NAME

netstat − Displays network statistics. 

SYNOPSIS

netstat [-Arn | [-Aan] [-f address_family] [-p protocol]] [interval]

netstat [-adHimMnrstuv] [-f address_family] [-p protocol] [interval]

netstat [-ntdz] [-I interface [-c | -s]] [interval]

The netstat command displays network-related data in various formats. 

FLAGS

-aDisplays the state of sockets related to the Internet protocol.  Includes sockets for processes such as servers that are currently listening at a socket but are otherwise inactive. 

-ADisplays either the address of any protocol control blocks associated with sockets or the addresses of routing table entries with bitmasks.  Typically, this flag is used for debugging. 

-dDisplays the number of dropped packets; for use with the -I interface or -i flags.  You can also specify an interval argument (in seconds). 

-f address_family
Limits reports to the specified address family. The address families that can be specified might include the following:

inetSpecifies reports of the AF_INET family, if present in the kernel. 

unixSpecifies reports of the AF_UNIX family, if present in the kernel. 

allLists information about all address families in the system. 

anyLists information about any address families in the system. 

-HDisplays the current ARP table (behaves like arp -a). 

-iDisplays the state of configured interfaces.  (Interfaces that are statically configured into the system, but not located at system startup, are not shown.) 

When used with the -a flag, it displays IP and link-level addresses associated with the interfaces. 

You can use the -i flag to retrieve your system’s hardware address. 

-I interface
Displays information about the specified interface.

-I interface -c
Displays the current access filter for the specified network interface.  See ifaccess.conf(4) for more information. 

-I interface -s
Displays the DNA Data Link Layer counters for the specified network interface and the adapter’s status and characteristics.  See Network Administration for a description of the display fields. 

-mDisplays information about memory allocated to data structures associated with network operations. 

-MDisplays Internet protocol multicast routing information. When used with the -s flag, it displays IP multicast statistics. 

-nDisplays network address in numerical format with network masks in CIDR format.  When this flag is not specified, the address is displayed as hostname and port number.  This flag can be used with any of the display formats. 

-pprotocol
Displays statistics for protocol, which you can specify as a well known name or an alias.  Supported protocol names and their aliases are listed in /etc/protocols.  A null listing (0) means that there is no data to report.  If routines to report statistics for a specified protocol are not implemented on this system, netstat reports that the protocol is unknown. 

-rDisplays the host’s routing tables.  When used with the -s flag, shows the host’s routing statistics instead of routing tables. 

-sDisplays statistics for each protocol. 

-tDisplays timer information; for use with the -I interface or -i flags. 

-uDisplays information about domain sockets (UNIX domain). 

-vDisplays more verbose output when specified with the -r flag.  In this case, route metric values are displayed. 

-zSets the network interface counters to zero.  This flag must be specified with the -I interface flag.  In addition, you must be superuser to use this flag. 

DESCRIPTION

The interval argument specifies in seconds the interval for updating and displaying information.  The first line of the display shows cumulative statistics; subsequent lines show statistics recorded during interval. 

Default Display

When used without flags, the netstat command displays a list of active sockets for each protocol.  The default display shows the following items:

       •Local and remote addresses

       •Send and receive queue sizes (in bytes)

       •Protocol

       •State

Address formats are of the form host.port or network.port if a socket’s address specifies a network but no specific host address.  The host and network address are displayed symbolically unless -n is specified. 

Interface Display

The network interface display format provides a table of cumulative statistics for the following:

       •Interface name

       •Maximum Transmission Unit (MTU)

       •Network Address

       •Packets received (Ipkts)

       •Packets received in error (Ierrs)

       •Packets transferred (Opkts)

       •Outgoing packets in error (Oerrs)

       •Collisions

Note that the collisions item has different meanings for different network interfaces. 

       •Drops (optional with -d)

       •Timers (optional with -t)

Routing Table Display

A route consists of a destination host or network and a gateway to use when forwarding packets.  Direct routes are created automatically for each interface attached to the local host when you issue the ifconfig command.  Routes can be modified automatically in response to the prevailing condition of the network. 

The routing-table display format indicates available routes and the status of each in the following fields:

FlagsDisplays the state of the route as one or more of the following:

UUp, or available. 

GThis route is to a gateway. 

HThis route is to a host

DThis route was dynamically created by a redirect. 

MThis route was modified by a redirect. 

SThis is a static route that was created by the route command. 

RThis is a reject route that was created by the route command. 

refcntGives the current number of active uses for the route.  Connection-oriented protocols hold on to a single route for the duration of a connection; connectionless protocols obtain routes in the process of sending to a destination. 

useProvides a count of the number of packets sent using the route. 

interface
Indicates the network interface used for the route.

When the -v flag is specified, the routing table display includes the route metrics.  An asterisk (∗) indicates the metric is locked.  See route(8) for additional information on routing. 

EXAMPLES

     1.To show the state of the configured interfaces, enter:

$ netstat -i

     2.To show the routing tables, enter:

$ netstat -r

The resulting display looks like the following:

Routing Tables
DestinationGatewayFlagsRefsUseInterface
Netmasks:
Inet255.255.255.0
Route Tree for Protocol Family 2:
default        16.55.5.5UG1338618ln0
localhost16.55.5.4UH229lo0
ethernet16.55.5.3U9866760ln0

(Output may be formatted differently on your system.) 

     3.To show the routing tables with network addresses, enter:

$ netstat -rn

The resulting display looks like the following:

Routing tables
Destination      Gateway            Flags     Refs     Use  Interface
Netmasks:
Inet             0.0.0.0
Inet             255.0.0.0
Inet             255.255.0.0
Inet             255.255.252.0
Inet             255.255.255.0
Inet             255.255.255.224
Route Tree for Protocol Family 2:
default          16.140.28.1        UG          0  6004465  tu0
16.140.128/24    16.140.128.198     U           4   181451  tu0
127.0.0.1        127.0.0.1          UH          0        0  lo0
194.224/16       127.0.0.1          UG          0        3  lo0
194.226/16       127.0.0.1          UGR         0        0  lo0
198.119.1/24     198.119.19.76      U           1      867  le0
198.119.19.64/27 198.119.19.76      U           0        1  le0
198.119.64.80    198.119.19.24      UGH         0        0  le0
130.200/16       16.140.128.1       UG          0        0  tu0

     4.To produce the default display for network connections, enter:

netstat

The resulting display might include the following headings:

Active Internet connections
Proto Recv-Q Send-Q Local Address   Foreign Address   (state)

     5.To set the ln0 interface counters to zero, enter:

netstat -Iln0 -z

RELATED INFORMATION

Commands:  vmstat(1), route(8). 

Network Administration