man.bsd.lv manual page server

Manual Page Search Parameters
NETSTAT(1) General Commands Manual NETSTAT(1)

netstatshow network status and statistics

netstat
[--libxo] [-46AaCLnPRSTWx] [-f protocol_family | -p protocol] [-M core] [-N system]
netstat -i |  interface
[--libxo] [-46abdhnW] [-f address_family] [-M core] [-N system]
netstat -w wait
[--libxo] [-I interface] [-46d] [-M core] [-N system] [-q howmany]
netstat -s
[--libxo] [-46sz] [-f protocol_family | -p protocol] [-M core] [-N system]
netstat -i |  interface -s
[--libxo] [-46s] [-f protocol_family | -p protocol] [-M core] [-N system]
netstat -m
[--libxo] [-M core] [-N system]
netstat -B
[--libxo] [-z] [-I interface]
netstat -r
[--libxo] [-46nW] [-F fibnum] [-f address_family]
netstat -rs
[--libxo] [-s] [-M core] [-N system]
netstat -g
[--libxo] [-46W] [-f address_family]
netstat -gs
[--libxo] [-46s] [-f address_family] [-M core] [-N system]
netstat -Q
[--libxo]

The netstat command symbolically displays the contents of various network-related data structures. There are a number of output formats, depending on the options for the information presented.
netstat [-46AaCLnRSTWx] [-f protocol_family | -p protocol] [-M core] [-N system]
Display a list of active sockets (protocol control blocks) for each network protocol.

The default display for active sockets shows the local and remote addresses, send and receive queue sizes (in bytes), protocol, and the internal state of the protocol. Address formats are of the form “host.port” or “network.port” if a socket's address specifies a network but no specific host address. When known, the host and network addresses are displayed symbolically according to the databases hosts(5) and networks(5), respectively. If a symbolic name for an address is unknown, or if the -n option is specified, the address is printed numerically, according to the address family. For more information regarding the Internet IPv4 “dot format”, refer to inet(3). Unspecified, or “wildcard”, addresses and ports appear as “*”.

Generate output via libxo(3) in a selection of different human and machine readable formats. See xo_parse_args(3) for details on command line arguments.
Show IPv4 only. See GENERAL OPTIONS.
Show IPv6 only. See GENERAL OPTIONS.
Show the address of a protocol control block (PCB) associated with a socket; used for debugging.
Show the state of all sockets; normally sockets used by server processes are not shown.
Show the used TCP stack for each session.
Show the congestion control algorithm and diagnostic information of TCP sockets.
Show the size of the various listen queues. The first count shows the number of unaccepted connections, the second count shows the amount of unaccepted incomplete connections, and the third count is the maximum number of queued connections.
Do not resolve numeric addresses and port numbers to names. See GENERAL OPTIONS.
Display the log ID for each socket.
Display the flowid and flowtype for each socket. flowid is a 32 bit hardware specific identifier for each flow. flowtype defines which protocol fields are hashed to produce the id. A complete listing is available in sys/mbuf.h under M_HASHTYPE_*.
Show network addresses as numbers (as with -n) but show ports symbolically.
Display diagnostic information from the TCP control block. Fields include the number of packets requiring retransmission, received out-of-order, and those advertising a zero-sized window.
Avoid truncating addresses even if this causes some fields to overflow.
Display socket buffer and TCP timer statistics for each internet socket.

The -x flag causes netstat to output all the information recorded about data stored in the socket buffers. The fields are:

Number of mbufs in the receive queue.
Number of mbufs in the send queue.
Number of clusters, of any type, in the receive queue.
Number of clusters, of any type, in the send queue.
Receive buffer high water mark, in bytes.
Send buffer high water mark, in bytes.
Receive buffer low water mark, in bytes.
Send buffer low water mark, in bytes.
Receive buffer byte count.
Send buffer byte count.
Maximum bytes that can be used in the receive buffer.
Maximum bytes that can be used in the send buffer.
Time, in seconds, to fire Retransmit Timer, or 0 if not armed.
Time, in seconds, to fire Retransmit Persistence, or 0 if not armed.
Time, in seconds, to fire Keep Alive, or 0 if not armed.
Time, in seconds, to fire 2*msl TIME_WAIT Timer, or 0 if not armed.
Time, in seconds, to fire Delayed ACK Timer, or 0 if not armed.
Time, in seconds, since last packet received.
protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
protocol
Filter by protocol. See GENERAL OPTIONS.
Use an alternative core. See GENERAL OPTIONS.
Use an alternative kernel image. See GENERAL OPTIONS.
netstat -i-I interface [-46abdhnW] [-f address_family] [-M core] [-N system]
Show the state of all network interfaces or a single interface which have been auto-configured (interfaces statically configured into a system, but not located at boot time are not shown). An asterisk (“*”) after an interface name indicates that the interface is “down”.

When netstat is invoked with -i (all interfaces) or -I interface, it provides a table of cumulative statistics regarding packets transferred, errors, and collisions. The network addresses of the interface and the maximum transmission unit (“mtu”) are also displayed.

Show IPv4 only. See GENERAL OPTIONS.
Show IPv6 only. See GENERAL OPTIONS.
Multicast addresses currently in use are shown for each Ethernet interface and for each IP interface address. Multicast addresses are shown on separate lines following the interface address with which they are associated.
Show the number of bytes in and out.
Show the number of dropped packets.
Print all counters in human readable form.
Do not resolve numeric addresses and port numbers to names. See GENERAL OPTIONS.
Avoid truncating interface names even if this causes some fields to overflow. GENERAL OPTIONS.
protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
netstat -w wait [-I interface] [-46d] [-M core] [-N system] [-q howmany]
At intervals of wait seconds, display the information regarding packet traffic on all configured network interfaces or a single interface.

When netstat is invoked with the -w option and a wait interval argument, it displays a running count of statistics related to network interfaces. An obsolescent version of this option used a numeric parameter with no option, and is currently supported for backward compatibility. By default, this display summarizes information for all interfaces. Information for a specific interface may be displayed with the -I interface option.

interface
Only show information regarding interface
Show IPv4 only. See GENERAL OPTIONS.
Show IPv6 only. See GENERAL OPTIONS.
Show the number of dropped packets.
Use an alternative core. See GENERAL OPTIONS.
Use an alternative kernel image. See GENERAL OPTIONS.
Exit after howmany outputs.
netstat -s [-46sz] [-f protocol_family | -p protocol] [-M core] [-N system]
Display system-wide statistics for each network protocol.
Show IPv4 only. See GENERAL OPTIONS.
Show IPv6 only. See GENERAL OPTIONS.
If -s is repeated, counters with a value of zero are suppressed.
Reset statistic counters after displaying them.
protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
protocol
Filter by protocol. See GENERAL OPTIONS.
Use an alternative core. See GENERAL OPTIONS.
Use an alternative kernel image See GENERAL OPTIONS.
netstat -i-I interface -s [-46s] [-f protocol_family | -p protocol] [-M core] [-N system]
Display per-interface statistics for each network protocol.
Show IPv4 only See GENERAL OPTIONS.
Show IPv6 only See GENERAL OPTIONS.
If -s is repeated, counters with a value of zero are suppressed.
protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
protocol
Filter by protocol. See GENERAL OPTIONS.
Use an alternative core See GENERAL OPTIONS.
Use an alternative kernel image See GENERAL OPTIONS.
netstat -m [-M core] [-N system]
Show statistics recorded by the memory management routines (mbuf(9)). The network manages a private pool of memory buffers.
Use an alternative core See GENERAL OPTIONS.
Use an alternative kernel image See GENERAL OPTIONS.
netstat -B [-z] [-I interface]
Show statistics about bpf(4) peers. This includes information like how many packets have been matched, dropped and received by the bpf device, also information about current buffer sizes and device states.

The bpf(4) flags displayed when netstat is invoked with the -B option represent the underlying parameters of the bpf peer. Each flag is represented as a single lower case letter. The mapping between the letters and flags in order of appearance are:

Set if listening promiscuously
has been set on the device
status: source link addresses are being filled automatically
status: see packets originating locally and remotely on the interface.
Packet reception generates a signal
status: descriptor has been locked

For more information about these flags, please refer to bpf(4).

Reset statistic counters after displaying them.
netstat -r [-46AnW] [-F fibnum] [-f address_family] [-M core] [-N system]
Display the contents of routing tables.

When netstat is invoked with the routing table option -r, it lists the available routes and their status. Each route consists of a destination host or network, and a gateway to use in forwarding packets. The flags field shows a collection of information about the route stored as binary choices. The individual flags are discussed in more detail in the route(8) and route(4) manual pages. The mapping between letters and flags is:

Protocol specific routing flag #1
Protocol specific routing flag #2
Protocol specific routing flag #3
Just discard pkts (during updates)
The route represents a broadcast address
Created dynamically (by redirect)
Destination requires forwarding by intermediary
Host entry (net otherwise)
Valid protocol to link address translation
Modified dynamically (by redirect)
Host or net unreachable
Manually added
Route usable
External daemon translates proto to link address

Direct routes are created for each interface attached to the local host; the gateway field for such entries shows the address of the outgoing interface. The refcnt field gives the current number of active uses of the route. Connection oriented protocols normally hold on to a single route for the duration of a connection while connectionless protocols obtain a route while sending to the same destination. The use field provides a count of the number of packets sent using that route. The interface entry indicates the network interface utilized for the route.

Show IPv4 only. See GENERAL OPTIONS.
Show IPv6 only. See GENERAL OPTIONS.
Do not resolve numeric addresses and port numbers to names. See GENERAL OPTIONS.
Show the path MTU for each route, and print interface names with a wider field size.
Display the routing table with the number fibnum. If the specified fibnum is -1 or -F is not specified, the default routing table is displayed.
Display the routing table for a particular address_family.
Use an alternative core See GENERAL OPTIONS.
Use an alternative kernel image See GENERAL OPTIONS.
netstat -rs [-s] [-M core] [-N system]
Display routing statistics.
If -s is repeated, counters with a value of zero are suppressed.
Use an alternative core See GENERAL OPTIONS.
Use an alternative kernel image See GENERAL OPTIONS.
netstat -g [-46W] [-f address_family] [-M core] [-N system]
Display the contents of the multicast virtual interface tables, and multicast forwarding caches. Entries in these tables will appear only when the kernel is actively forwarding multicast sessions. This option is applicable only to the inet and inet6 address families.
Show IPv4 only See GENERAL OPTIONS.
Show IPv6 only See GENERAL OPTIONS.
Avoid truncating addresses even if this causes some fields to overflow.
protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
Use an alternative core See GENERAL OPTIONS.
Use an alternative kernel image See GENERAL OPTIONS.
netstat -gs [-46s] [-f address_family] [-M core] [-N system]
Show multicast routing statistics.
Show IPv4 only See GENERAL OPTIONS.
Show IPv6 only See GENERAL OPTIONS.
If -s is repeated, counters with a value of zero are suppressed.
protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
Use an alternative core See GENERAL OPTIONS.
Use an alternative kernel image See GENERAL OPTIONS.
netstat -Q
Show netisr(9) statistics. The flags field shows available ISR handlers:
Able to map mbuf to cpu id
Has queue drain handler
Able to map mbuf to flow id

Some options have the general meaning:

Is shorthand for -f inet (Show only IPv4)
Is shorthand for -f inet6 (Show only IPv6)
address_family, -p protocol
Limit display to those records of the specified address_family or a single protocol. The following address families and protocols are recognized:

(AF_INET)
, icmp, igmp, ip, ipsec, pim, sctp, tcp, udp
(AF_INET6)
, ip6, ipsec6, rip6, sctp, tcp, udp
(PF_KEY)
, ng (AF_NETGRAPH)
, data
(AF_UNIX)
 
 

The program will complain if protocol is unknown or if there is no statistics routine for it.

Extract values associated with the name list from the specified core instead of the default /dev/kmem.
Extract the name list from the specified system instead of the default, which is the kernel image the system has booted from.
Show network addresses and ports as numbers. Normally netstat attempts to resolve addresses and ports, and display them symbolically.

Show packet traffic information (packets, bytes, errors, packet drops, etc) for interface re0 updated every 2 seconds and exit after 5 outputs:

$ netstat -w 2 -q 5 -I re0

Show statistics for ICMP on any interface:

$ netstat -s -p icmp

Show routing tables:

$ netstat -r

Same as above, but without resolving numeric addresses and port numbers to names:

$ netstat -rn

fstat(1), nfsstat(1), procstat(1), ps(1), sockstat(1), libxo(3), xo_parse_args(3), bpf(4), inet(4), route(4), unix(4), hosts(5), networks(5), protocols(5), services(5), iostat(8), route(8), trpt(8), vmstat(8), mbuf(9)

The netstat command appeared in 4.2BSD.

IPv6 support was added by WIDE/KAME project.

The notion of errors is ill-defined.

September 25, 2020 FreeBSD-13.0