Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
NETSTAT(1)		  BSD General Commands Manual		    NETSTAT(1)

     netstat --	show network status

     netstat [-Aan] [-f	address_family]	[-M core] [-N system]
     netstat [-bdghiLmnqrSsTv] [-f address_family] [-M core] [-N system]
     netstat [-dn] [-I interface] [-M core] [-N	system]	[-w wait]
     netstat [-M core] [-N system] [-p protocol]
     netstat [-M core] [-N system] [-p protocol] -P pcbaddr
     netstat [-i] [-I Interface] [-p protocol]
     netstat [-is] [-f address_family] [-I Interface]
     netstat [-s] [-I Interface] -B

     The netstat command symbolically displays the contents of various net-
     work-related data structures.  There are a	number of output formats, de-
     pending on	the options for	the information	presented.  The	first form of
     the command displays a list of active sockets for each protocol.  The
     second form presents the contents of one of the other network data	struc-
     tures according to	the option selected.  Using the	third form, with a
     wait interval specified, netstat will continuously	display	the informa-
     tion regarding packet traffic on the configured network interfaces.  The
     fourth form displays statistics about the named protocol.	The fifth and
     sixth forms display per interface statistics for the specified protocol
     or	address	family.

     The options have the following meaning:

     -A	   With	the default display, show the address of any protocol control
	   blocks associated with sockets; used	for debugging.

     -a	   With	the default display, show the state of all sockets; normally
	   sockets used	by server processes are	not shown.

     -B	   With	the default display, show the current bpf(4) peers.  To	show
	   only	the peers listening to a specific interface, use the -I	op-
	   tion.  If the -s option is present, show the	current	bpf(4) statis-

     -b	   With	the interface display (option -i), show	bytes in and out, in-
	   stead of packets in and out.

     -d	   With	either interface display (option -i or an interval, as de-
	   scribed below), show	the number of dropped packets.

     -f	address_family
	   Limit statistics or address control block reports to	those of the
	   specified address_family.  The following address families are rec-
	   ognized: inet, for AF_INET; inet6, for AF_INET6; arp, for AF_ARP;
	   ns, for AF_NS; iso, for AF_ISO; atalk, for AF_APPLETALK; mpls, for
	   AF_MPLS; and	local or unix, for AF_LOCAL.

     -g	   Show	information related to multicast (group	address) routing.  By
	   default, show the IP	Multicast virtual-interface and	routing	ta-
	   bles.  If the -s option is also present, show multicast routing

     -I	interface
	   Show	information about the specified	interface; used	with a wait
	   interval as described below.	 If the	-f address_family option (with
	   the -s option) or the -p protocol option is present,	show per-in-
	   terface statistics on the interface for the specified
	   address_family or protocol, respectively.

     -h	   When	used with -b in	combination with either	-i or -I, output "hu-
	   man-readable" byte counts.

     -i	   Show	the state of interfaces	which have been	auto-configured	(in-
	   terfaces statically configured into a system, but not located at
	   boot	time are not shown).  If the -a	options	is also	present, mul-
	   ticast addresses currently in use are shown for each	Ethernet in-
	   terface and for each	IP interface address.  Multicast addresses are
	   shown on separate lines following the interface address with	which
	   they	are associated.	 If the	-f address_family option (with the -s
	   option) or the -p protocol option is	present, show per-interface
	   statistics on all interfaces	for the	specified address_family or
	   protocol, respectively.

     -L	   Don't show link-level routes	(e.g., IPv4 ARP	or IPv6	neighbour

     -M	   Extract values associated with the name list	from the specified
	   core	instead	of the default /dev/kmem.

     -m	   Show	statistics recorded by the mbuf	memory management routines
	   (the	network	manages	a private pool of memory buffers).

     -N	   Extract the name list from the specified system instead of the de-
	   fault /netbsd.

     -n	   Show	network	addresses and ports as numbers (normally netstat in-
	   terprets addresses and ports	and attempts to	display	them symboli-
	   cally).  This option	may be used with any of	the display formats.

     -P	pcbaddr
	   Dump	the contents of	the protocol control block (PCB) located at
	   kernel virtual address pcbaddr.  This address may be	obtained using
	   the -A flag.	 The default protocol is TCP, but may be overridden
	   using the -p	flag.

     -p	protocol
	   Show	statistics about protocol, which is either a well-known	name
	   for a protocol or an	alias for it.  Some protocol names and aliases
	   are listed in the file /etc/protocols.  A null response typically
	   means that there are	no interesting numbers to report.  The program
	   will	complain if protocol is	unknown	or if there is no statistics
	   routine for it.

     -q	   Show	software interrupt queue setting/statistics for	all protocols.

     -r	   Show	the routing tables.  When -s is	also present, show routing
	   statistics instead.

     -S	   Show	network	addresses as numbers (as with -n, but show ports sym-

     -s	   Show	per-protocol statistics.  If this option is repeated, counters
	   with	a value	of zero	are suppressed.

     -T	   Show	MPLS Tags for the routing tables.  If multiple tags exists,
	   they	will be	comma separated, first tag being the BoS one.

     -v	   Show	extra (verbose)	detail for the routing tables (-r), or avoid
	   truncation of long addresses.

     -w	wait
	   Show	network	interface statistics at	intervals of wait seconds.

     -X	   Force use of	sysctl(3) when retrieving information.	Some features
	   of netstat may not be (fully) supported when	using sysctl(3).  This
	   flag	forces the use of the latter regardless, and emits a message
	   if a	not yet	fully supported	feature	is used	in conjunction with
	   it.	This flag might	be removed at any time;	do not rely on its

     The default display, for active sockets, shows the	local and remote ad-
     dresses, send and receive queue sizes (in bytes), protocol, and the in-
     ternal state of the protocol.  Address formats are	of the form
     ``host.port'' or ``network.port'' if a socket's address specifies a net-
     work but no specific host address.	 When known the	host and network ad-
     dresses are displayed symbolically	according to the data bases /etc/hosts
     and /etc/networks,	respectively.  If a symbolic name for an address is
     unknown, or if the	-n option is specified,	the address is printed numeri-
     cally, according to the address family.  For more information regarding
     the Internet ``dot	format,'' refer	to inet(3)).  Unspecified, or ``wild-
     card'', addresses and ports appear	as ``*''.  You can use the fstat(1)
     command to	find out which process or processes hold references to a

     The interface display provides a table of cumulative statistics regarding
     packets transferred, errors, and collisions.  The network addresses of
     the interface and the maximum transmission	unit (``mtu'') are also	dis-

     The routing table display indicates the available routes and their	sta-
     tus.  Each	route consists of a destination	host or	network	and a gateway
     to	use in forwarding packets.  The	flags field shows a collection of in-
     formation about the route stored as binary	choices.  The individual flags
     are discussed in more detail in the route(8) and route(4) manual pages.
     The mapping between letters and flags is:

     1	     RTF_PROTO1	      Protocol specific	routing	flag #1
     2	     RTF_PROTO2	      Protocol specific	routing	flag #2
     B	     RTF_BLACKHOLE    Just discard pkts	(during	updates)
     C	     RTF_CLONING      Generate new routes on use
     c	     RTF_CLONED	      Cloned routes (generated from RTF_CLONING)
     D	     RTF_DYNAMIC      Created dynamically (by redirect)
     G	     RTF_GATEWAY      Destination requires forwarding by intermediary
     H	     RTF_HOST	      Host entry (net otherwise)
     L	     RTF_LLINFO	      Valid protocol to	link address translation.
     M	     RTF_MODIFIED     Modified dynamically (by redirect)
     p	     RTF_ANNOUNCE     Link level proxy
     R	     RTF_REJECT	      Host or net unreachable
     S	     RTF_STATIC	      Manually added
     U	     RTF_UP	      Route usable
     X	     RTF_XRESOLVE     External daemon translates proto to link address

     Direct routes are created for each	interface attached to the local	host;
     the gateway field for such	entries	shows the address of the outgoing in-
     terface.  The refcnt field	gives the current number of active uses	of the
     route.  Connection	oriented protocols normally hold on to a single	route
     for the duration of a connection while connectionless protocols obtain a
     route while sending to the	same destination.  The use field provides a
     count of the number of packets sent using that route.  The	mtu entry
     shows the mtu associated with that	route.	This mtu value is used as the
     basis for the TCP maximum segment size.  The 'L' flag appended to the mtu
     value indicates that the value is locked, and that	path mtu discovery is
     turned off	for that route.	 A `-' indicates that the mtu for this route
     has not been set, and a default TCP maximum segment size will be used.
     The interface entry indicates the network interface used for the route.

     When netstat is invoked with the -w option	and a wait interval argument,
     it	displays a running count of statistics related to network interfaces.
     An	obsolescent version of this option used	a numeric parameter with no
     option, and is currently supported	for backward compatibility.  This dis-
     play consists of a	column for the primary interface (the first interface
     found during autoconfiguration) and a column summarizing information for
     all interfaces.  The primary interface may	be replaced with another in-
     terface with the -I option.  The first line of each screen	of information
     contains a	summary	since the system was last rebooted.  Subsequent	lines
     of	output show values accumulated over the	preceding interval.

     The first character of the	flags column in	the -B option shows the	status
     of	the bpf(4) descriptor which has	three different	values:	Idle ('I'),
     Waiting ('W') and Timed Out ('T').	 The second character indicates
     whether the promisc flag is set.  The third character indicates the sta-
     tus of the	immediate mode.	 The fourth character indicates	whether	the
     peer will have the	ability	to see the packets sent.  And the fifth	char-
     acter shows the header complete flag status.

     fstat(1), nfsstat(1), ps(1), sockstat(1), vmstat(1), inet(3), bpf(4),
     hosts(5), networks(5), protocols(5), services(5), iostat(8), trpt(8)

     The netstat command appeared in 4.2BSD.  IPv6 support was added by
     WIDE/KAME project.

     The notion	of errors is ill-defined.

BSD				 June 29, 2010				   BSD


Want to link to this manual page? Use this URL:

home | help