The netstat command generates screens that display network status and protocol statistics. You can display the status of TCP and UDP endpoints in table format, routing table information, and interface information.
Netstat displays various types of network data depending on the command-line option selected. These screens are the most useful for system administration. The syntax of this form is
: netstat [-m] [-n] [-s] [-i | -r]
[-f address_family]
The most commonly used options for determining network status are: s, r, and i. See the netstat(1M) man page for a description of the options.
Viewing
statistics by protocol
The netstat -s option displays statistics by protocol for UDP, TCP, ICMP, and IP protocols. The result resembles the screen shown in the following example. (Parts of the exit have been truncated.) The information can indicate areas where a protocol is having problems. For example, statistical information from ICMP can indicate where this protocol has encountered errors.
UDP udpInDatagrams = 39228 udpOutDatagrams = 2455 udpInErrors = 0 TCP tcpRtoAlgorithm = 4 tcpMaxConn = -1 tcpRtoMax = 60000 tcpPassiveOpens = 2 tcpActiveOpens = 4 tcpEstabResets = 1 tcpAttemptFails = 3 tcpOutSegs = 315 tcpCurrEstab = 1 tcpOutDataGets bytes = 10547 tcpOutDataSegs = 288 tcpRetransBytes = 8376 tcpRetransSegs = 29 tcpOutAckDelayed = 23 tcpOutAck = 27 tcpOutWinUpdate = 2 tcpOutUrg = 2 tcpOutControl = 8 tcpOutWinProbe = 0 tcpOutFastRetrans = 1 tcpOutRsts = 0 tcpInSegs = 563 tcpInAckBytes = 10549 tcpInAckSegs = 289 tcpInAckUnsent = 0 tcpInDupAck = 27 tcpInInInOrderBytes = 673 tcpInInOrderSegs = 254 tcpInInInOrderBytes = 673 tcpInUnorderSegs = 0 tcpInUnorderBytes = 0 tcpInDupBytes = 0 tcpInPartDupDupBytes = 0 tcpInPartDupDupBytes Bytes = 0 tcpInPartDupDupBytes Segs = 0 tcpInPartDupBytes = 0 tcpInPastWinSegs = 0 tcpInPastWinBytes = 0 tcpInWinProbe = 0 tcpInWinUpdate = 237 tcpInClosed = 0 tcpRttNoUpdate = 21 tcpRttUpdate = 266 tcpTimRetrans = 26 tcpTimRetransDrop = 0 tcpTimKeepalive = 0 tcpTimKeepaliveProbe= 0 tcpTimKeepaliveDrop = 0 IP ipForwarding = 2 ipDefaultTTL = 255 ipInReceive = 4518 ipInHdrErrors = 0 ipInAddrErrors = 0 ipInCksumErrs = 0 ipForwDatagrams = 0 ipForwProhibiits = 0 ipInUnknownProtos = 0 ipInDiscards = 0 ipInDelivers = 448666 ipOutRequests = 2805 ipOutDiscards = 5 ipOutNoRoutes = 0 ipReasmTimeout = 60 ipReasmReqds = 2 ipReasmOKs = 2 ipReasmReqds = 2 ipReasmDuplicates = 0 ipReasmFails = 0 ipFragOKs = 20 ipReasmPartDups = 0 ipFragCreates = 116 ipFragFails = 0 tcpInErrs = 0 ipRoutingDiscards = 0 udpInCksumErrs = 0 udpNoPorts = 33 rawipInOverflows = 0 udpInOverflows = 6 ICMP icmpInMsgs = 0 icmpInErrors = 0 icmpInCksumErrs = 0 icmpInUnknowns = 0 icmpInDestUnreachs = 0 icmpInTimeExcds = 0 icmpInParmProbes s = 0 icmpInSrcQuenchQuenchs s = 0 icmpInRedirects = 0 icmpInBadRedirects = 0 icmpInEchoEchos = 0 icmpInEchoReps = 0 icmpInTimestamps = 0 icmpInTimestampReps = 0 icmpInAddrMasks = 0 icmpInAddrMaskReps = 0 icmpInFragNeeded = 0 icmpOutMsgs = 7 icmpOutDestUnreachs = 1 icmpOutErrors = 0 icmpOutDrops = 5 icmpOutTimeExcds = 0 icmpOutParmProbs = 0 icmpOutSrcQuenchs = 6 icmpOutRedirects = 0 icmpOutEchoEchos = 0 icmpOutEchoReps = 0 icmpOutTimestamps = 0 icmpOutTimestampReps= 0 icmpOutAddrMasks = 0 icmpOutAddrMaskReps = 0 icmpOutFragNeeded = 0 icmpInOverflows = 0 IGMP: 0 messages received 0 messages received with too few bytes 0 messages received with incorrect checksum 0 membership queries received 0 queries from membership received with invalid fields 0 membership reports received 0 Membership reports received with invalid fields 0 Membership reports received for groups to which we belong 0 Membership reports sent Viewing network
interface
status
The netstat option i displays the status of the network interfaces configured with the computer where you ran the command. Here is a sample screen produced by netstat -i.
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue le0 1500 b5-spd-2f-cm tatra 14093893 8492 10174659 1119 2314178 0 lo0 8232 loopback localhost 92997622 5442 12451748 0 775125 0 With
this screen, you can find out how many packets you think a machine has transmitted and received on each network. For example, the input packet count (Ipkts) displayed for a server may increase each time a client attempts to boot, while the output packet count (Opkts) remains stable. This suggests that the server is viewing the client’s boot request packets, but does not realize that it is supposed to respond to them. This may be due to an incorrect address in the hosts or ethers database.
On the other hand, if the input packet count is constant over time, it means that the machine does not see the packets at all. This suggests a different type of failure, possibly a hardware problem.
Viewing the status of
the routing table
The -r option in netstat displays the IP routing table. Here is a sample screen produced by netstat -r run on machine tenere.
Routing tables Target gateway indicators Refcnt Usage interface temp8milptp elvis UGH 0 0 irmcpeb1-ptp0 elvis UGH 0 0 route93-ptp0 speed UGH 0 0 mtvb9-ptp0 speed UGH 0 0 . mtnside speed UG 1 567 ray-net speed UG 0 0 mtnside-eng speed UG 0 36 mtnside-eng speed UG 0 558 mtnside-eng tenere U 33 190248 le0
The first column shows the destination network, the second the router through which packets are forwarded. The U flag indicates that the route is up; the G flag indicates that the route is to a gateway. The H flag indicates that the destination is a fully qualified host address, rather than a network.
The Refcnt column shows the number of
active uses per route, and the Use column shows the number of packets sent per route. Finally, the Interface column shows the network interface that the route uses.
