DevOps Essentials

View on GitHub



netstat – show network status


netstat [-AaLlnW] [-f address_family -p protocol]

netstat [-gilns] [-v] [-f address_family] [-I interface]

netstat -i -I interface [-w wait] [-c queue] [-abdgqRtS]
netstat -s [-s] [-f address_family -p protocol] [-w wait]
netstat -i -I interface -s [-f address_family -p protocol]

netstat -m [-m]

netstat -r [-Aaln] [-f address_family]

netstat -rs [-s]


The netstat command symbolically displays the contents of various network-related data structures. There are a number of output formats, depending on the options for the information presented.

The first form of the command displays a list of active sockets for each protocol.

The second form presents the contents of one of the other network data structures according to the option selected.

Using the third form, with a wait interval specified, netstat will continuously display the information regarding packet traffic on the configured network interfaces.

The fourth form displays statistics for the specified protocol or address family. If a wait interval is specified, the protocol information over the last interval seconds will be displayed.

The fifth form displays per-interface statistics for the specified protocol or address family.

The sixth form displays mbuf(9) statistics.

The seventh form displays routing table for the specified address family.

The eighth form displays routing statistics.

Consider two programs attempting a socket connection (call them a and b). Both set up sockets and transition to the LISTEN state. Then one program (say a) tries to connect to the other (b). a sends a request and enters the SYN_SENT state, and b receives the request and enters the SYN_RECV state. When b acknowledges the request, they enter the ESTABLISHED state, and do their business. Now a couple of things can happen:



Linux netstat syntax

$ netstat -tulpn | grep LISTEN

FreeBSD/MacOS X netstat syntax

$ netstat -anp tcp | grep LISTEN
tcp46      0 0 *.3283                 *.* LISTEN     
tcp4       0 0        *.* LISTEN

OpenBSD netstat syntax

$ netstat -na -f inet | grep LISTEN
$ netstat -nat | grep LISTEN