
parameters of the bpf peer. Each flag is represented as a single lower case
letter. The mapping between the letters and flags in order of appearance are:
p |
Set if listening promiscuously |
i |
BIOCIMMEDIATE
has been set on the device |
f |
BIOCGHDRCMPLT
status: source link addresses are being filled
automatically |
s |
BIOCGSEESENT
status: see packets originating locally and
remotely on the interface. |
a |
Packet reception generates a signal |
l |
BIOCLOCK
status: descriptor has been locked |
For more information about these flags, please refer to
bpf(4).
The
-x flag causes
netstat to output all the
information recorded about data stored in the socket buffers. The fields are:
R-MBUF |
Number of mbufs in the receive queue. |
S-MBUF |
Number of mbufs in the send queue. |
R-CLUS |
Number of clusters, of any type, in the receive
queue. |
S-CLUS |
Number of clusters, of any type, in the send
queue. |
R-HIWA |
Receive buffer high water mark, in bytes. |
S-HIWA |
Send buffer high water mark, in bytes. |
R-LOWA |
Receive buffer low water mark, in bytes. |
S-LOWA |
Send buffer low water mark, in bytes. |
R-BCNT |
Receive buffer byte count. |
S-BCNT |
Send buffer byte count. |
R-BMAX |
Maximum bytes that can be used in the receive
buffer. |
S-BMAX |
Maximum bytes that can be used in the send
buffer. |
SEE ALSO¶
fstat(1),
nfsstat(1),
procstat(1),
ps(1),
sockstat(1),
bpf(4),
inet(4),
route(4),
unix(4),
hosts(5),
networks(5),
protocols(5),
services(5),
iostat(8),
route(8),
trpt(8),
vmstat(8),
mbuf(9)
HISTORY¶
The
netstat command appeared in
4.2BSD.
IPv6 support was added by WIDE/KAME project.
BUGS¶
The notion of errors is ill-defined.