Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
NETSTAT(1)		FreeBSD	General	Commands Manual		    NETSTAT(1)

     netstat --	show network status

     netstat [-AaBln] [-M core]	[-N system] [-p	protocol] [-T rtable]
     netstat -W	interface
     netstat -m
     netstat -I	interface | -i [-bdehnqt]
     netstat -w	wait [-bdehnqt]	[-c count] [-I interface]
     netstat -s	[-gru] [-f address_family] [-p protocol]
     netstat -g	[-lnu] [-f address_family]
     netstat -R
     netstat -r	[-AFu] [-f address_family] [-M core] [-N system] [-p protocol]
	     [-T rtable]
     netstat -P	pcbaddr	[-v] [-M core] [-N system]

     The netstat command shows various aspects of network status.  The default
     display shows information about all active	network	connections and	sock-

     The first form of the command displays a list of active sockets for each
     protocol.	The second form	displays per-interface statistics for the
     specified wireless	(802.11) device.  The third form displays statistics
     related to	memory use.  The fourth	form displays per-interface statis-
     tics.  The	fifth form continuously	displays the information regarding
     packet traffic on the configured network interfaces.  The sixth form dis-
     plays per-protocol	statistics.  The seventh form shows information	re-
     lated to multicast	routing.  The eighth form displays information about
     routing domains.  The ninth form displays information about routing ta-
     bles.  The	final form displays internals of the protocol control block
     (PCB) and the socket structure.  The forms	are shown in order of prece-
     dence: for	example, if -rg	is specified, then -r is ignored in favour of

     The options are as	follows:

     -A	     Show the address of any protocol control blocks associated	with
	     sockets; useful for debugging e.g.	with the -P flag.  When	used
	     with the -r flag it shows the internal addresses of the routing
	     table.  Only the super-user can see these addresses; unprivileged
	     users will	see them as 0x0.

     -a	     With the default display, show the	state of all sockets; normally
	     sockets used by server processes are not shown.

     -B	     With the default display, show buffer sizes for TCP sockets.
	     This includes the send window size, receive window	size and con-
	     gestion window size.

     -b	     With the interface	display	(options -I or -i), show bytes in and
	     out, instead of packet statistics.

     -c	count
	     Display count updates, then exit.	This option has	no effect un-
	     less -w is	specified as well.

     -d	     With either the interface display (options	-I or -i) or an	inter-
	     val (option -w), show only	the number of dropped packets.

     -e	     With either the interface display (options	-I or -i) or an	inter-
	     val (option -w), show only	the number of errors on	the interface.

     -F	     When showing routes, only show routes whose gateway are in	the
	     same address family as the	destination.

     -f	address_family
	     Limit statistics or address control block reports to those	of the
	     specified address_family.

	     The following address families are	recognized:

		   Address Family    Constant	 Description
		   inet		     AF_INET	 IP Version 4
		   inet6	     AF_INET6	 IP Version 6
		   local	     AF_UNIX	 Alias for unix
		   mpls		     AF_MPLS	 MPLS
		   unix		     AF_UNIX	 Local to Host (i.e., pipes)

     -h	     Use unit suffixes to reduce the number of digits shown with the
	     -b	and -w options.

     -g	     Show information related to multicast (group address) routing.
	     By	default, show the IP multicast virtual-interface and routing
	     tables.  If the -s	option is also present,	show multicast routing

     -I	interface
	     Show information about the	specified interface; used with a wait
	     interval as described below.

     -i	     Show the state of interfaces which	have been auto-configured (in-
	     terfaces statically configured into a system but not located at
	     boot-time are not shown).

     -l	     With the default display, show only listening sockets.  With the
	     -g	option,	display	wider fields for the IPv6 multicast routing
	     table "Origin" and	"Group"	columns.

     -M	core
	     Extract values associated with the	name list from the specified
	     core instead of the running kernel.

     -m	     Show statistics recorded by the memory management routines	(the
	     network manages a private pool of memory buffers).

     -N	system
	     Extract the name list from	the specified system instead of	the
	     running kernel.

     -n	     Show network addresses as numbers (normally netstat interprets
	     addresses and attempts to display them symbolically).  This op-
	     tion may be used with any of the display formats.

     -P	pcbaddr
	     Display the contents of the protocol control block	(PCB) located
	     at	the kernel virtual address pcbaddr.  PCB addresses can be ob-
	     tained using the -A flag.	When used with the -v option, also
	     print socket, domain and protocol specific	structures.  Only the
	     super-user	can use	the -P option.

	     The -P option requires the	ability	to open	/dev/kmem which	may be
	     restricted	based upon the value of	the kern.allowkmem sysctl(8).

     -p	protocol
	     Restrict the output to protocol, which is either a	well-known
	     name for a	protocol or an alias for it.  Some protocol names and
	     aliases are listed	in the file /etc/protocols.  The program will
	     complain if protocol is unknown.  If the -s option	is specified,
	     the per-protocol statistics are displayed.	 Otherwise the states
	     of	the matching sockets are shown.

     -q	     Only show interfaces that have seen packets (or bytes if -b is

     -R	     List all rdomains with associated interfaces and routing tables.

     -r	     Show the routing tables.  The output is explained in more detail
	     below.  If	the -s option is also specified, show routing statis-
	     tics instead.  When used with the -v option, also print routing

     -s	     Show per-protocol statistics.  If this option is repeated,	coun-
	     ters with a value of zero are suppressed.

     -T	rtable
	     Select an alternate routing table to query.  The default is to
	     use the current routing table.

     -t	     With the -i option, display the current value of the watchdog
	     timer function.

     -u	     Limit statistics or address control block reports to the AF_UNIX
	     address family.

     -v	     Show extra	(verbose) detail for the routing tables	(-r), or avoid
	     truncation	of long	addresses.  When used with the -P option, also
	     print socket, domain and protocol specific	structures.

     -W	interface
	     (IEEE 802.11 devices only)	Show per-interface IEEE	802.11 wire-
	     less statistics.

     -w	wait
	     Show network interface statistics at intervals of wait seconds.

     Address formats are of the	form "host.port" or "network.port" if a
     socket's address specifies	a network but no specific host address.	 When
     known, the	host addresses are displayed symbolically according to the
     hosts(5) database.	 If a symbolic name for	an address is unknown, or if
     the -n option is specified, the address is	printed	numerically, according
     to	the address family.

     For more information regarding the	Internet "dot format", refer to
     inet_ntop(3).  Unspecified	or "wildcard" addresses	and ports appear as a
     single `*'.  If a local port number is registered as being	in use for RPC
     by	portmap(8), its	RPC service name or RPC	service	number will be printed
     in	"[]" immediately after the port	number.

     The interface display provides a table of cumulative statistics regarding
     packets transferred, errors, and collisions.  The network addresses of
     the interface and the maximum transmission	unit (MTU) are also displayed.

     The routing table display indicates the available routes and their	sta-
     tus.  Each	route consists of a destination	host or	network	and a gateway
     to	use in forwarding packets.  If the destination is a network in numeric
     format, the netmask (in /24 style format) is appended.  The flags field
     shows a collection	of information about the route stored as binary
     choices.  The individual flags are	discussed in more detail in the
     route(8) and route(4) manual pages.

     The mapping between letters and flags is:

     1	  RTF_PROTO1	   Protocol specific routing flag #1.
     2	  RTF_PROTO2	   Protocol specific routing flag #2.
     3	  RTF_PROTO3	   Protocol specific routing flag #3.
     B	  RTF_BLACKHOLE	   Just	discard	pkts (during updates).
     b	  RTF_BROADCAST	   Correspond to a local broadcast address.
     C	  RTF_CLONING	   Generate new	routes on use.
     c	  RTF_CLONED	   Cloned routes (generated from RTF_CLONING).
     D	  RTF_DYNAMIC	   Created dynamically (by redirect).
     d	  RTF_DONE	   Completed (for routing messages only).
     G	  RTF_GATEWAY	   Destination requires	forwarding by intermediary.
     H	  RTF_HOST	   Host	entry (net otherwise).
     h	  RTF_CACHED	   Referenced by gateway route.
     L	  RTF_LLINFO	   Valid protocol to link address translation.
     l	  RTF_LOCAL	   Correspond to a local address.
     M	  RTF_MODIFIED	   Modified dynamically	(by redirect).
     m	  RTF_MULTICAST	   Correspond to a multicast address.
     n	  RTF_CONNECTED	   Interface route.
     P	  RTF_MPATH	   Multipath route.
     R	  RTF_REJECT	   Host	or net unreachable.
     S	  RTF_STATIC	   Manually added.
     T	  RTF_MPLS	   MPLS	route.
     U	  RTF_UP	   Route usable.

     Direct routes are created for each	interface attached to the local	host;
     the gateway field for such	entries	shows the address of the outgoing in-
     terface.  The refcnt field	gives the current number of active uses	of the
     route.  Connection	oriented protocols normally hold on to a single	route
     for the duration of a connection while connectionless protocols obtain a
     route while sending to the	same destination.  The use field provides a
     count of the number of packets sent using that route.  The	MTU entry
     shows the MTU associated with that	route.	This MTU value is used as the
     basis for the TCP maximum segment size (MSS).  The	`L' flag appended to
     the MTU value indicates that the value is locked, and that	path MTU dis-
     covery is turned off for that route.  A `-' indicates that	the MTU	for
     this route	has not	been set, and a	default	TCP maximum segment size will
     be	used.  The interface entry indicates the network interface utilized
     for the route.

     When netstat is invoked with the -w option	and a wait interval argument,
     it	displays a running count of statistics related to network interfaces.
     An	obsolescent version of this option used	a numeric parameter with no
     option, and is currently supported	for backward compatibility.  This dis-
     play consists of a	column for the primary interface (the first interface
     found during autoconfiguration) and a column summarizing information for
     all interfaces.  The primary interface may	be replaced with another in-
     terface with the -I option.  The first line of each screen	of information
     contains a	summary	since the system was last rebooted.  Subsequent	lines
     of	output show values accumulated over the	preceding interval.

     fstat(1), nfsstat(1), ps(1), systat(1), tcpbench(1), top(1),
     inet_ntop(3), netintro(4),	route(4), hosts(5), protocols(5), services(5),
     iostat(8),	portmap(8), pstat(8), route(8),	tcpdrop(8), trpt(8), vmstat(8)

     The netstat command appeared in 4.2BSD.  IPv6 support was added by	the
     WIDE/KAME project.

     The notion	of errors is ill-defined.

FreeBSD	13.0			January	2, 2021			  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help