Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
netstat(1M)		System Administration Commands		   netstat(1M)

NAME
       netstat - show network status

SYNOPSIS
       netstat [-anv] [-f address_family] [-P protocol]

       netstat -g [-n] [-f address_family]

       netstat -p [-n] [-f address_family]

       netstat -s [-f address_family] [-P protocol]

       netstat -m [-v]

       netstat -i [-I interface] [-an] [-f address_family] [interval [count]]

       netstat -r [-anv] [-f address_family | filter]

       netstat -M [-ns]	[-f address_family]

       netstat -D [-I interface] [-f address_family]

DESCRIPTION
       The  netstat  command  displays the contents of certain network-related
       data structures in various formats, depending on	the  options  you  se-
       lect.

       The  netstat  command  has the several forms shown in the SYNOPSIS sec-
       tion, above, listed as follows:

	  o  The first form of the command (with no required  arguments)  dis-
	     plays a list of active sockets for	each protocol.

	  o  The second, third,	and fourth forms (-g, -p, and -s options) dis-
	     play information from various network data	structures.

	  o  The fifth form (-m	option)	displays STREAMS memory	statistics.

	  o  The sixth form (-i	option)	shows the state	of the interfaces.

	  o  The seventh form (-r option) displays the routing table.

	  o  The eighth	form (-M option) displays the multicast	routing	table.

	  o  The ninth form (-D	option)	displays the state of DHCP on  one  or
	     all interfaces.

       These forms are described in greater detail below.

       With  no	arguments (the first form), netstat displays connected sockets
       for PF_INET, PF_INET6, and PF_UNIX, unless modified otherwise by	the -f
       option.

OPTIONS
       -a    Show  the state of	all sockets, all routing table entries,	or all
	     interfaces, both physical and logical. Normally, listener sockets
	     used  by  server  processes are not shown.	Under most conditions,
	     only interface, host, network, and	default	routes are  shown  and
	     only the status of	physical interfaces is shown.

       -f address_family
	     Limit  all	displays to those of the specified address_family. The
	     value of address_family can be one	of the following:

	     inet  For the AF_INET address family showing IPv4 information.

	     inet6 For the AF_INET6 address family showing IPv6	information.

	     unix  For the AF_UNIX address family.

       -f filter
	     With -r only, limit the display of	routes to those	 matching  the
	     specified	filter.	 A  filter  rule consists of a "keyword:value"
	     pair. The known keywords and the value syntax are:

	     af:{inet|inet6|unix|number}
		   Selects an address family. This  is	identical  to  -f  ad-
		   dress_family	and both syntaxes are supported.

	     {inif|outif}:{name|ifIndex|any|none}
		   Selects  an	input or output	interface. You can specify the
		   interface by	name (such as hme0) or by ifIndex number  (for
		   example,  2). If any	is used, the filter matches all	routes
		   having a specified interface	(anything other	than null). If
		   none	 is  used, the filter matches all routes having	a null
		   interface.	Note  that  you	 can  view  the	 index	number
		   (ifIndex)  for  an  interface  with the -a option of	ifcon-
		   fig(1M).

	     {src|dst}:{ip-address[/mask]|any|none}
		   Selects a source or destination IP  address.	 If  specified
		   with	a mask length, then any	routes with matching or	longer
		   (more specific) masks are selected. If any  is  used,  then
		   all but addresses but 0 are selected. If none is used, then
		   address 0 is	selected.

	     flags:[+ -]?[ABDGHLU]+
		   Selects routes tagged with the specified flags. By default,
		   the	flags as specified must	be set in order	to match. With
		   a leading +,	the flags specified must be set	but others are
		   ignored.  With a leading -, the flags specified must	not be
		   set and others are permitted.

       You can specify multiple	instances of -f	to specify  multiple  filters.
       For example:

       % netstat -nr -f	outif:hme0 -f outif:hme1 -f dst:10.0.0.0/8

	     The  preceding command displays routes within network 10.0.0.0/8,
	     with mask length 8	or greater, and	an output interface of	either
	     hme0 or hme1, and excludes	all other routes.

       -g    Show the multicast	group memberships for all interfaces. See DIS-
	     PLAYS, below.

       -i    Show the state of the interfaces that are used  for  IP  traffic.
	     Normally  this shows statistics for the physical interfaces. When
	     combined with the -a option, this will  also  report  information
	     for the logical interfaces. See ifconfig(1M).

       -m    Show the STREAMS memory statistics.

       -n    Show  network addresses as	numbers. netstat normally displays ad-
	     dresses as	symbols. This option may be used with any of the  dis-
	     play formats.

       -p    Show the net to media tables. See DISPLAYS, below.

       -r    Show the routing tables. Normally,	only interface,	host, network,
	     and default routes	are shown, but when this  option  is  combined
	     with  the	-a  option,  all  routes  will be displayed, including
	     cache.

       -s    Show per-protocol statistics. When	used with the -M option,  show
	     multicast	routing	 statistics instead. When used with the	-a op-
	     tion, per-interface statistics will be displayed, when available,
	     in	addition to statistics global to the system. See DISPLAYS, be-
	     low.

       -v    Verbose. Show additional information  for	the  sockets,  STREAMS
	     memory statistics,	and the	routing	table.

       -I interface
	     Show  the	state  of a particular interface. interface can	be any
	     valid interface such as hme0 or le0.  Normally,  the  status  and
	     statistics	 for  physical interfaces are displayed. When this op-
	     tion is combined with the -a option, information for the  logical
	     interfaces	is also	reported.

       -M    Show  the multicast routing tables. When used with	the -s option,
	     show multicast routing statistics instead.

       -P protocol
	     Limit display of statistics or state of all sockets to those  ap-
	     plicable  to protocol. The	protocol can be	one of ip, ipv6, icmp,
	     icmpv6, igmp, udp,	tcp, rawip. rawip can  also  be	 specified  as
	     raw. The command accepts protocol options only as all lowercase.

       -D    Show the status of	DHCP configured	interfaces.

OPERANDS
       interval
	     Display interface statistics accumulated since last display every
	     interval seconds, repeating forever, unless count	is  specified.
	     When invoked with interval, the first row of netstat output shows
	     statistics	accumulated since last reboot.

       count Display interface statistics the number  of  times	 specified  by
	     count, at the interval specified by interval.

DISPLAYS
   Active Sockets (First Form)
       The  display for	each active socket shows the local and remote address,
       the send	and receive queue sizes	(in bytes), the	send and receive  win-
       dows (in	bytes),	and the	internal state of the protocol.

       The symbolic format normally used to display socket addresses is	either

       hostname.port

       when the	name of	the host is specified, or

       network.port

       if a socket address specifies a network but no specific host.

       The  numeric  host address or network number associated with the	socket
       is used to look up the corresponding symbolic hostname or network  name
       in the hosts or networks	database.

       If  the	network	 or hostname for an address is not known, or if	the -n
       option is specified, the	numerical network address is  shown.  Unspeci-
       fied, or	"wildcard", addresses and ports	appear as "*". For more	infor-
       mation regarding	the Internet naming conventions, refer to inet(7P) and
       inet6(7P).

   TCP Sockets
       The possible state values for TCP sockets are as	follows:

       BOUND Bound, ready to connect or	listen.

       CLOSED
	     Closed. The socket	is not being used.

       CLOSING
	     Closed, then remote shutdown; awaiting acknowledgment.

       CLOSE_WAIT
	     Remote shutdown; waiting for the socket to	close.

       ESTABLISHED
	     Connection	has been established.

       FIN_WAIT_1
	     Socket closed; shutting down connection.

       FIN_WAIT_2
	     Socket closed; waiting for	shutdown from remote.

       IDLE  Idle, opened but not bound.

       LAST_ACK
	     Remote shutdown, then closed; awaiting acknowledgment.

       LISTEN
	     Listening for incoming connections.

       SYN_RECEIVED
	     Initial synchronization of	the connection under way.

       SYN_SENT
	     Actively trying to	establish connection.

       TIME_WAIT
	     Wait after	close for remote shutdown retransmission.

   Network Data	Structures (Second Through Fifth Forms)
       The form	of the display depends upon which of the -g, -m, -p, or	-s op-
       tions you select.

       -g    Displays the list of multicast group membership.

       -m    Displays the memory usage,	for example, STREAMS mblks.

       -p    Displays the net to media mapping table. For  IPv4,  the  address
	     resolution	 table is displayed. See arp(1M). For IPv6, the	neigh-
	     bor cache is displayed.

       -s    Displays the statistics for the various protocol layers.

       The statistics use the MIB specified variables. The defined values  for
       ipForwarding are:

	      forwarding(1)
		    Acting as a	gateway.

	      not-forwarding(2)
		    Not	acting as a gateway.

       The  IPv6 and ICMPv6 protocol layers maintain per-interface statistics.
       If the -a option	is specified with the -s option, then  the  per-inter-
       face  statistics	 as  well  as the total	sums are displayed. Otherwise,
       just the	sum of the statistics are shown.

       For the second, third, and fourth forms of the command, you must	 spec-
       ify  at	least  -g, -p, or -s. You can specify any combination of these
       options.	You can	also specify -m	(the fifth form) with any set  of  the
       -g,  -p,	and -s options.	If you specify more than one of	these options,
       netstat displays	the information	for each one of	them.

   Interface Status (Sixth Form)
       The interface status display lists information for all  current	inter-
       faces,  one  interface per line.	If an interface	is specified using the
       -I option, it displays information for only the specified interface.

       The list	consists of the	 interface  name,  mtu	(maximum  transmission
       unit,  or  maximum packet size)(see ifconfig(1M)), the network to which
       the interface is	attached, addresses for	each  interface,  and  counter
       associated  with	 the  interface. The counters show the number of input
       packets,	input errors, output packets, output errors,  and  collisions,
       respectively.  For Point-to-Point interfaces, the Net/Dest field	is the
       name or address on the other side of the	link.

       If the -a option	is specified with either the -i	option or the  -I  op-
       tion,  then  the	 output	 includes  names of the	physical interface(s),
       counts for input	packets	and output packets for each logical interface,
       plus additional information.

       If the -n option	is specified, the list displays	the IP address instead
       of the interface	name.

       If an optional interval is specified, the output	 will  be  continually
       displayed  in  interval	seconds	until interrupted by the user or until
       count is	reached. See OPERANDS.

       The physical interface is specified using the -I	option.	When used with
       the  interval  operand, output for the -I option	has the	following for-
       mat:

       input	 le0	      output	    input	   (Total)    output
       packets	errs  packets errs  colls   packets  errs  packets   errs   colls
       227681	0     659471  1	    502	    261331   0	   99597     1	    502
       10	0     0	      0	    0	    10	     0	   0	     0	    0
       8	0     0	      0	    0	    8	     0	   0	     0	    0
       10	0     2	      0	    0	    10	     0	   2	     0	    0

       If the input interface is not specified,	the first interface of address
       family inet or inet6 will be displayed.

   Routing Table (Seventh Form)
       The  routing table display lists	the available routes and the status of
       each. Each route	consists of a destination host or network, and a gate-
       way  to use in forwarding packets. The flags column shows the status of
       the route (U if "up"), whether the route	 is  to	 a  gateway  (G),  and
       whether the route was created dynamically by a redirect (D).  If	the -a
       option is specified, there will be routing entries with flags for  com-
       bined  routing  and address resolution entries (A), broadcast addresses
       (B), and	the local addresses for	the host (L).

       Interface routes	are created for	each interface attached	to  the	 local
       host;  the gateway field	for such entries shows the address of the out-
       going interface.

       The use column displays the number of packets  sent  using  a  combined
       routing	and address resolution (A) or a	broadcast (B) route. For a lo-
       cal (L) route, this count is the	number of packets  received,  and  for
       all  other  routes it is	the number of times the	routing	entry has been
       used to create a	new combined route and address resolution entry.

       The interface entry indicates the network interface  utilized  for  the
       route.

   Multicast Routing Tables (Eighth Form)
       The multicast routing table consists of the virtual interface table and
       the actual routing table.

   DHCP	Interface Information (Ninth Form)
       The DHCP	interface information consists of the interface	name, its cur-
       rent state, lease information, packet counts, and a list	of flags.

       The states correlate with the specifications set	forth in RFC 2131.

	Lease information includes:

	  o  when the lease began;

	  o  when lease	renewal	will begin; and

	  o  when the lease will expire.

       The flags currently defined include:

	      BOOTP The	interface has a	lease obtained through BOOTP.

	      BUSY  The	interface is busy with a DHCP transaction.

	      PRIMARY
		    The	interface is the primary interface. See	dhcpinfo(1).

	      FAILED
		    The	 interface  is	in  failure state and must be manually
		    restarted.

       Packet counts are maintained for	the number of packets sent, the	number
       of  packets  received,  and  the	number of lease	offers declined	by the
       DHCP client. All	three counters are initialized to zero and then	incre-
       mented  while obtaining a lease.	The counters are reset when the	period
       of lease	renewal	begins for the interface. Thus,	the counters represent
       either the number of packets sent, received, and	declined while obtain-
       ing the current lease, or the number of packets sent, received, and de-
       clined while attempting to obtain a future lease.

FILES
       /etc/default/inet_type
	     DEFAULT_IP	setting

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       arp(1M),	 dhcpinfo(1),  dhcpagent(1M),  ifconfig(1M), iostat(1M), mibi-
       isa(1M),	savecore(1M), vmstat(1M), hosts(4), inet_type(4), networks(4),
       protocols(4), services(4), attributes(5), inet(7P), inet6(7P)

       Droms, R., RFC 2131, Dynamic Host Configuration Protocol, Network Work-
       ing Group, March	1997.

NOTES
       When displaying interface information, netstat  honors  the  DEFAULT_IP
       setting	in  /etc/default/inet_type.  If	it is set to IP_VERSION4, then
       netstat will omit information relating to IPv6 interfaces,  statistics,
       connections, routes and the like.

       However,	  you	can   override	the  DEFAULT_IP	 setting  in  /etc/de-
       fault/inet_type on the command-line. For	example, if you	have used  the
       command-line  to	explicitly request IPv6	information by using the inet6
       address family or one of	the IPv6 protocols, it will override  the  DE-
       FAULT_IP	setting.

       If  you	need  to examine network status	information following a	kernel
       crash, use the mdb(1) utility on	the savecore(1M) output.

SunOS 5.9			  17 Dec 2001			   netstat(1M)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPERANDS | DISPLAYS | FILES | ATTRIBUTES | SEE ALSO | NOTES

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=netstat&sektion=1m&manpath=SunOS+5.9>

home | help