linux - netstat (8)
NAME
netstat - Display active network connections
SYNOPSIS
netstat [[-a | [-t | -u | -w]] [-n | -o] | -x] [-c]
netstat -i [-a] [-c]
netstat -r [-c] [-n]
netstat -v
DESCRIPTION
Netstat displays the status of network connections on
either TCP, UDP, RAW or UNIX sockets to the system. By
default, netstat only displays status on active sockets
which are not in the LISTEN state (i.e. connections to
active processes). To obtain information about the kernel
routing table, netstat may be invoked with the option -r
Netstat's display includes the following information for
each socket:
Proto
The protocol (either TCP or UDP) used by the socket.
Recv-Q
The count of bytes not copied by the user program con-
nected to this socket.
Send-Q
The count of bytes not acknoledged by the remote host.
Local Address
The local address (local hostname) and port number of the
socket. Unless the -n switch is given, the socket address
is resolved to its canonical hostname, and the port number
is translated into the corresponding service name.
Foreign Address
The remote address (remote hostname) and port number of he
socket. As with the local address:port, the -n switch
turns off hostname and service name resolution.
(State)
The state of the socket. Since there are no states in RAW
and usually no states used in UDP, this row may be left
ESTABLISHED
The socket has an established connection.
SYN_SENT
The socket is actively attempting to establish a
connection.
SYN_RECV
The connection is being initialized.
FIN_WAIT1
The socket is closed, and the connection is shut-
ting down.
FIN_WAIT2
Connection is closed, and the socket is waiting for
a shutdown from the remote end.
TIME_WAIT
The socket is waiting after close for remote shut-
down retransmission.
CLOSED The socket is not being used.
CLOSE_WAIT
The remote end has shut down, waiting for the
socket to close.
LAST_ACK
The remote end shut down, and the socket is closed.
Waiting for acknowledgement.
LISTEN The socket is listening for incoming connections.
CLOSING
Both sockets are shut down but we still don't have
all our data sent.
UNKNOWN
The state of the socket is unknown.
If netstat is invoked with the option -o , additional
information will be displayed behind the state info.
These informations are shown like this: "rx-retransmission
byte count" "tx-retransmission byte count" "timer state"
"(time/backoff)". Timer state may now be either on or off.
The time (in seconds) being displayed is how long it will
take the timer to expire. All these options are subject to
be removed in later releases of the NET software.
Being invoked with the option -x , netstat displys a list
Netstat's display includes the following information for
each socket:
Proto
The protocol (usually unix) used by the socket.
RefCnt
The reference count (i.e. attached processes via this
socket).
Flags
The only displayed flag is SO_ACCEPTON (displayed as ACC)
otherwise left blank. SO_ACCECPTON is used on unconnected
sockets if their corresponding processes are waiting for a
connect request. The other flags are not of normal inter-
est and not displayed.
Type
There are several types of socket access:
SOCK_DGRAM
The socket is used in Datagram (connectionless)
mode.
SOCK_STREAM
This is a stream (connection) socket.
SOCK_RAW
The socket is used as a raw socket.
SOCK_RDM
This one serves reliably-delivered messages.
SOCK_SEQPACKET
This is a sequential packet socket.
SOCK_PACKET
RAW interface access socket.
UNKNOWN
Who ever knows, what the future will bring us -
just fill in here :-)
State
This field will contain one of the following Keywords:
LISTENING
The socket is listening for a connection request.
UNCONNECTED
The socket is not connected to another one.
CONNECTING
The socket is about to establish a connection.
CONNECTED
The socket is connected.
DISCONNECTING
The socket is disconnecting.
UNKNOWN
This state should never happen.
Path
This displays the path name as which the corresponding
processes attached to the socket.
The network routing table (invoked with netstat -r ) shows
up the following information:
Destination net/address
The destination adress of a resolved host or hand-entered
network is displayed. Unless the option -n is given, the
hosts or nets are resolved. An entry named "default" shows
up the default route for the kernel.
Gateway address
If there is no Asterisk ('*') displayed - any data will be
routed to the dedicated gateway.
Flags
Possible routeing flags are:
U This route is useable
G Destination is a gateway
H Destination is a Host entry
R Route will be reinstated after time-out
D This one is created dynamically (by redirection)
M This one is modified dynamically (by redirection)
RefCnt
Use
How many times this route was used yet
Iface
This is the name of the Interface, where this route
belongs to
The device statistics table (invoked with netstat -i )
displays information about the interfaces:
Iface
The name this interface.
MTU
Maximum size for transmission on this interface. This
should be the size of data transferred on this interface
without interface specific headers.
RX-OK
error free received packets for this interface.
RX-ERR
buggy received packets.
RX-DRP
dropped received packets (due to memory lack ?).
RX-OVR
packets that we were unable to receive that fast way.
TX-OK
error free transmitted packets for this interface.
TX-ERR
buggy transmitted packets.
TX-DRP
dropped transmitteded packets.
TX-OVR
packets that we were unable to transmit.
Flags
The following flags may occur on the given interfaces:
A This interface will receive all Multicast adresses.
B Broadcasts are ok here.
D Debugging is turned on..
M all packets are received (Promisc-Mode).
N Trailers are avoided.
O No Addres Resolution Protocol on this Interface.
P Interface is a Point-to-Point connection.
R Interface is running.
U Interface is up.
Options
-a Display information about all internet sockets,
i.e. TCP, UDP, RAW and UNIX including those sockets
that are listening only.
-i Show network devices statistics.
-c Generate a continuous listing of network status:
network status is displayed every second until the
program is interrupted.
-n Causes netstat not to resolve hostnames and service
names when displaying remote and local address and
port information.
-o Display timer states, expiration times and backoff
state.
-r Display kernel routing table.
-t Display information about TCP sockets only, includ-
ing those that are listening.
-u Display information about UDP sockets only.
-v Print version information.
-w Display information about raw sockets.
-x Display information about UNIX domain sockets.
FILES
/etc/services -- The services translation file
/proc/net/socket -- devices information
/proc/net/raw -- RAW socket information
/proc/net/tcp -- TCP socket information
/proc/net/udp -- UDP socket information
/proc/net/unix -- Unix domain socket information
BUGS
Occasionally strange information may appear if a socket
changes as it is viewed. This is unlikely to occur.
AUTHORS
The netstat user interface was written by Fred Baumgarten
<dc6iq@insu1.etec.uni-karlsruhe.de> the man page basically
by Matt Welsh <mdw@tc.cornell.edu>. It was updated by Alan
Cox <Alan.Cox@linux.org> but could do with a bit more
work.