netstat
—
show network status
netstat |
[-Aan ] [-f
address_family[,family ...]]
[-M core]
[-N system] |
netstat |
[-bdghiLlmnqrSsTtv ] [-f
address_family[,family ...]]
[-M core]
[-N system] |
netstat |
[-dn ] [-I
interface] [-M
core] [-N
system] [-w
wait] |
netstat |
[-M core]
[-N system]
[-p protocol] |
netstat |
[-M core]
[-N system]
[-p protocol]
-P pcbaddr |
netstat |
[-i ] [-I
Interface] [-p
protocol] |
netstat |
[-is ] [-f
address_family[,family ...]]
[-I Interface] |
netstat |
[-s ] [-I
Interface] -B |
The netstat
command symbolically displays the contents
of various network-related data structures. There are a number of output
formats, depending on the options for the information presented. The first
form of the command displays a list of active sockets for each protocol. The
second form presents the contents of one of the other network data structures
according to the option selected. Using the third form, with a
wait interval specified, netstat
will continuously display the information regarding packet traffic on the
configured network interfaces. The fourth form displays statistics about the
named protocol. The fifth and sixth forms display per interface statistics for
the specified protocol or address family.
The options have the following meaning:
-A
- With the default display, show the address of any protocol control blocks
associated with sockets; used for debugging.
-a
- With the default display, show the state of all sockets; normally sockets
used by server processes are not shown.
-B
- With the default display, show the current
bpf(4) peers. To show only the
peers listening to a specific interface, use the
-I
option. If the -s
option is present, show the current
bpf(4) statistics.
-b
- With the interface display (option
-i
), show bytes
in and out, instead of packets in and out.
-d
- With either interface display (option
-i
or an
interval, as described below), show the number of dropped packets.
-f
address_family[,family ...]
- Limit statistics or address control block reports to those of the
specified address_families. The following address
families are recognized: inet, for
AF_INET
; inet6, for
AF_INET6
; arp, for
AF_ARP
; ns, for
AF_NS
; atalk, for
AF_APPLETALK
; mpls, for
AF_MPLS
; and local or
unix, for AF_LOCAL
.
-g
- Show information related to multicast (group address) routing. By default,
show the IP Multicast virtual-interface and routing tables. If the
-s
option is also present, show multicast routing
statistics.
-h
- When used with
-b
in combination with either
-i
or -I
, output
"human-readable" byte counts.
-I
interface
- Show information about the specified interface; used with a
wait interval as described below. If the
-f
address_family option
(with the -s
option) or the
-p
protocol option is
present, show per-interface statistics on the
interface for the specified
address_family or protocol,
respectively.
-i
- Show the state of interfaces which have been auto-configured (interfaces
statically configured into a system, but not located at boot time are not
shown). If the
-a
options is also present,
multicast addresses currently in use are shown for each Ethernet interface
and for each IP interface address. Multicast addresses are shown on
separate lines following the interface address with which they are
associated. If the -f
address_family option (with the
-s
option) or the -p
protocol option is present, show per-interface
statistics on all interfaces for the specified
address_family or protocol,
respectively.
-L
- Don't show link-level routes (e.g., IPv4 ARP or IPv6 neighbour
cache).
-l
- With the
-g
option, display wider fields for the
IPv6 multicast routing table “Origin” and
“Group” columns.
-M
core
- Use kvm(3) instead of
sysctl(3) to retrieve
information and extract values associated with the name list from the
specified core. If the
-M
option is not given but
the -N
option is given, the default
/dev/mem is used.
-m
- Show statistics recorded by the mbuf memory management routines (the
network manages a private pool of memory buffers). If the kernel option
options MBUFTRACE
is set, extra info can be
retrieved with -mssv
. See also
options(4).
-N
system
- Use kvm(3) instead of
sysctl(3) to retrieve
information and extract the name list from the specified system. For the
default behavior when only
-M
option is given, see
the description about when execfile is
NULL
in
kvm_openfiles(3).
-n
- Show network addresses and ports as numbers (normally
netstat
interprets addresses and ports and
attempts to display them symbolically). This option may be used with any
of the display formats.
-P
pcbaddr
- Dump the contents of the protocol control block (PCB) located at kernel
virtual address pcbaddr. This address may be
obtained using the
-A
flag. The default protocol
is TCP, but may be overridden using the -p
flag.
-p
protocol
- Show statistics about protocol, which is either a
well-known name for a protocol or an alias for it. Some protocol names and
aliases are listed in the file /etc/protocols. A
null response typically means that there are no interesting numbers to
report. The program will complain if protocol is
unknown or if there is no statistics routine for it.
-q
- Show software interrupt queue setting/statistics for all protocols.
-r
- Show the routing tables. When
-s
is also present,
show routing statistics instead.
-S
- Show network addresses as numbers (as with
-n
, but
show ports symbolically).
-s
- Show per-protocol statistics. If this option is repeated, counters with a
value of zero are suppressed.
-T
- Show MPLS Tags for the routing tables. If multiple tags exists, they will
be comma separated, first tag being the BoS one.
-t
- With the
-i
option, display the current value of
the watchdog timer function.
-v
- Show extra (verbose) detail for the routing tables
(
-r
), or avoid truncation of long addresses.
-w
wait
- Show network interface statistics at intervals of
wait seconds.
-X
- Force use of sysctl(3) when
retrieving information. Some features of
netstat
may not be (fully) supported when using
sysctl(3). This flag forces
the use of the latter regardless, and emits a message if a not yet fully
supported feature is used in conjunction with it. This flag might be
removed at any time; do not rely on its presence.
The default display, for active sockets, shows the local and
remote addresses, send and receive queue sizes (in bytes), protocol, and the
internal state of the protocol. Address formats are of the form
``host.port'' or ``network.port'' if a socket's address specifies a network
but no specific host address. When known the host and network addresses are
displayed symbolically according to the data bases
/etc/hosts and
/etc/networks, respectively. If a symbolic name for
an address is unknown, or if the -n
option is
specified, the address is printed numerically, according to the address
family. For more information regarding the Internet ``dot format,'' refer to
inet(3)). Unspecified, or
``wildcard'', addresses and ports appear as ``*''. You can use the
fstat(1) command to find out
which process or processes hold references to a socket.
The interface display provides a table of cumulative statistics
regarding packets transferred, errors, and collisions. The network addresses
of the interface and the maximum transmission unit (``mtu'') are also
displayed.
The routing table display indicates the available routes and their
status. Each route consists of a destination host or network and a gateway
to use in forwarding packets. The flags field shows a collection of
information about the route stored as binary choices. The individual flags
are discussed in more detail in the
route(8) and
route(4) manual pages.
Direct routes are created for each interface attached to the local
host; the gateway field for such entries shows the address of the outgoing
interface. The refcnt field gives the current number of active uses of the
route. Connection oriented protocols normally hold on to a single route for
the duration of a connection while connectionless protocols obtain a route
while sending to the same destination. The use field provides a count of the
number of packets sent using that route. The mtu entry shows the mtu
associated with that route. This mtu value is used as the basis for the TCP
maximum segment size. The 'L' flag appended to the mtu value indicates that
the value is locked, and that path mtu discovery is turned off for that
route. A ‘-’ indicates that the mtu for this route has not
been set, and a default TCP maximum segment size will be used. The interface
entry indicates the network interface used for the route.
When netstat
is invoked with the
-w
option and a wait interval
argument, it displays a running count of statistics related to network
interfaces. An obsolescent version of this option used a numeric parameter
with no option, and is currently supported for backward compatibility. This
display consists of a column for the primary interface (the first interface
found during autoconfiguration) and a column summarizing information for all
interfaces. The primary interface may be replaced with another interface
with the -I
option. The first line of each screen of
information contains a summary since the system was last rebooted.
Subsequent lines of output show values accumulated over the preceding
interval.
The first character of the flags column in the
-B
option shows the status of the
bpf(4) descriptor which has three
different values: Idle ('I'), Waiting ('W') and Timed Out ('T'). The second
character indicates whether the promisc flag is set. The third character
indicates the status of the immediate mode. The fourth character indicates
whether the peer will have the ability to see the packets sent. And the
fifth character shows the header complete flag status.
fstat(1),
nfsstat(1),
ps(1),
sockstat(1),
vmstat(1),
inet(3),
kvm(3),
kvm_openfiles(3),
sysctl(3),
bpf(4),
options(4),
route(4),
hosts(5),
networks(5),
protocols(5),
services(5),
iostat(8),
route(8),
trpt(8)
The netstat
command appeared in
4.2BSD. IPv6 support was added by WIDE/KAME project.
The notion of errors is ill-defined.