1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 33.\" $FreeBSD$ 34.\" 35.Dd February 15, 2009 36.Dt NETSTAT 1 37.Os 38.Sh NAME 39.Nm netstat 40.Nd show network status 41.Sh DESCRIPTION 42The 43.Nm 44command symbolically displays the contents of various network-related 45data structures. 46There are a number of output formats, 47depending on the options for the information presented. 48.Bl -tag -width indent 49.It Xo 50.Bk -words 51.Nm 52.Op Fl AaLnSWx 53.Op Fl f Ar protocol_family | Fl p Ar protocol 54.Op Fl M Ar core 55.Op Fl N Ar system 56.Ek 57.Xc 58Display a list of active sockets 59(protocol control blocks) 60for each network protocol, 61for a particular 62.Ar protocol_family , 63or for a single 64.Ar protocol . 65If 66.Fl A 67is also present, 68show the address of a protocol control block (PCB) 69associated with a socket; used for debugging. 70If 71.Fl a 72is also present, 73show the state of all sockets; 74normally sockets used by server processes are not shown. 75If 76.Fl L 77is also present, 78show the size of the various listen queues. 79The first count shows the number of unaccepted connections, 80the second count shows the amount of unaccepted incomplete connections, 81and the third count is the maximum number of queued connections. 82If 83.Fl S 84is also present, 85show network addresses as numbers (as with 86.Fl n ) 87but show ports symbolically. 88If 89.Fl x 90is present display full socket buffer statistics for each internet socket. 91.It Xo 92.Bk -words 93.Nm 94.Fl i | I Ar interface 95.Op Fl abdhntW 96.Op Fl f Ar address_family 97.Op Fl M Ar core 98.Op Fl N Ar system 99.Ek 100.Xc 101Show the state of all network interfaces or a single 102.Ar interface 103which have been auto-configured 104(interfaces statically configured into a system, but not 105located at boot time are not shown). 106An asterisk 107.Pq Dq Li * 108after an interface name indicates that the interface is 109.Dq down . 110If 111.Fl a 112is also present, multicast addresses currently in use are shown 113for each Ethernet interface and for each IP interface address. 114Multicast addresses are shown on separate lines following the interface 115address with which they are associated. 116If 117.Fl b 118is also present, show the number of bytes in and out. 119If 120.Fl d 121is also present, show the number of dropped packets. 122If 123.Fl h 124is also present, print all counters in human readable form. 125If 126.Fl t 127is also present, show the contents of watchdog timers. 128If 129.Fl W 130is also present, print interface names using a wider field size. 131.It Xo 132.Bk -words 133.Nm 134.Fl w Ar wait 135.Op Fl I Ar interface 136.Op Fl d 137.Op Fl M Ar core 138.Op Fl N Ar system 139.Ek 140.Xc 141At intervals of 142.Ar wait 143seconds, 144display the information regarding packet 145traffic on all configured network interfaces 146or a single 147.Ar interface . 148If 149.Fl d 150is also present, show the number of dropped packets. 151.It Xo 152.Bk -words 153.Nm 154.Fl s Op Fl s 155.Op Fl z 156.Op Fl f Ar protocol_family | Fl p Ar protocol 157.Op Fl M Ar core 158.Op Fl N Ar system 159.Ek 160.Xc 161Display system-wide statistics for each network protocol, 162for a particular 163.Ar protocol_family , 164or for a single 165.Ar protocol . 166If 167.Fl s 168is repeated, counters with a value of zero are suppressed. 169If 170.Fl z 171is also present, reset statistic counters after displaying them. 172.It Xo 173.Bk -words 174.Nm 175.Fl i | I Ar interface Fl s 176.Op Fl f Ar protocol_family | Fl p Ar protocol 177.Op Fl M Ar core 178.Op Fl N Ar system 179.Ek 180.Xc 181Display per-interface statistics for each network protocol, 182for a particular 183.Ar protocol_family , 184or for a single 185.Ar protocol . 186.It Xo 187.Bk -words 188.Nm 189.Fl m 190.Op Fl M Ar core 191.Op Fl N Ar system 192.Ek 193.Xc 194Show statistics recorded by the memory management routines 195.Pq Xr mbuf 9 . 196The network manages a private pool of memory buffers. 197.It Xo 198.Bk -words 199.Nm 200.Fl B 201.Op Fl z 202.Op Fl I Ar interface 203.Ek 204.Xc 205Show statistics about 206.Xr bpf 4 207peers. 208This includes information like 209how many packets have been matched, dropped and received by the 210bpf device, also information about current buffer sizes and device 211states. 212.It Xo 213.Bk -words 214.Nm 215.Fl r 216.Op Fl AanW 217.Op Fl f Ar address_family 218.Op Fl M Ar core 219.Op Fl N Ar system 220.Ek 221.Xc 222Display the contents of all routing tables, 223or a routing table for a particular 224.Ar address_family . 225If 226.Fl A 227is also present, 228show the contents of the internal Patricia tree 229structures; used for debugging. 230If 231.Fl a 232is also present, 233show protocol-cloned routes 234(routes generated by an 235.Dv RTF_PRCLONING 236parent route); 237normally these routes are not shown. 238When 239.Fl W 240is also present, 241show the path MTU 242for each route, 243and print interface 244names with a wider 245field size. 246.It Xo 247.Bk -words 248.Nm 249.Fl rs 250.Op Fl s 251.Op Fl M Ar core 252.Op Fl N Ar system 253.Ek 254.Xc 255Display routing statistics. 256If 257.Fl s 258is repeated, counters with a value of zero are suppressed. 259.It Xo 260.Bk -words 261.Nm 262.Fl g 263.Op Fl W 264.Op Fl f Ar address_family 265.Op Fl M Ar core 266.Op Fl N Ar system 267.Ek 268.Xc 269Display the contents of the multicast virtual interface tables, 270and multicast forwarding caches. 271Entries in these tables will appear only when the kernel is 272actively forwarding multicast sessions. 273This option is applicable only to the 274.Cm inet 275and 276.Cm inet6 277address families. 278.It Xo 279.Bk -words 280.Nm 281.Fl gs 282.Op Fl s 283.Op Fl f Ar address_family 284.Op Fl M Ar core 285.Op Fl N Ar system 286.Ek 287.Xc 288Show multicast routing statistics. 289If 290.Fl s 291is repeated, counters with a value of zero are suppressed. 292.El 293.Pp 294Some options have the general meaning: 295.Bl -tag -width flag 296.It Fl f Ar address_family , Fl p Ar protocol 297Limit display to those records 298of the specified 299.Ar address_family 300or a single 301.Ar protocol . 302The following address families and protocols are recognized: 303.Pp 304.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 305.It Em Family 306.Em Protocols 307.It Cm inet Pq Dv AF_INET 308.Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp 309.It Cm inet6 Pq Dv AF_INET6 310.Cm icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 311.It Cm pfkey Pq Dv PF_KEY 312.Cm pfkey 313.It Cm atalk Pq Dv AF_APPLETALK 314.Cm ddp 315.It Cm netgraph , ng Pq Dv AF_NETGRAPH 316.Cm ctrl , data 317.It Cm ipx Pq Dv AF_IPX 318.Cm ipx , spx 319.\".It Cm ns Pq Dv AF_NS 320.\".Cm idp , ns_err , spp 321.\".It Cm iso Pq Dv AF_ISO 322.\".Cm clnp , cltp , esis , tp 323.It Cm unix Pq Dv AF_UNIX 324.It Cm link Pq Dv AF_LINK 325.El 326.Pp 327The program will complain if 328.Ar protocol 329is unknown or if there is no statistics routine for it. 330.It Fl M 331Extract values associated with the name list from the specified core 332instead of the default 333.Pa /dev/kmem . 334.It Fl N 335Extract the name list from the specified system instead of the default, 336which is the kernel image the system has booted from. 337.It Fl n 338Show network addresses and ports as numbers. 339Normally 340.Nm 341attempts to resolve addresses and ports, 342and display them symbolically. 343.It Fl W 344In certain displays, avoid truncating addresses even if this causes 345some fields to overflow. 346.El 347.Pp 348The default display, for active sockets, shows the local 349and remote addresses, send and receive queue sizes (in bytes), protocol, 350and the internal state of the protocol. 351Address formats are of the form 352.Dq host.port 353or 354.Dq network.port 355if a socket's address specifies a network but no specific host address. 356When known, the host and network addresses are displayed symbolically 357according to the databases 358.Xr hosts 5 359and 360.Xr networks 5 , 361respectively. 362If a symbolic name for an address is unknown, or if 363the 364.Fl n 365option is specified, the address is printed numerically, according 366to the address family. 367For more information regarding 368the Internet IPv4 369.Dq dot format , 370refer to 371.Xr inet 3 . 372Unspecified, 373or 374.Dq wildcard , 375addresses and ports appear as 376.Dq Li * . 377.Pp 378The interface display provides a table of cumulative 379statistics regarding packets transferred, errors, and collisions. 380The network addresses of the interface 381and the maximum transmission unit 382.Pq Dq mtu 383are also displayed. 384.Pp 385The routing table display indicates the available routes and their status. 386Each route consists of a destination host or network, and a gateway to use 387in forwarding packets. 388The flags field shows a collection of information about the route stored 389as binary choices. 390The individual flags are discussed in more detail in the 391.Xr route 8 392and 393.Xr route 4 394manual pages. 395The mapping between letters and flags is: 396.Bl -column ".Li W" ".Dv RTF_WASCLONED" 397.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 398.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 399.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 400.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 401.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 402.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use" 403.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use" 404.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 405.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 406.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 407.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 408.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 409.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 410.It Li S Ta Dv RTF_STATIC Ta "Manually added" 411.It Li U Ta Dv RTF_UP Ta "Route usable" 412.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning" 413.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 414.El 415.Pp 416Direct routes are created for each 417interface attached to the local host; 418the gateway field for such entries shows the address of the outgoing interface. 419The refcnt field gives the 420current number of active uses of the route. 421Connection oriented 422protocols normally hold on to a single route for the duration of 423a connection while connectionless protocols obtain a route while sending 424to the same destination. 425The use field provides a count of the number of packets 426sent using that route. 427The interface entry indicates the network interface utilized for the route. 428.Pp 429When 430.Nm 431is invoked with the 432.Fl w 433option and a 434.Ar wait 435interval argument, it displays a running count of statistics related to 436network interfaces. 437An obsolescent version of this option used a numeric parameter 438with no option, and is currently supported for backward compatibility. 439By default, this display summarizes information for all interfaces. 440Information for a specific interface may be displayed with the 441.Fl I 442option. 443.Pp 444The 445.Xr bpf 4 446flags displayed when 447.Nm 448is invoked with the 449.Fl B 450option represent the underlying parameters of the bpf peer. 451Each flag is 452represented as a single lower case letter. 453The mapping between the letters and flags in order of appearance are: 454.Bl -column ".Li i" 455.It Li p Ta Set if listening promiscuously 456.It Li i Ta Dv BIOCIMMEDIATE No has been set on the device 457.It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being 458filled automatically 459.It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and 460remotely on the interface. 461.It Li a Ta Packet reception generates a signal 462.It Li l Ta Dv BIOCLOCK No status: descriptor has been locked 463.El 464.Pp 465For more information about these flags, please refer to 466.Xr bpf 4 . 467.Pp 468The 469.Fl x 470flag causes 471.Nm 472to output all the information recorded about data 473stored in the socket buffers. 474The fields are: 475.Bl -column ".Li R-MBUF" 476.It Li R-MBUF Ta Number of mbufs in the receive queue. 477.It Li S-MBUF Ta Number of mbufs in the send queue. 478.It Li R-CLUS Ta Number of clusters, of any type, in the receive 479queue. 480.It Li S-CLUS Ta Number of clusters, of any type, in the send queue. 481.It Li R-HIWA Ta Receive buffer high water mark, in bytes. 482.It Li S-HIWA Ta Send buffer high water mark, in bytes. 483.It Li R-LOWA Ta Receive buffer low water mark, in bytes. 484.It Li S-LOWA Ta Send buffer low water mark, in bytes. 485.It Li R-BCNT Ta Receive buffer byte count. 486.It Li S-BCNT Ta Send buffer byte count. 487.It Li R-BMAX Ta Maximum bytes that can be used in the receive buffer. 488.It Li S-BMAX Ta Maximum bytes that can be used in the send buffer. 489.El 490.Sh SEE ALSO 491.Xr fstat 1 , 492.Xr nfsstat 1 , 493.Xr ps 1 , 494.Xr sockstat 1 , 495.Xr bpf 4 , 496.Xr inet 4 , 497.Xr route 4 , 498.Xr unix 4 , 499.Xr hosts 5 , 500.Xr networks 5 , 501.Xr protocols 5 , 502.Xr services 5 , 503.Xr iostat 8 , 504.Xr route 8 , 505.Xr trpt 8 , 506.Xr vmstat 8 , 507.Xr mbuf 9 508.Sh HISTORY 509The 510.Nm 511command appeared in 512.Bx 4.2 . 513.Pp 514IPv6 support was added by WIDE/KAME project. 515.Sh BUGS 516The notion of errors is ill-defined. 517