NETSTAT(1) BSD General Commands Manual NETSTAT(1)NAMEnetstat — show network status
DESCRIPTION
The netstat command symbolically displays the contents of various net‐
work-related data structures. There are a number of output formats,
depending on the options for the information presented.
netstat [-AaLnSWx] [-f protocol_family | -p protocol] [-M core]
[-N system]
Display a list of active sockets (protocol control blocks) for
each network protocol, for a particular protocol_family, or for a
single protocol. If -A is also present, show the address of a
protocol control block (PCB) associated with a socket; used for
debugging. If -a is also present, show the state of all sockets;
normally sockets used by server processes are not shown. If -L
is also present, show the size of the various listen queues. The
first count shows the number of unaccepted connections, the sec‐
ond count shows the amount of unaccepted incomplete connections,
and the third count is the maximum number of queued connections.
If -S is also present, show network addresses as numbers (as with
-n) but show ports symbolically. If -x is present display full
socket buffer statistics for each internet socket.
netstat-i | -I interface [-abdhntW] [-f address_family] [-M core]
[-N system]
Show the state of all network interfaces or a single interface
which have been auto-configured (interfaces statically configured
into a system, but not located at boot time are not shown). An
asterisk (“*”) after an interface name indicates that the inter‐
face is “down”. If -a is also present, multicast addresses cur‐
rently in use are shown for each Ethernet interface and for each
IP interface address. Multicast addresses are shown on separate
lines following the interface address with which they are associ‐
ated. If -b is also present, show the number of bytes in and
out. If -d is also present, show the number of dropped packets.
If -h is also present, print all counters in human readable form.
If -t is also present, show the contents of watchdog timers. If
-W is also present, print interface names using a wider field
size.
netstat-w wait [-I interface] [-d] [-M core] [-N system] [-q howmany]
At intervals of wait seconds, display the information regarding
packet traffic on all configured network interfaces or a single
interface. If -q is also present, exit after howmany outputs.
If -d is also present, show the number of dropped packets.
netstat-s [-s] [-z] [-f protocol_family | -p protocol] [-M core]
[-N system]
Display system-wide statistics for each network protocol, for a
particular protocol_family, or for a single protocol. If -s is
repeated, counters with a value of zero are suppressed. If -z is
also present, reset statistic counters after displaying them.
netstat-i | -I interface -s [-f protocol_family | -p protocol] [-M core]
[-N system]
Display per-interface statistics for each network protocol, for a
particular protocol_family, or for a single protocol.
netstat-m [-M core] [-N system]
Show statistics recorded by the memory management routines
(mbuf(9)). The network manages a private pool of memory buffers.
netstat-B [-z] [-I interface]
Show statistics about bpf(4) peers. This includes information
like how many packets have been matched, dropped and received by
the bpf device, also information about current buffer sizes and
device states.
netstat-r [-AanW] [-f address_family] [-M core] [-N system]
Display the contents of all routing tables, or a routing table
for a particular address_family. If -A is also present, show the
contents of the internal Patricia tree structures; used for
debugging. If -a is also present, show protocol-cloned routes
(routes generated by an RTF_PRCLONING parent route); normally
these routes are not shown. When -W is also present, show the
path MTU for each route, and print interface names with a wider
field size.
netstat-rs [-s] [-M core] [-N system]
Display routing statistics. If -s is repeated, counters with a
value of zero are suppressed.
netstat-g [-W] [-f address_family] [-M core] [-N system]
Display the contents of the multicast virtual interface tables,
and multicast forwarding caches. Entries in these tables will
appear only when the kernel is actively forwarding multicast ses‐
sions. This option is applicable only to the inet and inet6
address families.
netstat-gs [-s] [-f address_family] [-M core] [-N system]
Show multicast routing statistics. If -s is repeated, counters
with a value of zero are suppressed.
Some options have the general meaning:
-f address_family, -p protocol
Limit display to those records of the specified address_family or a
single protocol. The following address families and protocols are
recognized:
Family Protocols
inet (AF_INET) divert, icmp, igmp, ip, ipsec, pim,
sctp, tcp, udp
inet6 (AF_INET6) icmp6, ip6, ipsec6, rip6, tcp, udp
pfkey (PF_KEY) pfkey
atalk (AF_APPLETALK) ddp
netgraph, ng (AF_NETGRAPH) ctrl, data
ipx (AF_IPX) ipx, spx
unix (AF_UNIX)
link (AF_LINK)
The program will complain if protocol is unknown or if there is no
statistics routine for it.
-M Extract values associated with the name list from the specified
core instead of the default /dev/kmem.
-N Extract the name list from the specified system instead of the
default, which is the kernel image the system has booted from.
-n Show network addresses and ports as numbers. Normally netstat
attempts to resolve addresses and ports, and display them symboli‐
cally.
-W In certain displays, avoid truncating addresses even if this causes
some fields to overflow.
The default display, for active sockets, shows the local and remote
addresses, send and receive queue sizes (in bytes), protocol, and the
internal state of the protocol. Address formats are of the form
“host.port” or “network.port” if a socket's address specifies a network
but no specific host address. When known, the host and network addresses
are displayed symbolically according to the databases hosts(5) and
networks(5), respectively. If a symbolic name for an address is unknown,
or if the -n option is specified, the address is printed numerically,
according to the address family. For more information regarding the
Internet IPv4 “dot format”, refer to inet(3). Unspecified, or
“wildcard”, addresses and ports appear as “*”.
The interface display provides a table of cumulative statistics regarding
packets transferred, errors, and collisions. The network addresses of
the interface and the maximum transmission unit (“mtu”) are also dis‐
played.
The routing table display indicates the available routes and their sta‐
tus. Each route consists of a destination host or network, and a gateway
to use in forwarding packets. The flags field shows a collection of
information about the route stored as binary choices. The individual
flags are discussed in more detail in the route(8) and route(4) manual
pages. The mapping between letters and flags is:
1 RTF_PROTO1 Protocol specific routing flag #1
2 RTF_PROTO2 Protocol specific routing flag #2
3 RTF_PROTO3 Protocol specific routing flag #3
B RTF_BLACKHOLE Just discard pkts (during updates)
b RTF_BROADCAST The route represents a broadcast address
C RTF_CLONING Generate new routes on use
c RTF_PRCLONING Protocol-specified generate new routes on use
D RTF_DYNAMIC Created dynamically (by redirect)
G RTF_GATEWAY Destination requires forwarding by intermediary
H RTF_HOST Host entry (net otherwise)
L RTF_LLINFO Valid protocol to link address translation
M RTF_MODIFIED Modified dynamically (by redirect)
R RTF_REJECT Host or net unreachable
S RTF_STATIC Manually added
U RTF_UP Route usable
W RTF_WASCLONED Route was generated as a result of cloning
X RTF_XRESOLVE External daemon translates proto to link address
Direct routes are created for each interface attached to the local host;
the gateway field for such entries shows the address of the outgoing
interface. The refcnt field gives the current number of active uses of
the route. Connection oriented protocols normally hold on to a single
route for the duration of a connection while connectionless protocols
obtain a route while sending to the same destination. The use field pro‐
vides a count of the number of packets sent using that route. The inter‐
face entry indicates the network interface utilized for the route.
When netstat is invoked with the -w option and a wait interval argument,
it displays a running count of statistics related to network interfaces.
An obsolescent version of this option used a numeric parameter with no
option, and is currently supported for backward compatibility. By
default, this display summarizes information for all interfaces. Infor‐
mation for a specific interface may be displayed with the -I option.
The bpf(4) flags displayed when netstat is invoked with the -B option
represent the underlying parameters of the bpf peer. Each flag is repre‐
sented as a single lower case letter. The mapping between the letters
and flags in order of appearance are:
p Set if listening promiscuously
i BIOCIMMEDIATE has been set on the device
f BIOCGHDRCMPLT status: source link addresses are being filled auto‐
matically
s BIOCGSEESENT status: see packets originating locally and remotely on
the interface.
a Packet reception generates a signal
l BIOCLOCK status: descriptor has been locked
For more information about these flags, please refer to bpf(4).
The -x flag causes netstat to output all the information recorded about
data stored in the socket buffers. The fields are:
R-MBUF Number of mbufs in the receive queue.
S-MBUF Number of mbufs in the send queue.
R-CLUS Number of clusters, of any type, in the receive queue.
S-CLUS Number of clusters, of any type, in the send queue.
R-HIWA Receive buffer high water mark, in bytes.
S-HIWA Send buffer high water mark, in bytes.
R-LOWA Receive buffer low water mark, in bytes.
S-LOWA Send buffer low water mark, in bytes.
R-BCNT Receive buffer byte count.
S-BCNT Send buffer byte count.
R-BMAX Maximum bytes that can be used in the receive buffer.
S-BMAX Maximum bytes that can be used in the send buffer.
SEE ALSOfstat(1), nfsstat(1), procstat(1), ps(1), sockstat(1), bpf(4), inet(4),
route(4), unix(4), hosts(5), networks(5), protocols(5), services(5),
iostat(8), route(8), trpt(8), vmstat(8), mbuf(9)HISTORY
The netstat command appeared in 4.2BSD.
IPv6 support was added by WIDE/KAME project.
BUGS
The notion of errors is ill-defined.
BSD January 10, 2010 BSD