[Previous] [Contents] [Index] [Next]

netstat

Show network status

Syntax:

Display a list of active sockets for each protocol:

netstat [-Aan] [-f address_family]

Display the contents of one of the other network data structures:

netstat [-dgiLmnrsv] [-f address_family]

Continuously display (as per the wait interval) the information regarding packet traffic on the configured network interfaces:

netstat [-dn] [-I interface] [-w wait]

Display statistics about the named protocol:

netstat [-p protocol]

Display statistics about the named protocol located at the virtual address:

netstat [-p protocol] -P pcbaddr

Display per-interface statistics for the specified protocol:

netstat [-p protocol] [-i] [-I interface]

Display per-interface statistics for the specified address family:

netstat [-s] [-f address_family] [-i] [-I interface]

Options:

-A
Show the addresses of any protocol control blocks associated with sockets.
-a
Show the state of all sockets. Without -a, sockets used by server processes aren't shown.
-d
Show the number of dropped packets.
-f address_family
Limit the statistics or address control block reports to those of the specified address family.
Address family: address_family value:
AF_INET inet
AF_INET6 inet6
AF_LOCAL local or unix
AF_ARP arp
-g
Show information related to multicast (group address) routing. By default, show the IP Multicast virtual-interface and routing tables. If -s is also specified, show the multicast routing statistics.
-I [interface]
If used with -w, show information about the specifed interface only. See "Specifying an interface" for more information.

If used with -f address_family and -s, or with -p protocol, show per-interface statistics on the interface for address_family or protocol, respectively.

-i
Show the state of interfaces that have been auto-configured. Interfaces statically configured into a system but not located at boot time aren't shown.

If you also specify -a, show multicast addresses currently in use for each Ethernet interface and for each IP interface address. Multicast addresses are shown on separate lines following the interface address with which they're associated.

If used with -f address_family and -s, or with -p protocol, show per-interface statistics on the interface for address_family or protocol, respectively.

-L
Don't show link-level routes (e.g., IPv4 ARP or IPv6 neighbour cache).
-m
Show statistics recorded by the memory-management routines (the network manages a private pool of memory buffers).
-n
Show network addresses as numbers (normally netstat interprets addresses and attempts to display them symbolically).
-P pcbaddr
Dump the contents of the protocol control block (PCB) located at kernel virtual address pcbaddr. This address may be obtained using -A. The default protocol is TCP, but may be overridden with -p.
-p protocol
Show statistics about protocol, which is either a well-known name for a protocol or an alias for it. Some protocol names and aliases are listed in the file /etc/protocols. A null response typically means that there are no interesting numbers to report. The utility complains if protocol is unknown or if there's no statistics routine for it.
-r
Show the routing tables. If -s is also specified, show the routing statistics instead.
-s
Show per-protocol statistics. If this option is repeated, counters with a value of zero are suppressed.
-v
Show extra (verbose) detail for the routing tables (-r), or avoid truncating long addresses.
-w wait
Specify the time interval for displaying network interface statistics.

Description:

The netstat utility displays the contents of various network-related data structures.

Default display

The default display for active sockets shows the local and remote addresses, the send and receive queue sizes (in bytes), the protocol, and the internal state of the protocol. If a socket's address specifies a network but no specific host address, address formats are of the form host.port or network.port

When known, the host and network addresses are displayed symbolically according to the databases /etc/hosts and /etc/networks, respectively. If a symbolic name for an address is unknown, or if -n is specified, the address is printed numerically, according to the address family. For more information regarding the Internet "dot format," see the inet_*() functions. Unspecified or wildcard addresses and ports appear as *.

Interface display

The interface display (-i or -w) provides a table of cumulative statistics regarding errors, collisions, and packets transferred. The network addresses of the interface and the maximum transmission unit (MTU) are also displayed.

Routing table display

The routing table display (-r) indicates the available routes and the status of each. Each route consists of a destination host or network and a gateway to use in forwarding packets. The display includes several fields:

flags
Shows the state of the route.
Valid flags: Constant: Description;
1 RTF_PROTO2 Protocol specific routing flag #1
2 RTF_PROTO1 Protocol specific routing flag #2
B RTF_BLACKHOLE Discard packets during updates
C RTF_CLONING Generate new routes on use This is used by ARP to create the host-specific routes of the hosts on the Ethernet. See option L.
D RTF_DYNAMIC The route was created dynamically by a redirect
G RTF_GATEWAY The route uses a gateway
H RTF_HOST The destination is a host (otherwise, it's a net)
L RTF_LLINFO The route contains a link-layer address. The host routes that ARP clones from the Ethernet network routes all have the link flag set.
M RTF_MODIFIED The route has been modified by a redirect
R RTF_REJECT Host or net unreachable
S RTF_STATIC The route has been added manually
U RTF_UP The route is up
X RTF_XRESOLVE External daemon translates the protocol to a link address
gateway
Direct routes are created for each interface attached to the local host. For such entries, this field shows the address of the outgoing interface.
interface
Indicates the network interface used for the route.
mtu
Shows the maximum transmission unit (MTU) associated with that route. This value is used as the basis for the TCP maximum segment size. The L flag appended to the MTU value indicates that the value is locked, and that path MTU discovery is turned off for that route. A - indicates that the MTU for this route hasn't been set, and a default TCP maximum segment size will be used.
refcnt
Gives the current number of active uses of the route. Connection-oriented protocols normally hold on to a single route for the duration of a connection; connectionless protocols obtain a route while sending to the same destination.
use
Provides a count of the number of packets sent using the route.

Specifying an interface

When -w is specified, netstat displays a running count of statistics related to network interfaces. This display consists of a column for the primary interface (the first interface found during auto-configuration) and a column summarizing information for all interfaces. Using -I, you can replace the primary interface with another interface. The first line of each screen of information contains a summary since the system was last rebooted. Subsequent lines of output show values accumulated over the preceding interval.

Caveats:

The -A, -a, -d, and -s options require the presence of the /etc/protocols file.

See also:

/etc/hosts, /etc/networks, /etc/protocols, /etc/services


[Previous] [Contents] [Index] [Next]