NETSTAT(1) General Commands Manual NETSTAT(1)
netstat - show network status
netstat [-AaBln] [-f address_family] [-p protocol] [-M core] [-N system]
netstat [-bdFgilmnqrstu] [-f address_family] [-p protocol] [-M core]
[-N system] [-T rtable]
netstat [-bdhn] [-c count] [-I interface] [-M core] [-N system] [-w wait]
netstat [-v] [-M core] [-N system] -P pcbaddr
netstat [-s] [-M core] [-N system] [-p protocol]
netstat [-a] [-f address_family] [-p protocol] [-i | -I interface]
netstat [-W interface]
The netstat command symbolically displays the contents of various
network-related data structures. There are a number of output formats,
depending on the options for the information presented.
The first form of the command displays a list of active sockets for each
protocol. The second form presents the contents of one of the other
network data structures according to the option selected. Using the
third form, with a wait interval specified, netstat will continuously
display the information regarding packet traffic on the configured
network interfaces. The fourth form displays internals of the protocol
control block (PCB) and the socket structure. The fifth form displays
statistics about the named protocol. The sixth form displays per
interface statistics for the specified address family. The final form
displays per interface statistics for the specified wireless (802.11)
The options are as follows:
-A Show the address of any protocol control blocks associated with
sockets; useful for debugging e.g. with the -P flag. When used
with the -r flag it shows the internal addresses of the routing
table. Only the super-user can see these addresses; unprivileged
users will see them as 0x0.
-a With the default display, show the state of all sockets; normally
sockets used by server processes are not shown.
-B With the default display, show buffer sizes for TCP sockets.
This includes the send window size, receive window size and
congestion window size.
-b With the interface display (options -I or -i), show bytes in and
out, instead of packet statistics.
Display count updates, then exit. This option has no effect
unless -w is specified as well.
-d With either the interface display (options -I or -i) or an
interval (option -w), show the number of dropped packets.
-F When showing routes, only show routes whose gateway are in the
same address family as the destination.
Limit statistics or address control block reports to those of the
The following address families are recognized:
Address Family Constant Description
inet AF_INET IP Version 4
inet6 AF_INET6 IP Version 6
local AF_UNIX Alias for unix
mpls AF_MPLS MPLS
unix AF_UNIX Local to Host (i.e., pipes)
-h Use unit suffixes to reduce the number of digits shown with the
-b and -w options.
-g Show information related to multicast (group address) routing.
By default, show the IP multicast virtual-interface and routing
tables. If the -s option is also present, show multicast routing
Show information about the specified interface; used with a wait
interval as described below.
If the -f address_family option (with the -s option) is present,
show per-interface statistics on the given interface for the
-i Show the state of interfaces which have been auto-configured
(interfaces statically configured into a system but not located
at boot-time are not shown).
If the -f address_family option (with the -s option) is present,
show per-interface statistics on all interfaces for the specified
-l With the default display, show only listening sockets. With the
-g option, display wider fields for the IPv6 multicast routing
table "Origin" and "Group" columns.
Extract values associated with the name list from the specified
core instead of the running kernel.
-m Show statistics recorded by the memory management routines (the
network manages a private pool of memory buffers).
Extract the name list from the specified system instead of the
-n Show network addresses as numbers (normally netstat interprets
addresses and attempts to display them symbolically). This
option may be used with any of the display formats.
Display the contents of the protocol control block (PCB) located
at the kernel virtual address pcbaddr. PCB addresses can be
obtained using the -A flag. When used with the -v option, also
print socket, domain and protocol specific structures. Only the
super-user can use the -P option.
The -P option requires the ability to open /dev/kmem which may be
restricted based upon the value of the kern.allowkmem sysctl(8).
Restrict the output to protocol, which is either a well-known
name for a protocol or an alias for it. Some protocol names and
aliases are listed in the file /etc/protocols. The program will
complain if protocol is unknown. If the -s option is specified,
the per-protocol statistics are displayed. Otherwise the states
of the matching sockets are shown.
-q Only show interfaces that have seen packets (or bytes if -b is
-r Show the routing tables. If the -s option is also specified,
show routing statistics instead. When used with the -v option,
also print routing labels.
-s Show per-protocol statistics. If this option is repeated,
counters with a value of zero are suppressed.
Select an alternate routing table to query. The default is to
use the current routing table.
-t With the -i option, display the current value of the watchdog
-u Limit statistics or address control block reports to the AF_UNIX
-v Show extra (verbose) detail for the routing tables (-r), or avoid
truncation of long addresses. When used with the -P option, also
print socket, domain and protocol specific structures.
(IEEE 802.11 devices only) Show per-interface IEEE 802.11
Show network interface statistics at intervals of wait seconds.
The default display, for active sockets, shows the local and remote
addresses, send and receive queue sizes (in bytes), protocol, and the
internal state of the protocol.
Address formats are of the form "host.port" or "network.port" if a
socket's address specifies a network but no specific host address. When
known, the host addresses are displayed symbolically according to the
hosts(5) database. If a symbolic name for an address is unknown, or if
the -n option is specified, the address is printed numerically, according
to the address family.
For more information regarding the Internet "dot format", refer to
inet_ntop(3). Unspecified or "wildcard" addresses and ports appear as a
single `*'. If a local port number is registered as being in use for RPC
by portmap(8), its RPC service name or RPC service number will be printed
in "" immediately after the port number.
The interface display provides a table of cumulative statistics regarding
packets transferred, errors, and collisions. The network addresses of
the interface and the maximum transmission unit (MTU) are also displayed.
The routing table display indicates the available routes and their
status. Each route consists of a destination host or network and a
gateway to use in forwarding packets. If the destination is a network in
numeric format, the netmask (in /24 style format) is appended. The flags
field shows a collection of information about the route stored as binary
choices. The individual flags are discussed in more detail in the
route(8) and route(4) manual pages.
The mapping between letters and flags is:
1 RTF_PROTO1 Protocol specific routing flag #1.
2 RTF_PROTO2 Protocol specific routing flag #2.
3 RTF_PROTO3 Protocol specific routing flag #3.
B RTF_BLACKHOLE Just discard pkts (during updates).
b RTF_BROADCAST Correspond to a local broadcast address.
C RTF_CLONING Generate new routes on use.
c RTF_CLONED Cloned routes (generated from RTF_CLONING).
D RTF_DYNAMIC Created dynamically (by redirect).
d RTF_DONE Completed (for routing messages only).
G RTF_GATEWAY Destination requires forwarding by intermediary.
H RTF_HOST Host entry (net otherwise).
h RTF_CACHED Referenced by gateway route.
L RTF_LLINFO Valid protocol to link address translation.
l RTF_LOCAL Correspond to a local address.
M RTF_MODIFIED Modified dynamically (by redirect).
m RTF_MULTICAST Correspond to a multicast address.
n RTF_CONNECTED Interface route.
P RTF_MPATH Multipath route.
R RTF_REJECT Host or net unreachable.
S RTF_STATIC Manually added.
T RTF_MPLS MPLS route.
U RTF_UP Route usable.
Direct routes are created for each interface attached to the local host;
the gateway field for such entries shows the address of the outgoing
interface. The refcnt field gives the current number of active uses of
the route. Connection oriented protocols normally hold on to a single
route for the duration of a connection while connectionless protocols
obtain a route while sending to the same destination. The use field
provides a count of the number of packets sent using that route. The MTU
entry shows the MTU associated with that route. This MTU value is used
as the basis for the TCP maximum segment size (MSS). The `L' flag
appended to the MTU value indicates that the value is locked, and that
path MTU discovery is turned off for that route. A `-' indicates that
the MTU for this route has not been set, and a default TCP maximum
segment size will be used. The interface entry indicates the network
interface utilized for the route.
When netstat is invoked with the -w option and a wait interval argument,
it displays a running count of statistics related to network interfaces.
An obsolescent version of this option used a numeric parameter with no
option, and is currently supported for backward compatibility. This
display consists of a column for the primary interface (the first
interface found during autoconfiguration) and a column summarizing
information for all interfaces. The primary interface may be replaced
with another interface with the -I option. The first line of each screen
of information contains a summary since the system was last rebooted.
Subsequent lines of output show values accumulated over the preceding
fstat(1), nfsstat(1), ps(1), systat(1), tcpbench(1), top(1),
inet_ntop(3), netintro(4), route(4), hosts(5), protocols(5), services(5),
iostat(8), portmap(8), pstat(8), route(8), tcpdrop(8), trpt(8), vmstat(8)
The netstat command appeared in 4.2BSD. IPv6 support was added by the
The notion of errors is ill-defined.
OpenBSD 6.4 July 13, 2018 OpenBSD 6.4
[Unix Hosting |
[Engineering & Automation |
Software Development |