pavement

Netstat

From FreeBSDwiki
Jump to: navigation, search

netstat is a tool which allows you to monitor various network I/O statistics.

Handy arguments:

netstat - with no arguments, simply lists all open network connections, similar to the behavior of fstat.
netstat -i - show summary information for all interfaces, including total packets in, out, error, and collided over the system's uptime.
netstat -ibd - as above, including counts in bytes and including counts of dropped (by kernel firewall) packets.
netstat -w 1 - list summary input and output statistics for all network interfaces once every second until halted.
netstat -w 1 -I xl0 - as above, but only includes data for the xl0 interface.

A particularly useful argument is -r, which outputs information based on routing table (-f inet restricts output to IPv4 traffic):

ph34r# netstat -r -f inet
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.0.1        UGS         0    15595    re0
localhost          localhost          UH          0     5516    lo0
192.168.0          link#1             UC          0        0    re0
192.168.0.1        00:00:c5:76:4e:08  UHLW        1        0    re0   1173
ph34r              00:08:54:b1:1c:34  UHLW        0       13    lo0
192.168.0.53       08:00:46:2a:2f:e1  UHLW        4        1    re0   1178
192.168.0.50       00:08:54:b1:3a:ed  UHLW        0   131436    re0   1095
192.168.0.99       00:1a:92:21:00:b0  UHLW        0   378217    re0    836
192.168.0.255      ff:ff:ff:ff:ff:ff  UHLWb       0       49    re0
192.168.1.10       192.168.0.53       UGHD        0     3655    re0
192.168.1.54       192.168.0.53       UGHD        0    30139    re0

Here we can see that ph34r (the local machine) has sent most of its traffic through the local machines at 192.168.0.50 and 192.168.0.99, and that the machines at 192.168.1.10 and 192.168.1.54 are being routed through the machine at 192.168.0.53 (which happens to be an openvpn server linking two geographically separate networks). You can tell which machines are local by examining the "Gateway" column - if it is populated with a MAC address, the machine in question is on the local subnet; whereas if the Gateway column is populated with an IP address the machine is (presumably) remote (and certainly not treated as local, regardless of whether it truly is directly connectable or not).

see also: fstat, iostat

Personal tools