*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> netstat (1)              


NETSTAT(1)							    NETSTAT(1)

NAME    [Toc]    [Back]

     netstat - show network status

SYNOPSIS    [Toc]    [Back]

     netstat [ -AanuV ]	[ -L laddr ] [ -F faddr	] \
	  [ -f address_family ]	[ system ] [ core ]
     netstat [ -imnqrstMN ] [ -f address_family	] [ system ] [ core ]
     netstat [ -n ] [ -I interface ] interval [	system ] [ core	]
     netstat -C	 [ -n ]	[ interval ] [ system ]
     netstat [ -p protocol ] [ system ]	[ core ]

DESCRIPTION    [Toc]    [Back]

     The netstat command symbolically displays the contents of various
     network-related data structures.  There are a number of output formats,
     depending on the options for the information presented.  The first	form
     of	the command displays a list of active sockets for each protocol.  The
     second form presents the contents of one of the other network data
     structures	according to the option	selected.  Using the third form, with
     an	interval specified, netstat will continuously display the information
     regarding packet traffic on the configured	network	interfaces.  The
     fourth form displays statistics about the named protocol.

     The options have the following meaning:

     -A	  With the default display, show the address of	any protocol control
	  blocks associated with sockets; used for debugging.

     -a	  With the default display, show the state of all sockets; normally
	  sockets used by server processes are not shown.  If -q is used in
	  conjunction with -a, information about pending connections on
	  listening endpoints will be displayed.  This includes	the number of
	  partially-synchronized connections, the number of fully-synchronized
	  connections, and the maximum number of pending connections specified
	  in the listen(2) call.  Note that system provides some scaling on
	  the listen backlog, such that	a request for a	queue limit of 32 will
	  actually result in 49	connections being allowed prior	to new
	  connection requests being ignored.  This means that it is possible
	  for the sum of the two queue lengths to be larger than the limit.

     -F	faddr
	  Only TCP protocol control blocks whose foreign address matches the
	  pattern faddr	should be displayed.  The format of faddr is
	  [ipaddr][/port] where	ipaddr is up to	four decimal numbers separated
	  by `.' representing the IP address and port is the port number.  If
	  less than four numbers are given for the IP address, trailing
	  numbers are assumed to be wildcards.	For example 192.26 represents
	  the subnet  Host names may be used instead of dotted IP
	  address notation.

     -L	laddr
	  Only TCP protocol control blocks whose local address matches the
	  pattern laddr	should be displayed.  The format of laddr is the same

									Page 1

NETSTAT(1)							    NETSTAT(1)

	  as that of faddr

     -l	  With the default display, on systems supporting IP security options,
	  show the mandatory and discretionary access control attributes
	  associated with sockets.  These consist of a mandatory access
	  control label, printed at the	beginning of each line,	and a socket
	  uid and acl, printed at the end of each line.	 (For AF_INET sockets
	  only,	a second mandatory access control label, SndLabel, is also
	  shown.  SndLabel is a	copy of	the label in the u_area.)  On systems
	  not supporting IP security options, -l is silently ignored.

     -C	  Display the contents of several of the other formats in dynamic
	  "full-screen"	forms.	Many of	the values can be displayed as simple
	  totals (r or "reset"), changes during	the previous interval (d or
	  "delta"), or changes since a fix moment (z or	"zero").  Note that
	  turning interfaces off or on or otherwise reseting them can make it
	  seem that counters are changing wildly, since	that often resets the
	  counters to zero.

     -i	  Show the state of interfaces which have been auto-configured
	  (interfaces statically configured into a system, but not located at
	  boot time are	not shown).  When -a is	also present, show all
	  addresses (unicast, multicast	and link-level)	associated with	each

     -iq  Show the information for -i with the number of packets currently in
	  the output queue, the	queue size, and	the number of dropped packets
	  due to a full	queue.

     -I	interface
	  Show information only	about this interface; used with	an interval as
	  described below.

     -m	  Show statistics recorded by the memory management routines (the
	  network manages a private pool of memory buffers).

     -n	  Show network addresses as numbers (normally netstat interprets
	  addresses and	attempts to display them symbolically).	 This option
	  may be used with any of the display formats.

     -p	protocol
	  Show statistics about	protocol, which	is either a well-known name
	  for a	protocol or an alias for it.  Some protocol names and aliases
	  are listed in	the file /etc/protocols.  A null response typically
	  means	that there are no interesting numbers to report.  The program
	  will complain	if protocol is unknown or if there is no statistics
	  routine for it.  (This includes counting packets for the HELO
	  routing protocol as unknown.)	 Note that if the protocols list is
	  obtained from	a NIS server, it is important for the correct
	  operation of netstat that the	NIS table contain all protocols	that
	  the client supports but which	the server may not, for	example	STP.

									Page 2

NETSTAT(1)							    NETSTAT(1)

     -s	  Show per-protocol statistics.

     -r	  Show the routing tables.  When -s is also present, show routing
	  statistics instead.

     -M	  Show the kernel multicast routing tables.  When -s is	also present,
	  show multicast routing statistics instead.

     -N	  Show socket addresses	of family AF_LINK symbolically or numerically,
	  depending on whether the -n option is	used, rather than in the
	  default format of link# where	# corresponds to the numerical index
	  into the ifnet array in the kernel.  This option is typically	only
	  useful when displaying the routing tables using the -r option.

     -f	address_family
	  Limit	statistics or address control block reports to those of	the
	  specified address family.  The following address families are
	  recognized:  inet, for AF_INET, and unix, for	AF_UNIX.  (ns, for
	  AF_NS	is not currently supported.)  Note that	sockets	created	with a
	  type of PF_STP are still classified under AF_INET here, since	they
	  use AF_INET addressing.

     -t	  If used in conjunction with -i, displays the value of	the interface
	  watchdog timer.

     -u	  A synonym for	-f unix.

     -T	  When used in conjunction with	-V print just the current value	used
	  to reset the retransmit timers in a TCP protocol control block.

     -V	  Specify very-verbose mode.  When used	in conjunction with the	-a
	  switch, detailed state information is	displayed for each TCP
	  protocol control block.  It is useful	to combine use of this switch
	  with -L and -F to specify particular PCBs.

     The arguments, system and core allow substitutes for the defaults
     ``/unix'' and ``/dev/kmem''.

     The default display, for active sockets, shows the	local and remote
     addresses,	send and receive queue sizes (in bytes), protocol, and the
     internal state of the protocol.  Address formats are of the form
     ``host.port'' or ``network.port'' if a socket's address specifies a
     network but no specific host address.  When known the host	and network
     addresses are displayed symbolically according to the data	bases
     /etc/hosts	and /etc/networks, respectively.  If a symbolic	name for an
     address is	unknown, or if the -n option is	specified, the address is
     printed numerically, according to the address family.  For	more
     information regarding the Internet	``dot format,''	refer to inet(3N).
     Unspecified, or ``wildcard'', addresses and ports appear as ``*''.

									Page 3

NETSTAT(1)							    NETSTAT(1)

     The interface display provides a table of cumulative statistics regarding
     packets transferred, errors, and collisions.  The network addresses of
     the interface and the maximum transmission	unit (``mtu'') are also

     The routing table display indicates the available routes and their
     status.  Each route consists of a destination host	or network and a
     gateway to	use in forwarding packets.  The	flags field shows a collection
     of	information about the route stored as binary choices.  The individual
     flags are discussed in more detail	in the route(1M) and route(7) manual
     pages.  The mapping between letters and flags is:

     1	     RTF_PROTO1	      Protocol-specific	routing	flag #1
     2	     RTF_PROTO2	      Protocol-specific	routing	flag #2
     B	     RTF_BLACKHOLE    Just discard pkts	(during	updates)
     C	     RTF_CLONING      Generate new routes on use
     D	     RTF_DYNAMIC      Created dynamically (by redirect)
     G	     RTF_GATEWAY      Destination requires forwarding by intermediary
     H	     RTF_HOST	      Host entry (net otherwise)
     L	     RTF_LLINFO	      Valid protocol to	link address translation.
     M	     RTF_MODIFIED     Modified dynamically (by redirect)
     R	     RTF_REJECT	      Host or net unreachable
     S	     RTF_STATIC	      Manually added
     U	     RTF_UP	      Route usable
     X	     RTF_XRESOLVE     External daemon translates proto to link address
     c	     RTF_CKSUM	      TCP/UDP checksumming done	on this	route

     Direct routes are created for each	interface attached to the local	host;
     the gateway field for such	entries	shows the address of the outgoing
     interface.	 The MTU field shows the MTU value set with the	route(1M)
     command for that route.  The RTT and RTTvar fields	show the estimated
     round-trip	time (RTT) and the variance in RTT for routes with large
     amounts of	TCP traffic.  The RTT and RTTvar values	are in seconds with a
     resolution	of .125	seconds.  The use field	provides a count of the	number
     of	packets	sent using that	route.	The interface entry indicates the
     network interface utilized	for the	route.

     When netstat is invoked with an interval argument,	it displays a running
     count of statistics related to network interfaces.	 This display consists
     of	a column for the primary interface (the	first interface	found during
     autoconfiguration)	and a column summarizing information for all
     interfaces.  The primary interface	may be replaced	with another interface
     with the -I option.  The first line of each screen	of information
     contains a	summary	since the system was last rebooted.  Subsequent	lines
     of	output show values accumulated over the	preceding interval.


     To	match a	socket to a process, the fuser(1M) command can be used.	 For
     example, the command

									Page 4

NETSTAT(1)							    NETSTAT(1)

	  fuser	25/tcp

     will display information about any	processes listening on TCP port	25.
     Note that fuser requires the numeric value	for the	port, not the name of
     the service.  The -n option will force netstat to display service
     information numerically.

SEE ALSO    [Toc]    [Back]

     fuser(1M),	nfsstat(1M), route(1M),	smtstat(1), hosts(4), networks(4),
     protocols(4), services(4),	route(7), stp(7)

BUGS    [Toc]    [Back]

     The notion	of errors is ill-defined.

									PPPPaaaaggggeeee 5555
[ Back ]
 Similar pages
Name OS Title
rstat IRIX show resource reservation status
ruptime HP-UX show status of local machines
portstat IRIX show status of open audio ports
ruptime FreeBSD show host status of local machines
ruptime IRIX show host status of local machines
ruptime OpenBSD show host status of local machines
menu_mark NetBSD get or set strings that show mark status for a menu
rup HP-UX show host status of local machines (RPC version)
rup Tru64 Show host status of remote machines (RPC version)
rup IRIX show host status of local machines (RPC version)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service