![[Go to CFHT Home Page]](/images/cfht-icon.gif){kind=icon}
Man Pages 
Back to Software Index 
Manpage Top Level
netstat [ -g | -m | -p | -s | -f address_family ] [ -n ] [ -P protocol ]
netstat {[ -i ] [ -I interface ]} [ interval ]
netstat -r [ -anv ]
netstat -M [ -ns ]
SUNWcsu
netstat displays the contents of various network-related data structures in various formats, depending on the options you select.
The first form of the command displays a list of active sockets for each protocol. The second form selects one from among various other network data structures. The third form shows the state of the interfaces. The fourth form displays the routing table and the fifth form the multicast routing table.
The display for each active socket shows the local and remote address, the send and receive queue sizes (in bytes), the send and receive windows (in bytes), and the internal state of the protocol.
The symbolic format normally used to display socket addresses is either:
when the name of the host is specified, or:
if a socket address specifies a network but no specific host.
The numeric host address or network number associated with the socket is used to look up the corresponding symbolic hostname or network name in the hosts or networks database.
If the network or hostname for an address is not known (or if the -n option is specified), the numerical network address is shown. Unspecified, or ‘wildcard’, addresses and ports appear as ‘*’. For more information regarding the Internet naming conventions, refer to inet(7P) .
The possible state values for TCP sockets are as follows:
- CLOSED
- Closed. The socket is not being used.
- LISTEN
- Listening for incoming connections.
- SYN_SENT
- Actively trying to establish connection.
- SYN_RECEIVED
- Initial synchronization of the connection under way.
- ESTABLISHED
- Connection has been established.
- CLOSE_WAIT
- Remote shut down; waiting for the socket to close.
- FIN_WAIT_1
- Socket closed; shutting down connection.
- CLOSING
- Closed, then remote shutdown; awaiting acknowledgement.
- LAST_ACK
- Remote shut down, then closed; awaiting acknowledgement.
- FIN_WAIT_2
- Socket closed; waiting for shutdown from remote.
- TIME_WAIT
- Wait after close for remote shutdown retransmission.
The form of the display depends upon which of the -g, -m, -p or -s options you select. If you specify more than one of these options, netstat displays the information for each one of them.
The interface status display lists information for all current interfaces, one interface per line. If an interface is specified using the -I option, it displays information for only the specified interface.
The list consists of the interface name, mtu (maximum transmission unit, or maximum packet size), the network to which the interface is attached, addresses for each interface and counter associated with the interface. The counters show the number of input packets, input errors, output packets, output errors, and collisions respectively. For Point-to-Point interfaces, the Net/Dest field is the name or address on the other side of the link.
If the -n option is specified, the list displays the IP address instead of the interface name.
If an optional interval is specified, the output will be continuously displayed in interval seconds until interrupted by the user.
The input interface is specified using the -I option. In this case, the list only displays traffic information in columns; the specified interface is first, the total count is second. This column list has the format of:
input le0 output input (Total) output packets errs packets errs colls packets errs packets errs colls 227681 0 65947 1 502 261331 0 99597 1 502 10 0 0 0 0 10 0 0 0 0 8 0 0 0 0 8 0 0 0 0 10 0 2 0 0 10 0 2 0 0
If the input interface is not specified, the first interface of address family inet will be displayed.
The routing table display lists the available routes and the status of each. Each route consists of a destination host or network, and a gateway to use in forwarding packets. The flags column shows the status of the route (U if ‘up’), whether the route is to a gateway (G), and whether the route was created dynamically by a redirect (D). If the -a option is specified there will be routing entries with flags for combined routing and address resolution entries (A), broadcast addresses (B), and the local addresses for the host (L).
Interface routes are created for each interface attached to the local host; the gateway field for such entries shows the address of the outgoing interface.
The refcnt column gives the current number of routes that share the same link layer address.
The use column displays the number of packets sent using an combined routing and address resolution (A) or a broadcast (B) route. For a local (L) route this count is the number of packets received, and for all other routes it is the number of times the routing entry has been used to create a new combined route and address resolution entry.
The interface entry indicates the network interface utilized for the route.
The multicast routing table consists of the virtual interface table and the actual routing table.
The kernel’s tables can change while netstat is examining them, creating incorrect or partial displays.