The netstat command generates displays that show network status and protocol statistics. You can display the status of TCP and UDP endpoints in table format, routing table information, and interface information.
netstat displays various types of network data depending on the command line option selected. These displays are the most useful for system administration. The syntax for this form is:
netstat [-m] [-n] [-s] [-i | -r] [-f address_family]
The most frequently used options for determining network status are: s, r, and i. See the netstat(1M) man page for a description of the options.
The netstat -s option displays per protocol statistics for the UDP, TCP, ICMP, and IP protocols. The result resembles the display shown in the example below. (Parts of the output have been truncated.) The information can indicate areas where a protocol is having problems. For example, statistical information from ICMP can indicate where this protocol has found errors.
UDP udpInDatagrams = 39228 udpOutDatagrams = 2455 udpInErrors = 0 TCP tcpRtoAlgorithm = 4 tcpMaxConn = -1 tcpRtoMax = 60000 tcpPassiveOpens = 2 tcpActiveOpens = 4 tcpEstabResets = 1 tcpAttemptFails = 3 tcpOutSegs = 315 tcpCurrEstab = 1 tcpOutDataBytes = 10547 tcpOutDataSegs = 288 tcpRetransBytes = 8376 tcpRetransSegs = 29 tcpOutAckDelayed = 23 tcpOutAck = 27 tcpOutWinUpdate = 2 tcpOutUrg = 2 tcpOutControl = 8 tcpOutWinProbe = 0 tcpOutFastRetrans = 1 tcpOutRsts = 0 tcpInSegs = 563 tcpInAckBytes = 10549 tcpInAckSegs = 289 tcpInAckUnsent = 0 tcpInDupAck = 27 tcpInInorderBytes = 673 tcpInInorderSegs = 254 tcpInInorderBytes = 673 tcpInUnorderSegs = 0 tcpInUnorderBytes = 0 tcpInDupSegs = 0 tcpInDupBytes = 0 tcpInPartDupSegs = 0 tcpInPartDupBytes = 0 tcpInPastWinSegs = 0 tcpInPastWinBytes = 0 tcpInWinProbe = 0 tcpInWinUpdate = 237 tcpInClosed = 0 tcpRttNoUpdate = 21 tcpRttUpdate = 266 tcpTimRetrans = 26 tcpTimRetransDrop = 0 tcpTimKeepalive = 0 tcpTimKeepaliveProbe= 0 tcpTimKeepaliveDrop = 0 IP ipForwarding = 2 ipDefaultTTL = 255 ipInReceives = 4518 ipInHdrErrors = 0 ipInAddrErrors = 0 ipInCksumErrs = 0 ipForwDatagrams = 0 ipForwProhibits = 0 ipInUnknownProtos = 0 ipInDiscards = 0 ipInDelivers = 4486 ipOutRequests = 2805 ipOutDiscards = 5 ipOutNoRoutes = 0 ipReasmTimeout = 60 ipReasmReqds = 2 ipReasmOKs = 2 ipReasmReqds = 2 ipReasmDuplicates = 0 ipReasmFails = 0 ipFragOKs = 20 ipReasmPartDups = 0 ipFragCreates = 116 ipFragFails = 0 tcpInErrs = 0 ipRoutingDiscards = 0 udpInCksumErrs = 0 udpNoPorts = 33 rawipInOverflows = 0 udpInOverflows = 6 ICMP icmpInMsgs = 0 icmpInErrors = 0 icmpInCksumErrs = 0 icmpInUnknowns = 0 icmpInDestUnreachs = 0 icmpInTimeExcds = 0 icmpInParmProbs = 0 icmpInSrcQuenchs = 0 icmpInRedirects = 0 icmpInBadRedirects = 0 icmpInEchos = 0 icmpInEchoReps = 0 icmpInTimestamps = 0 icmpInTimestampReps = 0 icmpInAddrMasks = 0 icmpInAddrMaskReps = 0 icmpInFragNeeded = 0 icmpOutMsgs = 7 icmpOutDestUnreachs = 1 icmpOutErrors = 0 icmpOutDrops = 5 icmpOutTimeExcds = 0 icmpOutParmProbs = 0 icmpOutSrcQuenchs = 6 icmpOutRedirects = 0 icmpOutEchos = 0 icmpOutEchoReps = 0 icmpOutTimestamps = 0 icmpOutTimestampReps= 0 icmpOutAddrMasks = 0 icmpOutAddrMaskReps = 0 icmpOutFragNeeded = 0 icmpInOverflows = 0 IGMP: 0 messages received 0 messages received with too few bytes 0 messages received with bad checksum 0 membership queries received 0 membership queries received with invalid field(s) 0 membership reports received 0 membership reports received with invalid field(s) 0 membership reports received for groups to which we belong 0 membership reports sent |
The i option of netstat shows the state of the network interfaces that are configured with the machine where you ran the command. Here is a sample display produced by netstat -i.
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue le0 1500 b5-spd-2f-cm tatra 14093893 8492 10174659 1119 2314178 0 lo0 8232 loopback localhost 92997622 5442 12451748 0 775125 0 |
Using this display, you can find out how many packets a machine thinks it has transmitted and received on each network. For example, the input packet count (Ipkts) displayed for a server can increase each time a client tries to boot, while the output packet count (Opkts) remains steady. This suggests that the server is seeing the boot request packets from the client, but does not realize it is supposed to respond to them. This might be caused by an incorrect address in the hosts or ethers database.
On the other hand, if the input packet count is steady over time, it means that the machine does not see the packets at all. This suggests a different type of failure, possibly a hardware problem.
The -r option of netstat displays the IP routing table. Here is a sample display produced by netstat -r run on machine tenere.
Routing tables Destination Gateway Flags Refcnt Use Interface temp8milptp elvis UGH 0 0 irmcpeb1-ptp0 elvis UGH 0 0 route93-ptp0 speed UGH 0 0 mtvb9-ptp0 speed UGH 0 0 . mtnside speed UG 1 567 ray-net speed UG 0 0 mtnside-eng speed UG 0 36 mtnside-eng speed UG 0 558 mtnside-eng tenere U 33 190248 le0 |
The first column shows the destination network, the second the router through which packets are forwarded. The U flag indicates that the route is up; the G flag indicates that the route is to a gateway. The H flag indicates that the destination is a fully qualified host address, rather than a network.
The Refcnt column shows the number of active uses per route, and the Use column shows the number of packets sent per route. Finally, the Interface column shows the network interface that the route uses.