netstat is a tool which allows you to monitor various network I/O statistics.
netstat - with no arguments, simply lists all open network connections, similar to the behavior of fstat. netstat -i - show summary information for all interfaces, including total packets in, out, error, and collided over the system's uptime. netstat -ibd - as above, including counts in bytes and including counts of dropped (by kernel firewall) packets. netstat -w 1 - list summary input and output statistics for all network interfaces once every second until halted. netstat -w 1 -I xl0 - as above, but only includes data for the xl0 interface.
A particularly useful argument is -r, which outputs information based on routing table (-f inet restricts output to IPv4 traffic):
ph34r# netstat -r -f inet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.0.1 UGS 0 15595 re0 localhost localhost UH 0 5516 lo0 192.168.0 link#1 UC 0 0 re0 192.168.0.1 00:00:c5:76:4e:08 UHLW 1 0 re0 1173 ph34r 00:08:54:b1:1c:34 UHLW 0 13 lo0 192.168.0.53 08:00:46:2a:2f:e1 UHLW 4 1 re0 1178 192.168.0.50 00:08:54:b1:3a:ed UHLW 0 131436 re0 1095 192.168.0.99 00:1a:92:21:00:b0 UHLW 0 378217 re0 836 192.168.0.255 ff:ff:ff:ff:ff:ff UHLWb 0 49 re0 192.168.1.10 192.168.0.53 UGHD 0 3655 re0 192.168.1.54 192.168.0.53 UGHD 0 30139 re0
Here we can see that ph34r (the local machine) has sent most of its traffic through the local machines at 192.168.0.50 and 192.168.0.99, and that the machines at 192.168.1.10 and 192.168.1.54 are being routed through the machine at 192.168.0.53 (which happens to be an openvpn server linking two geographically separate networks). You can tell which machines are local by examining the "Gateway" column - if it is populated with a MAC address, the machine in question is on the local subnet; whereas if the Gateway column is populated with an IP address the machine is (presumably) remote (and certainly not treated as local, regardless of whether it truly is directly connectable or not).