netstat show network status

`netstat`

BSD Darwin; microsoft

Display the contents of network data structures.

Continuously display the information regarding packet traffic on the configured network interfaces.

netstat -i | -I interface [-w seconds] [-abdgt]

Display a list of active sockets for each protocol.

netstat [-AaLlnW] [ -f address_family | -p protocol] -I interface] [-w wait] [-abdgt]

Present the contents of one of the other network data structures according to the option selected.

netstat [-gilns] [-f address_family]

statistics for the specified protocol or address family.

netstat -s [-s] [-f address_family | -p protocol] [-w seconds]

per-interface statistics for the specified protocol or address family.

netstat -i | -I interface -s [-f address_family | -p protocol]

routing, routing table: netstat -r [-Aaln] [-f address_family] routing stats: netstat -rs [-s]

mbuf stats: netstat -m [-m]

multicast

Without options displays:

Active Internet connections by protocol and
Active LOCAL (UNIX) domain sockets by process
MemoryAddress,Type,Recv-Q,Send-Q,Inode,Conn,Refs,Nextref Addr and process

-w seconds interactively display the information regarding packet traffic
waiting seconds between displays
-d include drops

netstat -w 2 -d input (en1) output packets errs bytes packets errs bytes colls drops 346 0 328207 333 0 32237 0 0 532 0 692543 368 0 31238 0 0 486 0 649996 326 0 26907 0 0 137 0 163205 120 0 10773 0 0 4 0 216 0 0 0 0 0 7 0 1262 4 0 476 0 0 62 0 17372 44 0 4228 0 0 158 0 25661 262 0 24510 0 0 23 0 4448 37 0 3990 0 0 4 0 804 1 0 46 0 0 5 0 290 1 0 46 0 0 3 0 730 0 0 0 0 0 8 0 456 2 0 100 0 0 5 0 880 2 0 144 0 0 4 0 230 2 0 100 0 0 …

-L size of listening queues.
The number of unaccepted connections, unaccepted incomplete connections, maximum number of queued connections.
-a state of all sockets; normally sockets used by server processes are not shown.

netstat -La Current listen queue sizes (qlen/incqlen/maxqlen) Listen Local Address 0/0/5 *.kerberos 0/0/5 *.kerberos 0/0/50 *.mysql 0/0/128 *.http 0/0/128 *.ssh 0/0/128 *.ssh 0/0/128 *.netbios-ssn 0/0/128 *.microsoft-ds 0/0/128 *.ftp 0/0/128 *.ftp 0/0/128 *.afpovertcp 0/0/128 *.afpovert 0/0/128 b.doubleClick.co.ipp 0/0/128 localhost.ipp
-n Numeric addresses (not hostnames)
netstat -Lan Current listen queue sizes (qlen/incqlen/maxqlen) Listen Local Address 0/0/5 *.88 0/0/5 *.88 0/0/50 *.3306 0/0/128 *.80 0/0/128 *.22 0/0/128 *.22 0/0/128 *.139 0/0/128 *.445 0/0/128 *.21 0/0/128 *.21 0/0/128 *.548 0/0/128 *.548 0/0/128 127.0.0.1.631 0/0/128 ::1.631

Affects display
-n Numeric addresses (not hostnames)
-l IPv6 address.
-W Wide, avoid truncating addresses even if this causes some fields to overflow.

affects selection

-I interface Show information about the specified interface
-f address_family specified address family. inet, inet6, unix
-p protocol either a well-known name for a protocol or an alias for it.
Some protocol listed in /etc/protocols .
A complete current list is at iana.org/assignments/protocol-numbers
Keyword Protocol ------- ------------------------ ICMP Internet Control Message IGMP Internet Group Management GGP Gateway-to-Gateway IP IP in IP (encapsulation) ST Stream TCP Transmission Control … UDP User Datagram … IPv6-ICMP ICMP for IPv6 … bdg bridging statistics.

> netstat -p tcp Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 smacker.GERMANS.51555 slammer.GERMANS.netbio ESTABLISHED tcp4 0 0 smacker.GERMANS.50325 esc170.midphase..ssh ESTABLISHED tcp4 0 0 smacker.GERMANS.50303 esc170.midphase..ftp CLOSE_WAIT tcp4 0 0 smacker.GERMANS.49613 esc170.midphase..ftp CLOSE_WAIT
-s -ss Show per-protocol statistics.
ss zeros are suppressed.
> netstat -ss -I en1 ip6 on en1: 198 total input datagrams 198 datagrams delivered to an upper layer protocol 285 datagrams sent from an upper layer protocol 198 multicast datagrams received 285 multicast datagrams sent en1 0 smacker.loc fe80::219:e3ff:fe 0 - 0 - - en1 0 (16)00:00:ff:46:16 0 0 0 0 0 en1 0 192.168.1 smacker.GERMANS 0 - 0 - - icmp6 on en1: 87 total output messages 56 output router solicitations 2 output neighbor solicitations 20 output MLD reports 9 output MLD dones en1 0 smacker.loc fe80::219:e3ff:fe 0 - 0 - - en1 0 (16)00:00:ff:46:16 0 0 0 0 0 en1 0 192.168.1 smacker.GERMANS 0 - 0 - -
> netstat -is -I en1 (reformated for this page) ip6 on en1: 200 total input datagrams 0 datagrams with invalid header received 0 datagrams exceeded MTU received 0 datagrams with no route received 0 datagrams with invalid dst received 0 datagrams with unknown proto received 0 truncated datagrams received 0 input datagrams discarded 200 datagrams delivered to an upper layer protocol 0 datagrams forwarded to this interface 287 datagrams sent from an upper layer protocol 0 total discarded output datagrams 0 output datagrams fragmented 0 output datagrams failed on fragment 0 output datagrams succeeded on fragment 0 incoming datagrams fragmented 0 datagrams reassembled 0 datagrams failed on reassembling 200 multicast datagrams received 287 multicast datagrams sent en1 0 smacker.loc fe80::219:e3ff:fe 0 - 0 - - en1 0 (16)00:00:ff:46:16 0 0 0 0 0 en1 0 192.168.1 smacker.GERMANS 0 - 0 - -
icmp6 on en1: (reformated for this page)
0 total input messages 0 total input error messages 0 input destination unreachable errors 0 input administratively prohibited errors 0 input time exceeded errors 0 input parameter problem errors 0 input packet too big errors 0 input echo requests 0 input echo replys 0 input router solicitations 0 input router advertisements 0 input neighbor solicitations 0 input neighbor advertisements 0 input redirects 0 input MLD querys 0 input MLD reports 0 input MLD dones
87 total output messages 0 total output error messages 0 output destination unreachable errors 0 output administratively prohibited errors 0 output time exceeded errors 0 output parameter problem errors 0 output packet too big errors 0 output echo requests 0 output echo replys 56 output router solicitations 0 output router advertisements 2 output neighbor solicitations 0 output neighbor advertisements 0 output redirects 0 output MLD querys 20 output MLD reports 9 output MLD dones
en1 0 smacker.loc fe80::219:e3ff:fe 0 - 0 - - en1 0 (16)00:00:ff:46:16 0 0 0 0 0 en1 0 192.168.1 smacker.GERMANS 0 - 0 - -
> netstat -I en1 -d -b -t Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll Time Drop en1 1500 <Link#6> 00:19:e3:32:0f:8c 69371 0 18967731 46691 0 4214999 0 en1 1500 (16)00:00:ff:9a:22 69371 0 18967731 46691 0 4214999 0 en1 1500 smacker.loc fe80::219:e3ff:fe 69371 - 18967731 46691 - 4214999 - - - en1 1500 192.168.1 smacker.GERMANS 69371 - 18967731 46691 - 4214999 - - -
mbuf statistics.
netstat -m [-m]

> netstat -m 1680/1737 mbufs in use: 622 mbufs allocated to data 1056 mbufs allocated to packet tags 2 mbufs allocated to Appletalk data blocks 57 mbufs allocated to caches 841/ 952 mbuf 2KB clusters in use 0/16 mbuf 4KB clusters in use 1968 KB allocated to network (83.3% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to drain routines
> netstat -m -m class buf active ctotal total cache cached uncached memory name size bufs bufs bufs state bufs bufs usage ---------- ----- -------- -------- -------- ----- -------- -------- --------- mbuf 256 1737 1182 1848 on 53 58 295.5 KB cl 2048 891 62 952 on 2 59 124.0 KB bigcl 4096 7 9 16 on 0 9 36.0 KB mbuf_cl 2304 609 659 659 on 50 0 1.4 MB mbuf_bigcl 4352 0 7 7 on 7 0 29.8 KB …

routing table
netstat -r [-Aaln] [-f address_family]

> netstat -r Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default Wireless_Broadband UGSc 25 41 en1 127 localhost UCS 0 0 lo0 localhost localhost UH 1 100 lo0 169.254 link#6 UCS 0 0 en1 192.168.1 link#6 UCS 13 0 en1 Wireless_Broadband 0:1f:90:2d:33:ab UHLW 4 17 en1 1186 smacker.GERMANS localhost UHS 0 0 lo0 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 1 1 en1 Internet6: Destination Gateway Flags Netif Expire localhost link#1 UHL lo0 fe80::%lo0 localhost Uc lo0 localhost link#1 UHL lo0 fe80::%en1 link#6 UC en1 smacker.local 0:19:e3:32:f:8c UHL lo0 ff01:: localhost U lo0 ff02:: localhost UC lo0 ff02:: link#6 UC en1
show protocol-cloned routes (routes generated by a RTF_PRCLONING parent route); normally these routes are not shown.
routing statistics.
netstat -rs [-s]

> netstat -rs routing: 0 bad routing redirects 0 dynamically created routes 0 new gateways due to redirects 33 destinations found unreachable 0 uses of a wildcard route 16 routes not in table but not freed

-a show protocol-cloned routes.
-s show routing statistics instead.
-l netstat assumes more columns are there and the maximum transmission unit (mtu) are also displayed.

multicast
netstat [-gilns] [-f address_family]

-g to multicast (group address) routing.
Default, show the IP Multicast virtual-interface and routing tables.
With -s show multicast routing statistics.

> netstat -g No IPv4 multicast routing compiled into this system. No IPv6 multicast routing compiled into this system. Link-layer Multicast Group Memberships Group Link-layer Address Netif 33:33:0:0:0:fb <none> en1 1:0:5e:0:0:fb <none> en1 33:33:27:92:79:e8 <none> en1 33:33:0:0:0:1 <none> en1 1:3:93:df:b:92 <none> en1 IPv4 Multicast Group Memberships Group Link-layer Address Netif 224.0.0.251 <none> lo0 224.0.0.1 <none> lo0 224.0.0.251 1:0:5e:0:0:fb en1 IPv6 Multicast Group Memberships Group Link-layer Address Netif ff02:1::fb <none> lo0 ff01::1 <none> lo0 ff02:1::2:65d0:d71e <none> lo0 ff02:1::1 <none> lo0 ff02:1::1:ff00:1 <none> lo0 ff02:6::fb 33:33:0:0:0:fb en1 ff02:6::2:2792:79e8 33:33:27:92:79:e8 en1 ff02:6::1 33:33:0:0:0:1 en1

-i Show the state of interfaces which have been auto-configured (interfaces statically configured into a system, but not located at boot time are not shown).
With -a active multicast addresses are shown for each Ethernet interface and for each IP interface address. Multicast addresses are shown on separate lines following the interface address with which they are associated.
With -s show per-interface statistics , second -s supresses zero entries

>netstat -gi Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll lo0 16384 <Link#1> 582 0 582 0 0 lo0 16384 localhost fe80::1 582 - 582 - - lo0 16384 127 localhost 582 - 582 - - lo0 16384 localhost ::1 582 - 582 - - gif0* 1280 <Link#2> 0 0 0 0 0 stf0* 1280 <Link#3> 0 0 0 0 0 en0 1500 <Link#4> 00:11:24:47:3f:aa 0 0 0 0 0 fw0 2030 <Link#5> 00:11:24:ff:fe:47:3f:aa 0 0 0 0 0 en1 1500 <Link#6> 00:19:e3:32:0f:8c 16916 0 8141 0 0

OUTPUT
shows the local and remote addresses, send and receive queue sizes (in bytes), protocol, and the internal state of the protocol.
Address are of the form host.port or network.port if a socket's address specifies a network but no specific host address.
Host and network addresses are displayed symbolically according to the /etc/hosts and /etc/networks.
If a symbolic name for an address is unknown, or if the -n is specified, the address is printed numerically, according to the address family. dot format, refer to inet).
Unspecified, or wildcard, addresses and ports appear as *.

netstat -f inet Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 smacker.GERMANS.51555 slammer.GERMANS.netbio ESTABLISHED tcp4 0 0 smacker.GERMANS.50325 esc170.midphase..ssh ESTABLISHED tcp4 0 0 smacker.GERMANS.50303 esc170.midphase..ftp CLOSE_WAIT tcp4 0 0 smacker.GERMANS.49613 esc170.midphase..ftp CLOSE_WAIT udp4 0 0 smacker.GERMANS.netbio *.* udp4 0 0 smacker.GERMANS.netbio *.* udp4 0 0 *.netbios-dgm *.* udp4 0 0 *.netbios-ns *.* udp4 0 0 smacker.GERMANS.kerber *.* udp4 0 0 *.55227 *.* … udp4 0 0 *.52859 *.* udp4 0 0 smacker.GERMANS.ntp *.* udp4 0 0 localhost.ntp *.* udp4 0 0 *.ntp *.* udp4 0 0 *.* *.* udp4 0 0 *.mdns *.* udp4 0 0 *.* *.*
Internet domain socket states:

CLOSED not in use.
LISTEN listening for incoming connections. only displayed with -a .
SYN_SENT actively trying to establish a connection to a remote peer.
SYN_RCVD passively received a connection request from a remote peer.
ESTABLISHED has an established connection between a local application and a remote peer.
CLOSE_WAIT closed by the remote peer, and the system is waiting for the local application to close its half of the connection.
LAST_ACK closed by the remote peer and local application, waiting for the remote peer to acknowledge the close.
FIN_WAIT_1 closed by the local application, the remote peer has not yet acknowledged the close, and the system is waiting for it to close its half of the connection.
FIN_WAIT_2 closed by the local application, the remote peer has acknowledged the close, and the system is waiting for it to close its half of the connection.
CLOSING closed by the local application and the remote peer simultaneously, and the remote peer has not yet acknowledged the close attempt of the local application.
TIME_WAIT closed by the local application and the remote peer, waiting to be sure that the remote peer received the last acknowledgement.
The interface display provides a table of cumulative statistics regarding packets transferred, errors, and collisions. The network addresses of the interface and the maximum transmission unit (mtu) are also displayed.
The routing table display indicates the available routes and their status. Each route consists of a destination host or network and a gateway to use in forwarding packets. The flags field shows a collection of information about the route stored as binary choices. The individual flags are discussed in more detail in the route(8) and route(4) manual pages. The mapping between letters and flags is:

1 RTF_PROTO1
2 RTF_PROTO2
3 RTF_PROTO3
B RTF_BLACKHOLE discard packets (during updates)
b RTF_BROADCAST a broadcast address
C RTF_CLONING Generate new routes on use
c RTF_PRCLONING Protocol-specified generate new routes on use
D RTF_DYNAMIC Created dynamically (by redirect)
G RTF_GATEWAY Destination requires forwarding by intermediary
H RTF_HOST net otherwise
L RTF_LLINFO Valid protocol to link address translation
M RTF_MODIFIED Modified dynamically (by redirect)
R RTF_REJECT Host or net unreachable
S RTF_STATIC Manually added
U RTF_UP Route usable
W RTF_WASCLONED Route was generated as a result of cloning
X RTF_XRESOLVE External daemon translates proto to link address

Direct routes are created for each interface attached to the local host; the gateway field for such entries shows the address of the outgoing interface.
The refcnt field gives the current number of active uses of the route. Connection oriented protocols normally hold on to a single route for the duration of a connection while connection less protocols obtain a route while sending to the same destination.
The use field provides a count of the number of packets sent using that route.
The interface entry indicates the network interface utilized for the route.
When netstat is invoked with -w wait a running count of statistics related to network interfaces or protocols.
By default, this display summarizes information for all interfaces.
Information for a specific interface may be displayed with -I.

> netstat -A Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) udp4 0 0 smacker.GERMANS.netbio *.* udp4 0 0 smacker.GERMANS.netbio *.* udp4 0 0 smacker.GERMANS.ntp *.* udp4 0 0 smacker.GERMANS.kerber *.* udp6 0 0 smacker.local.kerberos *.* udp6 0 0 localhost.kerberos *.* udp4 0 0 *.61492 *.* udp4 0 0 *.61420 *.* udp4 0 0 *.52348 *.* udp4 0 0 *.57114 *.* udp4 0 0 *.53745 *.* udp4 0 0 *.60167 *.* udp4 0 0 *.52932 *.* udp4 0 0 *.49719 *.* udp4 0 0 *.52426 *.* udp4 0 0 *.60775 *.* udp4 0 0 *.54721 *.* udp4 0 0 *.netbios-dgm *.* udp4 0 0 *.netbios-ns *.* udp4 0 0 *.* *.* udp6 0 0 smacker.local.ntp *.* udp6 0 0 localhost.ntp *.* udp4 0 0 localhost.ntp *.* udp6 0 0 localhost.ntp *.* udp6 0 0 *.ntp *.* udp4 0 0 *.ntp *.* udp6 0 0 *.mdns *.* udp4 0 0 *.mdns *.* udp4 0 0 *.* *.* icm6 0 0 *.* *.* Active LOCAL (UNIX) domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr 2bce088 stream 0 0 0 55ded48 0 0 55ded48 stream 0 0 0 2bce088 0 0 2ca3440 stream 0 0 0 2bcea18 0 0 /var/run/asl_input 2bcea18 stream 0 0 0 2ca3440 0 0 2ca3770 stream 0 0 0 2bceb28 0 0 /var/run/asl_input 2bceb28 stream 0 0 0 2ca3770 0 0 … many simular entries ommited … 2ca3330 stream 0 0 0 2cbd660 0 0 2cbd660 stream 0 0 0 2ca3330 0 0 Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr 2cbd3b8 stream 0 0 31c9680 0 0 0 /tmp/launch-BPZQcK/:0 2cbd770 stream 0 0 31c97a0 0 0 0 /tmp/launch-M1pYIi/Listeners 2cbd990 stream 0 0 31c98c0 0 0 0 /tmp/launch-HmDrRD/Render 2cbd6e8 stream 0 0 31c99e0 0 0 0 /private/tmp/com.hp.launchport 26babb0 stream 0 0 31c9cb0 0 0 0 /tmp/launchd-106.s5jA82/sock Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr 2ca3e58 stream 0 0 0 2cbd4c8 0 0 2cbd4c8 stream 0 0 0 2ca3e58 0 0 2cbdb28 stream 0 0 0 2cbd2a8 0 0 2cbd2a8 stream 0 0 0 2cbdb28 0 0 2ca37f8 stream 0 0 0 2cbd908 0 0 /var/run/mDNSResponder 2cbd908 stream 0 0 0 2ca37f8 0 0 … many simular entries ommited … 2bcef68 stream 0 0 2bbe6c0 0 0 0 /var/run/pppconfd 26bac38 stream 0 0 27a2ac0 0 0 0 /var/tmp/launchd/sock 26bacc0 stream 0 0 27a2be0 0 0 0 /private/var/run/cupsd 26bad48 stream 0 0 27a2d00 0 0 0 /var/run/usbmuxd 26bae58 stream 0 0 27a2e20 0 0 0 /var/run/asl_input 26baf68 stream 0 0 27a2eb0 0 0 0 /var/run/portmap.socket 26baee0 stream 0 0 27a2f40 0 0 0 /var/run/mDNSResponder Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr 55deee0 dgram 0 0 0 2cbd110 2cbd110 0 2cbd110 dgram 0 0 0 55deee0 55deee0 0 2ca3f68 dgram 0 0 0 2bce000 2bce000 0 2bce000 dgram 0 0 0 2ca3f68 2ca3f68 0 … many simular entries ommited … 2bce990 dgram 0 0 0 26badd0 0 2bce6e8 2bce6e8 dgram 0 0 0 26badd0 0 2ca3908 2ca3908 dgram 0 0 0 26badd0 0 2ca3ee0 2ca3b28 dgram 0 0 0 2ca33b8 2ca33b8 0 2ca33b8 dgram 0 0 0 2ca3b28 2ca3b28 0 2cbd198 dgram 0 0 0 2ca3198 2ca3198 0 2ca3198 dgram 0 0 0 2cbd198 2cbd198 0 2ca3ee0 dgram 0 0 0 26badd0 0 2ca34c8 2ca34c8 dgram 0 0 0 26badd0 0 2cbd440 2cbd440 dgram 0 0 0 26badd0 0 2bce660 2cbd330 dgram 0 0 0 2cbd220 2cbd220 0 2cbd220 dgram 0 0 0 2cbd330 2cbd330 0 2bce660 dgram 0 0 0 26badd0 0 26ba3b8 26ba2a8 dgram 0 0 0 26ba220 26ba220 0 26ba220 dgram 0 0 0 26ba2a8 26ba2a8 0 26ba3b8 dgram 0 0 0 26badd0 0 26ba660 26ba660 dgram 0 0 0 26badd0 0 26ba7f8 26ba7f8 dgram 0 0 0 26badd0 0 0 26badd0 dgram 0 0 27a2d90 0 2bce990 0 /var/run/syslog

SEE fstat(1), nfsstat(1), ps(1), sockstat(1), inet(4), unix(4), hosts(5), networks(5), protocols(5), services(5), iostat(8), trpt(8), vmstat(8)
June 15, 2001 Darwin

Microsoft version
NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

-a all connections and listening ports.
-b binary executable involved in creating each connection or listening port.
In some cases well-known executables host multiple independent components, sequence of components involved in creating the connection or listening port is displayed, the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached.
Time-consuming and will fail without sufficient permissions.
-e Ethernet statistics. This may be combined with the -s option.
-f Fully Qualified Domain Names (FQDN) for foreign addresses.
-n numerical form.
-o the owning process ID associated with each connection.
-p proto proto may be: TCP, UDP, TCPv6, or UDPv6.
With -s to display per-protocol statistics, proto may be : IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-s statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
-r routing table.
-t current connection offload state.

interval Redisplays pausing interval seconds between each display.

examples

netstat -e Interface Statistics Received Sent Bytes 966629805 107094276 Unicast packets 827616 496033 Non-unicast packets 344958 100182 Discards 0 0 Errors 0 0 Unknown protocols 0 netstat -a -b Without -b does not provide name of executable The requested operation requires elevation.^† netstat -a -b Active Connections ^† Proto Local Address Foreign Address State TCP 0.0.0.0:21 kitchen:0 LISTENING [FileZilla Server.exe] TCP 0.0.0.0:135 kitchen:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:445 kitchen:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:2869 kitchen:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:5357 kitchen:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:49152 kitchen:0 LISTENING [wininit.exe] TCP 0.0.0.0:49153 kitchen:0 LISTENING eventlog [svchost.exe] TCP 0.0.0.0:49154 kitchen:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:49156 kitchen:0 LISTENING [lsass.exe] TCP 0.0.0.0:49157 kitchen:0 LISTENING [services.exe] TCP 0.0.0.0:49158 kitchen:0 LISTENING [spoolsv.exe] TCP 127.0.0.1:2559 kitchen:0 LISTENING [daemonu.exe] TCP 127.0.0.1:5354 kitchen:0 LISTENING [mDNSResponder.exe] TCP 127.0.0.1:5354 kitchen:49155 ESTABLISHED [mDNSResponder.exe] TCP 127.0.0.1:14147 kitchen:0 LISTENING [FileZilla Server.exe] TCP 127.0.0.1:27015 kitchen:0 LISTENING [AppleMobileDeviceService.exe] TCP 127.0.0.1:27015 kitchen:49190 ESTABLISHED [AppleMobileDeviceService.exe] TCP 127.0.0.1:49155 kitchen:5354 ESTABLISHED [AppleMobileDeviceService.exe] TCP 127.0.0.1:49190 kitchen:27015 ESTABLISHED [iTunesHelper.exe] TCP 127.0.0.1:56761 kitchen:56762 ESTABLISHED [firefox.exe] TCP 127.0.0.1:56762 kitchen:56761 ESTABLISHED [firefox.exe] TCP 127.0.0.1:56763 kitchen:56764 ESTABLISHED [firefox.exe] TCP 127.0.0.1:56764 kitchen:56763 ESTABLISHED [firefox.exe] TCP 127.0.0.1:59243 kitchen:0 LISTENING [KhalScroll.exe] TCP 192.168.1.5:139 kitchen:0 LISTENING Can not obtain ownership information TCP 192.168.1.5:4242 kitchen:0 LISTENING [SATARaid5ConfigService.exe] TCP 192.168.1.5:4242 kitchen:56746 ESTABLISHED [SATARaid5ConfigService.exe] TCP 192.168.1.5:56285 63.118.252.8:http CLOSE_WAIT [OUTLOOK.EXE] TCP 192.168.1.5:56286 63.118.252.8:http CLOSE_WAIT [OUTLOOK.EXE] TCP 192.168.1.5:56746 kitchen:4242 ESTABLISHED [javaw.exe] TCP 192.168.1.5:56774 real-world-systems:ssh ESTABLISHED [putty.exe] TCP 192.168.1.5:56791 real-world-systems:http TIME_WAIT TCP 192.168.1.5:56792 real-world-systems:http TIME_WAIT TCP 192.168.1.5:56793 real-world-systems:http TIME_WAIT TCP 192.168.1.5:56797 real-world-systems:http TIME_WAIT TCP 192.168.1.5:56798 real-world-systems:http TIME_WAIT TCP 192.168.1.5:56799 real-world-systems:http TIME_WAIT TCP [::]:21 kitchen:0 LISTENING [FileZilla Server.exe] TCP [::]:135 kitchen:0 LISTENING RpcSs [svchost.exe] TCP [::]:445 kitchen:0 LISTENING Can not obtain ownership information TCP [::]:2869 kitchen:0 LISTENING Can not obtain ownership information TCP [::]:5357 kitchen:0 LISTENING Can not obtain ownership information TCP [::]:49152 kitchen:0 LISTENING [wininit.exe] TCP [::]:49153 kitchen:0 LISTENING eventlog [svchost.exe] TCP [::]:49154 kitchen:0 LISTENING Schedule [svchost.exe] TCP [::]:49156 kitchen:0 LISTENING [lsass.exe] TCP [::]:49157 kitchen:0 LISTENING [services.exe] TCP [::]:49158 kitchen:0 LISTENING [spoolsv.exe] TCP [::1]:14147 kitchen:0 LISTENING [FileZilla Server.exe] TCP [fe80::9027:a9c8:8ff3:cb1d%15]:445 kitchen:49309 ESTABLISHED Can not obtain ownership information TCP [fe80::9027:a9c8:8ff3:cb1d%15]:49309 kitchen:microsoft-ds ESTABLISHED Can not obtain ownership information UDP 0.0.0.0:500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:4500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:5355 *:* Dnscache [svchost.exe] UDP 0.0.0.0:57937 *:* [mDNSResponder.exe] UDP 0.0.0.0:58829 *:* EventSystem [svchost.exe] UDP 0.0.0.0:59858 *:* FDResPub [svchost.exe] UDP 127.0.0.1:1900 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:48000 *:* [daemonu.exe] UDP 127.0.0.1:54674 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:57289 *:* [OUTLOOK.EXE] UDP 127.0.0.1:57939 *:* [AppleMobileDeviceService.exe] UDP 127.0.0.1:57940 *:* [AppleMobileDeviceService.exe] UDP 127.0.0.1:60976 *:* [iTunesHelper.exe] UDP 127.0.0.1:60977 *:* [iTunesHelper.exe] UDP 192.168.1.5:137 *:* Can not obtain ownership information UDP 192.168.1.5:138 *:* Can not obtain ownership information UDP 192.168.1.5:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.1.5:5353 *:* [mDNSResponder.exe] UDP 192.168.1.5:54673 *:* SSDPSRV [svchost.exe] UDP [::]:500 *:* IKEEXT [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:4500 *:* IKEEXT [svchost.exe] UDP [::]:5355 *:* Dnscache [svchost.exe] UDP [::]:57938 *:* [mDNSResponder.exe] UDP [::]:58830 *:* EventSystem [svchost.exe] UDP [::]:59859 *:* FDResPub [svchost.exe] UDP [::1]:1900 *:* SSDPSRV [svchost.exe] UDP [::1]:5353 *:* [mDNSResponder.exe] UDP [::1]:54672 *:* SSDPSRV [svchost.exe] UDP [fe80::9027:a9c8:8ff3:cb1d%15]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::9027:a9c8:8ff3:cb1d%15]:54671 *:* SSDPSRV [svchost.exe] netstat -s (reformatted )

IPv4 Statistics Packets Received = 462764 Received Header Errors = 0 Received Address Errors = 11696 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 20472 Received Packets Delivered = 451658 Output Requests = 204465 Routing Discards = 0 Discarded Output Packets = 81 Output Packet No Route = 23 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Successfully Fragmented = 0 Datagrams Failing Fragmentation = 0 Fragments Created = 0
IPv6 names ommitted for breviety = 16496 = 0 = 0 = 0 = 0 = 5114 = 16389 = 18100 = 0 = 0 = 10 = 174 = 87 = 0 = 0 = 0 = 0
ICMPv4 Received Sent Messages 136 1276 Errors 0 0 Destination Unreachable 118 1259 Time Exceeded 0 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echo Replies 3 14 Echos 15 3 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 Router Solicitations 0 0 Router Advertisements 0 0
ICMPv6 Statistics Received Sent Messages 24 20 Errors 0 0 Destination Unreachable 0 0 Packet Too Big 0 0 Time Exceeded 0 0 Parameter Problems 0 0 Echos 0 0 Echo Replies 0 0 MLD Queries 0 0 MLD Reports 0 0 MLD Dones 0 0 Router Solicitations 0 16 Router Advertisements 9 0 Neighbor Solicitations 1 3 Neighbor Advertisements 14 1 Redirects 0 0 Router Renumberings 0 0
TCP Statistics for IPv4 Active Opens = 7613 Passive Opens = 482 Failed Connection Attempts = 181 Reset Connections = 322 Current Connections = 13 Segments Received = 413240 Segments Sent = 314623 Segments Retransmitted = 12568
IPv6 = 17 = 18 = 0 = 2 = 2 = 4091 = 2701 = 1389
UDP Statistics for IPv4 Datagrams Received = 102677 No Ports = 20464 Receive Errors = 5 Datagrams Sent = 27028
IPv6 = 4685 = 5114 = 0 = 10560

`-a`	show protocol-cloned routes.
`-s`	show routing statistics instead.
`-l`	`netstat` assumes more columns are there and the maximum transmission unit (`mtu`) are also displayed.