SYNOPSIS netstat [-rn | [-an] [-f address_family] [interval] netstat [-abdHimMnrstv] [-f address_family] [interval] netstat [-ntdz] [-I interface] [interval] netstat [-ip protocol] The netstat command displays network-related data in various formats.
1 – FLAGS
-a Displays the state of sockets related to the Internet protocol. Includes sockets for processes such as servers that are currently listening at a socket but are otherwise inactive. -b Displays the contents of the Mobile IPv6 binding cache. When used with the -s option, it displays binding cache statistics. -d Displays the number of dropped packets; for use with the -I interface or -i flags. You can also specify an interval argument (in seconds). -f address_family Limits reports to the specified address family. Specify one of the following: inet Specifies reports of the AF_ INET family, if present in the kernel. inet6 Specifies reports of the AF_ INET6 family, if present in the kernel. all Lists information about all address families in the system. any Lists information about any address families in the system. -H Displays the current ARP table (behaves like arp -a). -i Displays the state of configured interfaces. (Interfaces that are statically configured into the system, but not located at system startup, are not shown.) When used with the -a flag, it displays IP and link-level addresses associated with the interfaces. You can use the -i flag to retrieve your system's hardware address. When used with the -p protocol flag, it displays interface statistics on the interface for specified protocol. -I interface Displays information about the specified interface. -m Displays information about memory allocated to data structures associated with network operations. -M Displays Internet protocol multicast routing information. When used with the -s flag, it displays IP multicast statistics. -n Displays network address in numerical format with network masks in CIDR format. When this flag is not specified, the address is displayed as hostname and port number. This flag can be used with any of the display formats. -p protocol Displays statistics for the specified protocol, which you can specify as a well known name or an alias. With the -i flag, displays interface statistics on the interface for the specified protocol: o -ip icmp o -ip ip o -ip tcp o -ip udp A null listing (0) means that there is no data to report. If routines to report statistics for a specified protocol are not implemented on this system, netstat reports that the protocol is unknown. -r Displays the host's routing tables. When used with the -s flag, shows the host's routing statistics instead of routing tables. -s Displays statistics for each protocol. -t Displays timer information; for use with the -I interface or -i flags. -v Displays more verbose output when specified with the -r flag. In this case, route metric values are displayed. -z Sets the network interface counters to zero. This flag must be specified with the -I interface flag. In addition, you must be a privileged user to use this flag.
2 – DESCRIPTION
The interval argument specifies in seconds the interval for updating and displaying information. The first line of the display shows cumulative statistics; subsequent lines show statistics recorded during interval. Default Display When used without flags, the netstat command displays a list of active sockets for each protocol. The default display shows the following items: o Local and remote addresses o Send and receive queue sizes (in bytes) o Protocol o State Address formats are of the form host.port or network.port if a socket's address specifies a network but no specific host address. The host and network address are displayed symbolically unless -n is specified. Interface Display The network interface display format provides a table of cumulative statistics for the following: o Interface name o Maximum Transmission Unit (MTU) o Network Address o Packets received (Ipkts) o Packets received in error (Ierrs) o Packets transferred (Opkts) o Outgoing packets in error (Oerrs) o Collisions Note that the collisions item has different meanings for different network interfaces. o Drops (optional with -d) o Timers >((optional with -t) Routing Table Display A route consists of a destination host or network and a gateway to use when forwarding packets. Direct routes are created automatically for each interface attached to the local host when you issue the ifconfig command. Routes can be modified automatically in response to the prevailing condition of the network. The routing-table display format indicates available routes and the status of each in the following fields: Flags Displays the state of the route as one or more of the following: C A cloning route created by the route command. c A cloned route. D This route was dynamically created by a redirect. F A fragment to path MTU size is disabled on this route. G This route is to a gateway. H This route is to a host I A route that contains valid link-layer information. L A loopback route that was created by the kernel. M A route that was modified by a redirect. m A route that was created by a Mobile IPv6 binding update. P A route that was created by the Path MTU discovery process. p A indicates that Path MTU discovery is disabled on this route. R This is a reject route that was created by the route command. S This is a static route that was created by the route command. U Up, or available. refcnt Gives the current number of active uses for the route. Connection- oriented protocols hold on to a single route for the duration of a connection; connectionless protocols obtain routes in the process of sending to a destination. use Provides a count of the number of packets sent using the route. interface Indicates the network interface used for the route. When the -v flag is specified, the routing table display includes the route metrics. An asterisk (*) indicates the metric is locked. See route(8) for additional information on routing.