Tutorials Point


  Unix for Beginners
  Unix Shell Programming
  Advanced Unix
  Unix Useful References
  Unix Useful Resources
  Selected Reading

Copyright © 2014 by tutorialspoint



  Home     References     Discussion Forums     About TP  

netstat - Unix, Linux Command


previous next AddThis Social Bookmark Button


Advertisements

NAME

netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

SYNOPSIS

netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--symbolic|-N] [--extend|-e[--extend|-e]] [--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [delay]

netstat {--route|-r} [address_family_options] [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]

netstat {--interfaces|-i} [iface] [--all|-a] [--extend|-e[--extend|-e]] [--verbose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]

netstat {--groups|-g} [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]

netstat {--masquerade|-M} [--extend|-e] [--numeric|-n] [--numeric-hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]

netstat {--statistics|-s} [--tcp|-t] [--udp|-u] [--raw|-w] [delay]

netstat {--version|-V}

netstat {--help|-h}

address_family_options:

[--protocol={inet,unix,ipx,ax25,netrom,ddp}[,...]] [--unix|-x] [--inet|--ip] [--ax25] [--ipx] [--netrom] [--ddp]

DESCRIPTION

Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument, as follows:

(none)

By default, netstat displays a list of open sockets. If you don’t specify any address families, then the active sockets of all configured address families will be printed.

--route , -r

Display the kernel routing tables.

--groups , -g

Display multicast group membership information for IPv4 and IPv6.

--interface=iface , -i

Display a table of all network interfaces, or the specified iface).

--masquerade , -M

Display a list of masqueraded connections.

--statistics , -s

Display summary statistics for each protocol.

OPTIONS

--verbose , -v

Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.

--numeric , -n

Show numerical addresses instead of trying to determine symbolic host, port or user names.

--numeric-hosts

shows numerical host addresses but does not affect the resolution of port or user names.

--numeric-ports

shows numerical port numbers but does not affect the resolution of host or user names.

--numeric-users

shows numerical user IDs but does not affect the resolution of host or port names.

--protocol=family , -A

Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown. family is a comma (’,’) separated list of address family keywords like inet, unix, ipx, ax25, netrom, and ddp. This has the same effect as using the --inet, --unix (-x), --ipx, --ax25, --netrom, and --ddp options.

The address family inet includes raw, udp and tcp protocol sockets.

-c, --continuous

This will cause netstat to print the selected information every second continuously.

-e, --extend

Display additional information. Use this option twice for maximum detail.

-o, --timers

Include information related to networking timers.

-p, --program

Show the PID and name of the program to which each socket belongs.

-l, --listening

Show only listening sockets. (These are omitted by default.)

-a, --all

Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not marked

-F

Print routing information from the FIB. (This is the default.)

-C

Print routing information from the route cache.

-Z --context

If SELinux enabled print SELinux context.

-T --notrim

Stop trimming long addresses.

delay

Netstat will cycle printing through statistics every delay seconds. UP.

OUTPUT

Active Internet connections (TCP, UDP, raw)

Proto

The protocol (tcp, udp, raw) used by the socket.

Recv-Q

The count of bytes not copied by the user program connected to this socket.

Send-Q

The count of bytes not acknowledged by the remote host.

Local Address

Address and port number of the local end of the socket. Unless the --numeric (-n) option is specified, the socket address is resolved to its canonical host name (FQDN), and the port number is translated into the corresponding service name.

Foreign Address

Address and port number of the remote end of the socket. Analogous to "Local Address."

State

The state of the socket. Since there are no states in raw mode and usually no states used in UDP, this column may be left blank. Normally this can be one of several values:
TagDescription
ESTABLISHED The socket has an established connection.
SYN_SENT The socket is actively attempting to establish a connection.
SYN_RECV A connection request has been received from the network.
FIN_WAIT1 The socket is closed, and the connection is shutting down.
FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown from the remote end.
TIME_WAIT The socket is waiting after close to handle packets still in the network.
CLOSED The socket is not being used.
CLOSE_WAIT The remote end has shut down, waiting for the socket to close.
LAST_ACK The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
LISTEN The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.
CLOSING Both sockets are shut down but we still don’t have all our data sent.
UNKNOWN The state of the socket is unknown.

User

The username or the user id (UID) of the owner of the socket.

PID/Program name

Slash-separated pair of the process id (PID) and process name of the process that owns the socket. --program causes this column to be included. You will also need superuser privileges to see this information on sockets you don’t own. This identification information is not yet available for IPX sockets.

Timer

(this needs to be written)

Active UNIX domain Sockets

Proto

The protocol (usually unix) used by the socket.

RefCnt

The reference count (i.e. attached processes via this socket).

Flags

The flags displayed is SO_ACCEPTON (displayed as ACC), SO_WAITDATA (W) or SO_NOSPACE (N). SO_ACCECPTON is used on unconnected sockets if their corresponding processes are waiting for a connect request. The other flags are not of normal interest.

Type

There are several types of socket access:
TagDescription
SOCK_DGRAM The socket is used in Datagram (connectionless) mode.
SOCK_STREAM This is a stream (connection) socket.
SOCK_RAW The socket is used as a raw socket.
SOCK_RDM This one serves reliably-delivered messages.
SOCK_SEQPACKET This is a sequential packet socket.
SOCK_PACKET Raw interface access socket.
UNKNOWN Who ever knows what the future will bring us - just fill in here :-)

State

This field will contain one of the following Keywords:
TagDescription
FREE The socket is not allocated
LISTENING
  The socket is listening for a connection request. Such sockets are only included in the output if you specify the --listening (-l) or --all (-a) option.
CONNECTING
  The socket is about to establish a connection.
CONNECTED
  The socket is connected.
DISCONNECTING
  The socket is disconnecting.
(empty) The socket is not connected to another one.
UNKNOWN
  This state should never happen.

PID/Program name

Process ID (PID) and process name of the process that has the socket open. More info available in Active Internet connections section written above.

Path

This is the path name as which the corresponding processes attached to the socket.

Active IPX sockets

(this needs to be done by somebody who knows it)

Active NET/ROM sockets

(this needs to be done by somebody who knows it)

Active AX.25 sockets

(this needs to be done by somebody who knows it)

NOTES

Starting with Linux release 2.2 netstat -i does not show interface statistics for alias interfaces. To get per alias interface counters you need to setup explicit rules using the ipchains(8) command.

FILES

/etc/services -- The services translation file

/proc -- Mount point for the proc filesystem, which gives access to kernel status information via the following files.

/proc/net/dev -- device information

/proc/net/raw -- raw socket information

/proc/net/tcp -- TCP socket information

/proc/net/udp -- UDP socket information

/proc/net/igmp -- IGMP multicast information

/proc/net/unix -- Unix domain socket information

/proc/net/ipx -- IPX socket information

/proc/net/ax25 -- AX25 socket information

/proc/net/appletalk -- DDP (appletalk) socket information

/proc/net/nr -- NET/ROM socket information

/proc/net/route -- IP routing information

/proc/net/ax25_route -- AX25 routing information

/proc/net/ipx_route -- IPX routing information

/proc/net/nr_nodes -- NET/ROM nodelist

/proc/net/nr_neigh -- NET/ROM neighbours

/proc/net/ip_masquerade -- masqueraded connections

/proc/net/snmp -- statistics

SEE ALSO

BUGS

Occasionally strange information may appear if a socket changes as it is viewed. This is unlikely to occur.

If the sctp module is not added to the kernel, running netstat with the -A inet or -A inet6 option abnormally terminates with the following message:

netstat: no support for ‘AF INET (sctp)’ on this system.        

To avoid this, install the sctp kernel module.

AUTHORS

The netstat user interface was written by Fred Baumgarten <dc6iq@insu1.etec.uni-karlsruhe.de> the man page basically by Matt Welsh <mdw@tc.cornell.edu>. It was updated by Alan Cox <Alan.Cox@linux.org> but could do with a bit more work. It was updated again by Tuan Hoang <tqhoang@bigfoot.com>.
The man page and the command included in the net-tools package is totally rewritten by Bernd Eckenfels <ecki@linux.de>.

previous next Printer Friendly

Advertisements


  

Advertisements