netstat BSD Darwin
displays the contents of network data structures.netstat [-AaLlnW] [-f address_family | -p protocol]
| |||||||||||||||||||||
-s Show per-protocol statistics. If this option is repeated zeros are suppressed.
-I interface Show information about the specified interface
> netstat -is -I en1 (reformated for this page)
ip6 on en1:
200 total input datagrams
0 datagrams with invalid header received 0 datagrams exceeded MTU received
0 datagrams with no route received 0 datagrams with invalid dst received
0 datagrams with unknown proto received 0 truncated datagrams received
0 input datagrams discarded
200 datagrams delivered to an upper layer protocol
0 datagrams forwarded to this interface
287 datagrams sent from an upper layer protocol
0 total discarded output datagrams
0 output datagrams fragmented 0 output datagrams failed on fragment
0 output datagrams succeeded on fragment
0 incoming datagrams fragmented 0 datagrams reassembled
0 datagrams failed on reassembling
200 multicast datagrams received 287 multicast datagrams sent
en1 0 smacker.loc fe80::219:e3ff:fe 0 - 0 - -
en1 0 (16)00:00:ff:46:16 0 0 0 0 0
en1 0 192.168.1 smacker.GERMANS 0 - 0 - -
icmp6 on en1: (reformated for this page)
0 total input messages
0 total input error messages
0 input destination unreachable errors
0 input administratively prohibited errors
0 input time exceeded errors
0 input parameter problem errors
0 input packet too big errors
0 input echo requests
0 input echo replys
0 input router solicitations
0 input router advertisements
0 input neighbor solicitations
0 input neighbor advertisements
0 input redirects
0 input MLD querys
0 input MLD reports
0 input MLD dones
87 total output messages
0 total output error messages
0 output destination unreachable errors
0 output administratively prohibited errors
0 output time exceeded errors
0 output parameter problem errors
0 output packet too big errors
0 output echo requests
0 output echo replys
56 output router solicitations
0 output router advertisements
2 output neighbor solicitations
0 output neighbor advertisements
0 output redirects
0 output MLD querys
20 output MLD reports
9 output MLD dones
en1 0 smacker.loc fe80::219:e3ff:fe 0 - 0 - -
en1 0 (16)00:00:ff:46:16 0 0 0 0 0
en1 0 192.168.1 smacker.GERMANS 0 - 0 - -
> netstat -iss -I en1
ip6 on en1:
198 total input datagrams
198 datagrams delivered to an upper layer protocol
285 datagrams sent from an upper layer protocol
198 multicast datagrams received
285 multicast datagrams sent
en1 0 smacker.loc fe80::219:e3ff:fe 0 - 0 - -
en1 0 (16)00:00:ff:46:16 0 0 0 0 0
en1 0 192.168.1 smacker.GERMANS 0 - 0 - -
icmp6 on en1:
87 total output messages
56 output router solicitations
2 output neighbor solicitations
20 output MLD reports
9 output MLD dones
en1 0 smacker.loc fe80::219:e3ff:fe 0 - 0 - -
en1 0 (16)00:00:ff:46:16 0 0 0 0 0
en1 0 192.168.1 smacker.GERMANS 0 - 0 - -
continuously display the information regarding packet traffic on the configured network interfaces
netstat -i | -I interface [-w wait] [-abdgt]
> netstat -i -I en1 -w 5 -d
input (en1) output
packets errs bytes packets errs bytes colls drops
346 0 328207 333 0 32237 0 0
532 0 692543 368 0 31238 0 0
486 0 649996 326 0 26907 0 0
137 0 163205 120 0 10773 0 0
4 0 216 0 0 0 0 0
7 0 1262 4 0 476 0 0
62 0 17372 44 0 4228 0 0
158 0 25661 262 0 24510 0 0
23 0 4448 37 0 3990 0 0
4 0 804 1 0 46 0 0
5 0 290 1 0 46 0 0
3 0 730 0 0 0 0 0
8 0 456 2 0 100 0 0
5 0 880 2 0 144 0 0
4 0 230 2 0 100 0 0
…
-b number of bytes in and out.
-d number of dropped packets.
-w wait Show statistics every wait seconds.
-t time ??
> netstat -I en1 -d -b -t
Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll Time Drop
en1 1500 <Link#6> 00:19:e3:32:0f:8c 69371 0 18967731 46691 0 4214999 0
en1 1500 (16)00:00:ff:9a:22 69371 0 18967731 46691 0 4214999 0
en1 1500 smacker.loc fe80::219:e3ff:fe 69371 - 18967731 46691 - 4214999 - - -
en1 1500 192.168.1 smacker.GERMANS 69371 - 18967731 46691 - 4214999 - - -
mbuf statistics.
netstat -m [-m]
> netstat -m
1680/1737 mbufs in use:
622 mbufs allocated to data
1056 mbufs allocated to packet tags
2 mbufs allocated to Appletalk data blocks
57 mbufs allocated to caches
841/ 952 mbuf 2KB clusters in use
0/16 mbuf 4KB clusters in use
1968 KB allocated to network (83.3% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to drain routines
> netstat -m -m
class buf active ctotal total cache cached uncached memory
name size bufs bufs bufs state bufs bufs usage
---------- ----- -------- -------- -------- ----- -------- -------- ---------
mbuf 256 1737 1182 1848 on 53 58 295.5 KB
cl 2048 891 62 952 on 2 59 124.0 KB
bigcl 4096 7 9 16 on 0 9 36.0 KB
mbuf_cl 2304 609 659 659 on 50 0 1.4 MB
mbuf_bigcl 4352 0 7 7 on 7 0 29.8 KB
…
routing table
netstat -r [-Aaln] [-f address_family]
> netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default Wireless_Broadband UGSc 25 41 en1
127 localhost UCS 0 0 lo0
localhost localhost UH 1 100 lo0
169.254 link#6 UCS 0 0 en1
192.168.1 link#6 UCS 13 0 en1
Wireless_Broadband 0:1f:90:2d:33:ab UHLW 4 17 en1 1186
smacker.GERMANS localhost UHS 0 0 lo0
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 1 1 en1
Internet6:
Destination Gateway Flags Netif Expire
localhost link#1 UHL lo0
fe80::%lo0 localhost Uc lo0
localhost link#1 UHL lo0
fe80::%en1 link#6 UC en1
smacker.local 0:19:e3:32:f:8c UHL lo0
ff01:: localhost U lo0
ff02:: localhost UC lo0
ff02:: link#6 UC en1
show protocol-cloned routes (routes generated by a RTF_PRCLONING parent route); normally these routes are not shown.
routing statistics.
netstat -rs [-s]
> netstat -rs
routing:
0 bad routing redirects
0 dynamically created routes
0 new gateways due to redirects
33 destinations found unreachable
0 uses of a wildcard route
16 routes not in table but not freed
-a show protocol-cloned routes.
-s show routing statistics instead.
-l netstat assumes more columns are there and the maximum transmission unit (mtu) are also displayed.
multicast
netstat [-gilns] [-f address_family]
-g Show information related to multicast (group address) routing. By default, show the IP Multicast virtual-interface and routing tables. With -s show multicast routing statistics.
> netstat -g
No IPv4 multicast routing compiled into this system.
No IPv6 multicast routing compiled into this system.
Link-layer Multicast Group Memberships
Group Link-layer Address Netif
33:33:0:0:0:fb <none> en1
1:0:5e:0:0:fb <none> en1
33:33:27:92:79:e8 <none> en1
33:33:0:0:0:1 <none> en1
1:3:93:df:b:92 <none> en1
IPv4 Multicast Group Memberships
Group Link-layer Address Netif
224.0.0.251 <none> lo0
224.0.0.1 <none> lo0
224.0.0.251 1:0:5e:0:0:fb en1
IPv6 Multicast Group Memberships
Group Link-layer Address Netif
ff02:1::fb <none> lo0
ff01::1 <none> lo0
ff02:1::2:65d0:d71e <none> lo0
ff02:1::1 <none> lo0
ff02:1::1:ff00:1 <none> lo0
ff02:6::fb 33:33:0:0:0:fb en1
ff02:6::2:2792:79e8 33:33:27:92:79:e8 en1
ff02:6::1 33:33:0:0:0:1 en1
-i Show the state of interfaces which have been auto-configured (interfaces statically configured into a system, but not located at boot time are not shown).
With -a active multicast addresses are shown for each Ethernet interface and for each IP interface address. Multicast addresses are shown on separate lines following the interface address with which they are associated.
With -s show per-interface statistics , second -s supresses zero entries
>netstat -gi
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lo0 16384 <Link#1> 582 0 582 0 0
lo0 16384 localhost fe80::1 582 - 582 - -
lo0 16384 127 localhost 582 - 582 - -
lo0 16384 localhost ::1 582 - 582 - -
gif0* 1280 <Link#2> 0 0 0 0 0
stf0* 1280 <Link#3> 0 0 0 0 0
en0 1500 <Link#4> 00:11:24:47:3f:aa 0 0 0 0 0
fw0 2030 <Link#5> 00:11:24:ff:fe:47:3f:aa 0 0 0 0 0
en1 1500 <Link#6> 00:19:e3:32:0f:8c 16916 0 8141 0 0
OUTPUT
The default display, for active sockets, shows the local and remote addresses, send and receive queue sizes (in bytes), protocol, and the internal state of the protocol.
Address are of the form host.port or network.port if a socket's address specifies a network but no specific host address.
Host and network addresses are displayed symbolically according to the /etc/hosts and /etc/networks. If a symbolic name for an address is unknown, or if
the -n is specified, the address is printed numerically, according to the address family. For more information regarding the Internet dot format, refer to inet).
Unspecified, or wildcard, addresses and ports appear as *.
netstat -f inet
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 smacker.GERMANS.51555 slammer.GERMANS.netbio ESTABLISHED
tcp4 0 0 smacker.GERMANS.50325 esc170.midphase..ssh ESTABLISHED
tcp4 0 0 smacker.GERMANS.50303 esc170.midphase..ftp CLOSE_WAIT
tcp4 0 0 smacker.GERMANS.49613 esc170.midphase..ftp CLOSE_WAIT
udp4 0 0 smacker.GERMANS.netbio *.*
udp4 0 0 smacker.GERMANS.netbio *.*
udp4 0 0 *.netbios-dgm *.*
udp4 0 0 *.netbios-ns *.*
udp4 0 0 smacker.GERMANS.kerber *.*
udp4 0 0 *.55227 *.*
…
udp4 0 0 *.52859 *.*
udp4 0 0 smacker.GERMANS.ntp *.*
udp4 0 0 localhost.ntp *.*
udp4 0 0 *.ntp *.*
udp4 0 0 *.* *.*
udp4 0 0 *.mdns *.*
udp4 0 0 *.* *.*
Internet domain socket states:
CLOSED not in use.
LISTEN listening for incoming connections. only displayed with -a .
SYN_SENT actively trying to establish a connection to a remote peer.
SYN_RCVDpassively received a connection request from a remote peer.
ESTABLISHED has an established connection between a local application and a remote peer.
CLOSE_WAIT closed by the remote peer, and the system is waiting for the local application to close its half of the connection.
LAST_ACK closed by the remote peer and local application, waiting for the remote peer to acknowledge the close.
FIN_WAIT_1 closed by the local application, the remote peer has not yet acknowledged the close, and the system is waiting for it to close its half of the connection.
FIN_WAIT_2 closed by the local
application, the remote peer has acknowledged the close, and the system
is waiting for it to close its half of the connection.
CLOSING closed by the local application
and the remote peer simultaneously, and the remote peer has not yet
acknowledged the close attempt of the local application.
TIME_WAIT closed by the local
application and the remote peer, waiting to be sure that the remote peer received the last acknowledgement.
The interface display provides a table of cumulative statistics regarding packets
transferred, errors, and collisions. The network addresses of the interface and the
maximum transmission unit (mtu) are also displayed.
The routing table display indicates the available routes and their status. Each
route consists of a destination host or network and a gateway to use in forwarding
packets. The flags field shows a collection of information about the route stored as
binary choices. The individual flags are discussed in more detail in the route(8)
and route(4) manual pages. The mapping between letters and flags is:
1RTF_PROTO1
2RTF_PROTO2
3RTF_PROTO3
BRTF_BLACKHOLEdiscard packets (during updates)
bRTF_BROADCASTa broadcast address
CRTF_CLONINGGenerate new routes on use
cRTF_PRCLONINGProtocol-specified generate new routes on use
DRTF_DYNAMICCreated dynamically (by redirect)
GRTF_GATEWAYDestination requires forwarding by intermediary
HRTF_HOST net otherwise
LRTF_LLINFOValid protocol to link address translation
MRTF_MODIFIEDModified dynamically (by redirect)
RRTF_REJECTHost or net unreachable
SRTF_STATICManually added
URTF_UP Route usable
WRTF_WASCLONEDRoute was generated as a result of cloning
XRTF_XRESOLVEExternal daemon translates proto to link address
Direct routes are created for each interface attached to the local host; the gateway field for such entries shows the address of the outgoing interface.
The refcnt field gives the current number of active uses of the route. Connection oriented protocols normally hold on to a single route for the duration of a connection while connection less protocols obtain a route while sending to the same destination.
The use field provides a count of the number of packets sent using that route.
The interface entry indicates the network interface utilized for the route.
When netstat is invoked with -w wait a running count of statistics related to network interfaces or protocols.
By default, this display summarizes information for all interfaces.
Information for a specific interface may be displayed with -I.
> netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
udp4 0 0 smacker.GERMANS.netbio *.*
udp4 0 0 smacker.GERMANS.netbio *.*
udp4 0 0 smacker.GERMANS.ntp *.*
udp4 0 0 smacker.GERMANS.kerber *.*
udp6 0 0 smacker.local.kerberos *.*
udp6 0 0 localhost.kerberos *.*
udp4 0 0 *.61492 *.*
udp4 0 0 *.61420 *.*
udp4 0 0 *.52348 *.*
udp4 0 0 *.57114 *.*
udp4 0 0 *.53745 *.*
udp4 0 0 *.60167 *.*
udp4 0 0 *.52932 *.*
udp4 0 0 *.49719 *.*
udp4 0 0 *.52426 *.*
udp4 0 0 *.60775 *.*
udp4 0 0 *.54721 *.*
udp4 0 0 *.netbios-dgm *.*
udp4 0 0 *.netbios-ns *.*
udp4 0 0 *.* *.*
udp6 0 0 smacker.local.ntp *.*
udp6 0 0 localhost.ntp *.*
udp4 0 0 localhost.ntp *.*
udp6 0 0 localhost.ntp *.*
udp6 0 0 *.ntp *.*
udp4 0 0 *.ntp *.*
udp6 0 0 *.mdns *.*
udp4 0 0 *.mdns *.*
udp4 0 0 *.* *.*
icm6 0 0 *.* *.*
Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
2bce088 stream 0 0 0 55ded48 0 0
55ded48 stream 0 0 0 2bce088 0 0
2ca3440 stream 0 0 0 2bcea18 0 0 /var/run/asl_input
2bcea18 stream 0 0 0 2ca3440 0 0
2ca3770 stream 0 0 0 2bceb28 0 0 /var/run/asl_input
2bceb28 stream 0 0 0 2ca3770 0 0
… many simular entries ommited …
2ca3330 stream 0 0 0 2cbd660 0 0
2cbd660 stream 0 0 0 2ca3330 0 0
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
2cbd3b8 stream 0 0 31c9680 0 0 0 /tmp/launch-BPZQcK/:0
2cbd770 stream 0 0 31c97a0 0 0 0 /tmp/launch-M1pYIi/Listeners
2cbd990 stream 0 0 31c98c0 0 0 0 /tmp/launch-HmDrRD/Render
2cbd6e8 stream 0 0 31c99e0 0 0 0 /private/tmp/com.hp.launchport
26babb0 stream 0 0 31c9cb0 0 0 0 /tmp/launchd-106.s5jA82/sock
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
2ca3e58 stream 0 0 0 2cbd4c8 0 0
2cbd4c8 stream 0 0 0 2ca3e58 0 0
2cbdb28 stream 0 0 0 2cbd2a8 0 0
2cbd2a8 stream 0 0 0 2cbdb28 0 0
2ca37f8 stream 0 0 0 2cbd908 0 0 /var/run/mDNSResponder
2cbd908 stream 0 0 0 2ca37f8 0 0
… many simular entries ommited …
2bcef68 stream 0 0 2bbe6c0 0 0 0 /var/run/pppconfd
26bac38 stream 0 0 27a2ac0 0 0 0 /var/tmp/launchd/sock
26bacc0 stream 0 0 27a2be0 0 0 0 /private/var/run/cupsd
26bad48 stream 0 0 27a2d00 0 0 0 /var/run/usbmuxd
26bae58 stream 0 0 27a2e20 0 0 0 /var/run/asl_input
26baf68 stream 0 0 27a2eb0 0 0 0 /var/run/portmap.socket
26baee0 stream 0 0 27a2f40 0 0 0 /var/run/mDNSResponder
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
55deee0 dgram 0 0 0 2cbd110 2cbd110 0
2cbd110 dgram 0 0 0 55deee0 55deee0 0
2ca3f68 dgram 0 0 0 2bce000 2bce000 0
2bce000 dgram 0 0 0 2ca3f68 2ca3f68 0
… many simular entries ommited …
2bce990 dgram 0 0 0 26badd0 0 2bce6e8
2bce6e8 dgram 0 0 0 26badd0 0 2ca3908
2ca3908 dgram 0 0 0 26badd0 0 2ca3ee0
2ca3b28 dgram 0 0 0 2ca33b8 2ca33b8 0
2ca33b8 dgram 0 0 0 2ca3b28 2ca3b28 0
2cbd198 dgram 0 0 0 2ca3198 2ca3198 0
2ca3198 dgram 0 0 0 2cbd198 2cbd198 0
2ca3ee0 dgram 0 0 0 26badd0 0 2ca34c8
2ca34c8 dgram 0 0 0 26badd0 0 2cbd440
2cbd440 dgram 0 0 0 26badd0 0 2bce660
2cbd330 dgram 0 0 0 2cbd220 2cbd220 0
2cbd220 dgram 0 0 0 2cbd330 2cbd330 0
2bce660 dgram 0 0 0 26badd0 0 26ba3b8
26ba2a8 dgram 0 0 0 26ba220 26ba220 0
26ba220 dgram 0 0 0 26ba2a8 26ba2a8 0
26ba3b8 dgram 0 0 0 26badd0 0 26ba660
26ba660 dgram 0 0 0 26badd0 0 26ba7f8
26ba7f8 dgram 0 0 0 26badd0 0 0
26badd0 dgram 0 0 27a2d90 0 2bce990 0 /var/run/syslog
SEE
fstat(1), nfsstat(1), ps(1), sockstat(1), inet(4), unix(4), hosts(5), networks(5),
protocols(5), services(5), iostat(8), trpt(8), vmstat(8)
June 15, 2001 Darwin