netstat —
show network status
  
    | netstat | [ -Aan] [-faddress_family[,family ...]]
      [-Mcore]
      [-Nsystem] | 
  
    | netstat | [ -bdghiLlmnqrSsTtv] [-faddress_family[,family ...]]
      [-Mcore]
      [-Nsystem] | 
  
    | netstat | [ -dn] [-Iinterface] [-Mcore] [-Nsystem] [-wwait] | 
  
    | netstat | [ -Mcore]
      [-Nsystem]
      [-pprotocol] | 
  
    | netstat | [ -Mcore]
      [-Nsystem]
      [-pprotocol]-Ppcbaddr | 
  
    | netstat | [ -i] [-IInterface] [-pprotocol] | 
  
    | netstat | [ -is] [-faddress_family[,family ...]]
      [-IInterface] | 
  
    | netstat | [ -s] [-IInterface]-B | 
The netstat command symbolically displays the contents
  of various network-related data structures. There are a number of output
  formats, depending on the options for the information presented. The first
  form of the command displays a list of active sockets for each protocol. The
  second form presents the contents of one of the other network data structures
  according to the option selected. Using the third form, with a
  wait interval specified, netstat
  will continuously display the information regarding packet traffic on the
  configured network interfaces. The fourth form displays statistics about the
  named protocol. The fifth and sixth forms display per interface statistics for
  the specified protocol or address family.
The options have the following meaning:
  - -A
- With the default display, show the address of any protocol control blocks
      associated with sockets; used for debugging.
- -a
- With the default display, show the state of all sockets; normally sockets
      used by server processes are not shown.
- -B
- With the default display, show the current
      bpf(4) peers. To show only the
      peers listening to a specific interface, use the
      -Ioption. If the-soption is present, show the current
      bpf(4) statistics.
- -b
- With the interface display (option -i), show bytes
      in and out, instead of packets in and out.
- -d
- With either interface display (option -ior an
      interval, as described below), show the number of dropped packets.
- -faddress_family[,family ...]
- Limit statistics or address control block reports to those of the
      specified address_families. The following address
      families are recognized: inet, for
      AF_INET; inet6, forAF_INET6; arp, forAF_ARP; ns, forAF_NS; atalk, forAF_APPLETALK; mpls, forAF_MPLS; and local or
      unix, forAF_LOCAL.
- -g
- Show information related to multicast (group address) routing. By default,
      show the IP Multicast virtual-interface and routing tables. If the
      -soption is also present, show multicast routing
      statistics.
- -h
- When used with -bin combination with either-ior-I, output
      "human-readable" byte counts.
- -Iinterface
- Show information about the specified interface; used with a
      wait interval as described below. If the
      -faddress_family option
      (with the-soption) or the-pprotocol option is
      present, show per-interface statistics on the
      interface for the specified
      address_family or protocol,
      respectively.
- -i
- Show the state of interfaces which have been auto-configured (interfaces
      statically configured into a system, but not located at boot time are not
      shown). If the -aoptions is also present,
      multicast addresses currently in use are shown for each Ethernet interface
      and for each IP interface address. Multicast addresses are shown on
      separate lines following the interface address with which they are
      associated. If the-faddress_family option (with the-soption) or the-pprotocol option is present, show per-interface
      statistics on all interfaces for the specified
      address_family or protocol,
      respectively.
- -L
- Don't show link-level routes (e.g., IPv4 ARP or IPv6 neighbour
    cache).
- -l
- With the -goption, display wider fields for the
      IPv6 multicast routing table “Origin” and
      “Group” columns.
- -Mcore
- Use kvm(3) instead of
      sysctl(3) to retrieve
      information and extract values associated with the name list from the
      specified core. If the -Moption is not given but
      the-Noption is given, the default
      /dev/mem is used.
- -m
- Show statistics recorded by the mbuf memory management routines (the
      network manages a private pool of memory buffers). If the kernel option
      options MBUFTRACEis set, extra info can be
      retrieved with-mssv. See also
      options(4).
- -Nsystem
- Use kvm(3) instead of
      sysctl(3) to retrieve
      information and extract the name list from the specified system. For the
      default behavior when only -Moption is given, see
      the description about when execfile isNULLin
      kvm_openfiles(3).
- -n
- Show network addresses and ports as numbers (normally
      netstatinterprets addresses and ports and
      attempts to display them symbolically). This option may be used with any
      of the display formats.
- -Ppcbaddr
- Dump the contents of the protocol control block (PCB) located at kernel
      virtual address pcbaddr. This address may be
      obtained using the -Aflag. The default protocol
      is TCP, but may be overridden using the-pflag.
- -pprotocol
- Show statistics about protocol, which is either a
      well-known name for a protocol or an alias for it. Some protocol names and
      aliases are listed in the file /etc/protocols. A
      null response typically means that there are no interesting numbers to
      report. The program will complain if protocol is
      unknown or if there is no statistics routine for it.
- -q
- Show software interrupt queue setting/statistics for all protocols.
- -r
- Show the routing tables. When -sis also present,
      show routing statistics instead.
- -S
- Show network addresses as numbers (as with -n, but
      show ports symbolically).
- -s
- Show per-protocol statistics. If this option is repeated, counters with a
      value of zero are suppressed.
- -T
- Show MPLS Tags for the routing tables. If multiple tags exists, they will
      be comma separated, first tag being the BoS one.
- -t
- With the -ioption, display the current value of
      the watchdog timer function.
- -v
- Show extra (verbose) detail for the routing tables
      (-r), or avoid truncation of long addresses.
- -wwait
- Show network interface statistics at intervals of
      wait seconds.
- -X
- Force use of sysctl(3) when
      retrieving information. Some features of netstatmay not be (fully) supported when using
      sysctl(3). This flag forces
      the use of the latter regardless, and emits a message if a not yet fully
      supported feature is used in conjunction with it. This flag might be
      removed at any time; do not rely on its presence.
The default display, for active sockets, shows the local and
    remote addresses, send and receive queue sizes (in bytes), protocol, and the
    internal state of the protocol. Address formats are of the form
    ``host.port'' or ``network.port'' if a socket's address specifies a network
    but no specific host address. When known the host and network addresses are
    displayed symbolically according to the data bases
    /etc/hosts and
    /etc/networks, respectively. If a symbolic name for
    an address is unknown, or if the -n option is
    specified, the address is printed numerically, according to the address
    family. For more information regarding the Internet ``dot format,'' refer to
    inet(3)). Unspecified, or
    ``wildcard'', addresses and ports appear as ``*''. You can use the
    fstat(1) command to find out
    which process or processes hold references to a socket.
The interface display provides a table of cumulative statistics
    regarding packets transferred, errors, and collisions. The network addresses
    of the interface and the maximum transmission unit (``mtu'') are also
    displayed.
The routing table display indicates the available routes and their
    status. Each route consists of a destination host or network and a gateway
    to use in forwarding packets. The flags field shows a collection of
    information about the route stored as binary choices. The individual flags
    are discussed in more detail in the
    route(8) and
    route(4) manual pages.
Direct routes are created for each interface attached to the local
    host; the gateway field for such entries shows the address of the outgoing
    interface. The refcnt field gives the current number of active uses of the
    route. Connection oriented protocols normally hold on to a single route for
    the duration of a connection while connectionless protocols obtain a route
    while sending to the same destination. The use field provides a count of the
    number of packets sent using that route. The mtu entry shows the mtu
    associated with that route. This mtu value is used as the basis for the TCP
    maximum segment size. The 'L' flag appended to the mtu value indicates that
    the value is locked, and that path mtu discovery is turned off for that
    route. A ‘-’ indicates that the mtu for this route has not
    been set, and a default TCP maximum segment size will be used. The interface
    entry indicates the network interface used for the route.
When netstat is invoked with the
    -w option and a wait interval
    argument, it displays a running count of statistics related to network
    interfaces. An obsolescent version of this option used a numeric parameter
    with no option, and is currently supported for backward compatibility. This
    display consists of a column for the primary interface (the first interface
    found during autoconfiguration) and a column summarizing information for all
    interfaces. The primary interface may be replaced with another interface
    with the -I option. The first line of each screen of
    information contains a summary since the system was last rebooted.
    Subsequent lines of output show values accumulated over the preceding
    interval.
The first character of the flags column in the
    -B option shows the status of the
    bpf(4) descriptor which has three
    different values: Idle ('I'), Waiting ('W') and Timed Out ('T'). The second
    character indicates whether the promisc flag is set. The third character
    indicates the status of the immediate mode. The fourth character indicates
    whether the peer will have the ability to see the packets sent. And the
    fifth character shows the header complete flag status.
fstat(1),
  nfsstat(1),
  ps(1),
  sockstat(1),
  vmstat(1),
  inet(3),
  kvm(3),
  kvm_openfiles(3),
  sysctl(3),
  bpf(4),
  options(4),
  route(4),
  hosts(5),
  networks(5),
  protocols(5),
  services(5),
  ifmcstat(8),
  iostat(8),
  route(8),
  trpt(8)
The netstat command appeared in
  4.2BSD. IPv6 support was added by WIDE/KAME project.
The notion of errors is ill-defined.