1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 4. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 29.\" $FreeBSD$ 30.\" 31.Dd January 11, 2014 32.Dt NETSTAT 1 33.Os 34.Sh NAME 35.Nm netstat 36.Nd show network status 37.Sh DESCRIPTION 38The 39.Nm 40command symbolically displays the contents of various network-related 41data structures. 42There are a number of output formats, 43depending on the options for the information presented. 44.Bl -tag -width indent 45.It Xo 46.Bk -words 47.Nm 48.Op Fl 46AaLnSTWx 49.Op Fl f Ar protocol_family | Fl p Ar protocol 50.Op Fl M Ar core 51.Op Fl N Ar system 52.Ek 53.Xc 54Display a list of active sockets 55(protocol control blocks) 56for each network protocol, 57for a particular 58.Ar protocol_family , 59or for a single 60.Ar protocol . 61If 62.Fl A 63is also present, 64show the address of a protocol control block (PCB) 65associated with a socket; used for debugging. 66If 67.Fl a 68is also present, 69show the state of all sockets; 70normally sockets used by server processes are not shown. 71If 72.Fl L 73is also present, 74show the size of the various listen queues. 75The first count shows the number of unaccepted connections, 76the second count shows the amount of unaccepted incomplete connections, 77and the third count is the maximum number of queued connections. 78If 79.Fl S 80is also present, 81show network addresses as numbers (as with 82.Fl n ) 83but show ports symbolically. 84If 85.Fl x 86is present, display socket buffer and tcp timer statistics for each internet socket. 87When 88.Fl T 89is present, display information from the TCP control block, including 90retransmits, out-of-order packets received, and zero-sized windows advertised. 91.It Xo 92.Bk -words 93.Nm 94.Fl i | I Ar interface 95.Op Fl 46abdhnW 96.Op Fl f Ar address_family 97.Ek 98.Xc 99Show the state of all network interfaces or a single 100.Ar interface 101which have been auto-configured 102(interfaces statically configured into a system, but not 103located at boot time are not shown). 104An asterisk 105.Pq Dq Li * 106after an interface name indicates that the interface is 107.Dq down . 108If 109.Fl a 110is also present, multicast addresses currently in use are shown 111for each Ethernet interface and for each IP interface address. 112Multicast addresses are shown on separate lines following the interface 113address with which they are associated. 114If 115.Fl b 116is also present, show the number of bytes in and out. 117If 118.Fl d 119is also present, show the number of dropped packets. 120If 121.Fl h 122is also present, print all counters in human readable form. 123If 124.Fl W 125is also present, print interface names using a wider field size. 126.It Xo 127.Bk -words 128.Nm 129.Fl w Ar wait 130.Op Fl I Ar interface 131.Op Fl d 132.Op Fl M Ar core 133.Op Fl N Ar system 134.Op Fl q Ar howmany 135.Ek 136.Xc 137At intervals of 138.Ar wait 139seconds, 140display the information regarding packet 141traffic on all configured network interfaces 142or a single 143.Ar interface . 144If 145.Fl q 146is also present, exit after 147.Ar howmany 148outputs. 149If 150.Fl d 151is also present, show the number of dropped packets. 152.It Xo 153.Bk -words 154.Nm 155.Fl s Op Fl s 156.Op Fl 46z 157.Op Fl f Ar protocol_family | Fl p Ar protocol 158.Op Fl M Ar core 159.Op Fl N Ar system 160.Ek 161.Xc 162Display system-wide statistics for each network protocol, 163for a particular 164.Ar protocol_family , 165or for a single 166.Ar protocol . 167If 168.Fl s 169is repeated, counters with a value of zero are suppressed. 170If 171.Fl z 172is also present, reset statistic counters after displaying them. 173.It Xo 174.Bk -words 175.Nm 176.Fl i | I Ar interface Fl s 177.Op Fl 46 178.Op Fl f Ar protocol_family | Fl p Ar protocol 179.Op Fl M Ar core 180.Op Fl N Ar system 181.Ek 182.Xc 183Display per-interface statistics for each network protocol, 184for a particular 185.Ar protocol_family , 186or for a single 187.Ar protocol . 188.It Xo 189.Bk -words 190.Nm 191.Fl m 192.Op Fl M Ar core 193.Op Fl N Ar system 194.Ek 195.Xc 196Show statistics recorded by the memory management routines 197.Pq Xr mbuf 9 . 198The network manages a private pool of memory buffers. 199.It Xo 200.Bk -words 201.Nm 202.Fl B 203.Op Fl z 204.Op Fl I Ar interface 205.Ek 206.Xc 207Show statistics about 208.Xr bpf 4 209peers. 210This includes information like 211how many packets have been matched, dropped and received by the 212bpf device, also information about current buffer sizes and device 213states. 214.It Xo 215.Bk -words 216.Nm 217.Fl r 218.Op Fl 46AanW 219.Op Fl F Ar fibnum 220.Op Fl f Ar address_family 221.Op Fl M Ar core 222.Op Fl N Ar system 223.Ek 224.Xc 225Display the contents of routing tables. 226When 227.Fl f 228is specified, a routing table for a particular 229.Ar address_family 230is displayed. 231When 232.Fl F 233is specified, a routing table with the number 234.Ar fibnum 235is displayed. 236If the specified 237.Ar fibnum 238is -1 or 239.Fl F 240is not specified, 241the default routing table is displayed. 242If 243.Fl A 244is also present, 245show the contents of the internal Patricia tree 246structures; used for debugging. 247If 248.Fl a 249is also present, 250show protocol-cloned routes 251(routes generated by an 252.Dv RTF_PRCLONING 253parent route); 254normally these routes are not shown. 255When 256.Fl W 257is also present, 258show the path MTU 259for each route, 260and print interface 261names with a wider 262field size. 263.It Xo 264.Bk -words 265.Nm 266.Fl rs 267.Op Fl s 268.Op Fl M Ar core 269.Op Fl N Ar system 270.Ek 271.Xc 272Display routing statistics. 273If 274.Fl s 275is repeated, counters with a value of zero are suppressed. 276.It Xo 277.Bk -words 278.Nm 279.Fl g 280.Op Fl 46W 281.Op Fl f Ar address_family 282.Op Fl M Ar core 283.Op Fl N Ar system 284.Ek 285.Xc 286Display the contents of the multicast virtual interface tables, 287and multicast forwarding caches. 288Entries in these tables will appear only when the kernel is 289actively forwarding multicast sessions. 290This option is applicable only to the 291.Cm inet 292and 293.Cm inet6 294address families. 295.It Xo 296.Bk -words 297.Nm 298.Fl gs 299.Op Fl 46s 300.Op Fl f Ar address_family 301.Op Fl M Ar core 302.Op Fl N Ar system 303.Ek 304.Xc 305Show multicast routing statistics. 306If 307.Fl s 308is repeated, counters with a value of zero are suppressed. 309.It Xo 310.Bk -words 311.Nm 312.Fl Q 313.Ek 314.Xc 315Show 316.Xr netisr 9 317statistics. 318The flags field shows available ISR handlers: 319.Bl -column ".Li W" ".Dv NETISR_SNP_FLAGS_DRAINEDCPU" 320.It Li C Ta Dv NETISR_SNP_FLAGS_M2CPUID Ta "Able to map mbuf to cpu id" 321.It Li D Ta Dv NETISR_SNP_FLAGS_DRAINEDCPU Ta "Has queue drain handler" 322.It Li F Ta Dv NETISR_SNP_FLAGS_M2FLOW Ta "Able to map mbuf to flow id" 323.El 324.El 325.Pp 326Some options have the general meaning: 327.Bl -tag -width flag 328.It Fl 4 329Is shorthand for 330.Fl f 331.Ar inet 332.It Fl 6 333Is shorthand for 334.Fl f 335.Ar inet6 336.It Fl f Ar address_family , Fl p Ar protocol 337Limit display to those records 338of the specified 339.Ar address_family 340or a single 341.Ar protocol . 342The following address families and protocols are recognized: 343.Pp 344.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 345.It Em Family 346.Em Protocols 347.It Cm inet Pq Dv AF_INET 348.Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp 349.It Cm inet6 Pq Dv AF_INET6 350.Cm icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 351.It Cm pfkey Pq Dv PF_KEY 352.Cm pfkey 353.It Cm atalk Pq Dv AF_APPLETALK 354.Cm ddp 355.It Cm netgraph , ng Pq Dv AF_NETGRAPH 356.Cm ctrl , data 357.It Cm ipx Pq Dv AF_IPX 358.Cm ipx , spx 359.\".It Cm ns Pq Dv AF_NS 360.\".Cm idp , ns_err , spp 361.\".It Cm iso Pq Dv AF_ISO 362.\".Cm clnp , cltp , esis , tp 363.It Cm unix Pq Dv AF_UNIX 364.It Cm link Pq Dv AF_LINK 365.El 366.Pp 367The program will complain if 368.Ar protocol 369is unknown or if there is no statistics routine for it. 370.It Fl M 371Extract values associated with the name list from the specified core 372instead of the default 373.Pa /dev/kmem . 374.It Fl N 375Extract the name list from the specified system instead of the default, 376which is the kernel image the system has booted from. 377.It Fl n 378Show network addresses and ports as numbers. 379Normally 380.Nm 381attempts to resolve addresses and ports, 382and display them symbolically. 383.It Fl W 384In certain displays, avoid truncating addresses even if this causes 385some fields to overflow. 386.El 387.Pp 388The default display, for active sockets, shows the local 389and remote addresses, send and receive queue sizes (in bytes), protocol, 390and the internal state of the protocol. 391Address formats are of the form 392.Dq host.port 393or 394.Dq network.port 395if a socket's address specifies a network but no specific host address. 396When known, the host and network addresses are displayed symbolically 397according to the databases 398.Xr hosts 5 399and 400.Xr networks 5 , 401respectively. 402If a symbolic name for an address is unknown, or if 403the 404.Fl n 405option is specified, the address is printed numerically, according 406to the address family. 407For more information regarding 408the Internet IPv4 409.Dq dot format , 410refer to 411.Xr inet 3 . 412Unspecified, 413or 414.Dq wildcard , 415addresses and ports appear as 416.Dq Li * . 417.Pp 418The interface display provides a table of cumulative 419statistics regarding packets transferred, errors, and collisions. 420The network addresses of the interface 421and the maximum transmission unit 422.Pq Dq mtu 423are also displayed. 424.Pp 425The routing table display indicates the available routes and their status. 426Each route consists of a destination host or network, and a gateway to use 427in forwarding packets. 428The flags field shows a collection of information about the route stored 429as binary choices. 430The individual flags are discussed in more detail in the 431.Xr route 8 432and 433.Xr route 4 434manual pages. 435The mapping between letters and flags is: 436.Bl -column ".Li W" ".Dv RTF_WASCLONED" 437.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 438.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 439.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 440.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 441.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 442.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use" 443.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use" 444.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 445.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 446.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 447.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 448.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 449.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 450.It Li S Ta Dv RTF_STATIC Ta "Manually added" 451.It Li U Ta Dv RTF_UP Ta "Route usable" 452.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning" 453.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 454.El 455.Pp 456Direct routes are created for each 457interface attached to the local host; 458the gateway field for such entries shows the address of the outgoing interface. 459The refcnt field gives the 460current number of active uses of the route. 461Connection oriented 462protocols normally hold on to a single route for the duration of 463a connection while connectionless protocols obtain a route while sending 464to the same destination. 465The use field provides a count of the number of packets 466sent using that route. 467The interface entry indicates the network interface utilized for the route. 468.Pp 469When 470.Nm 471is invoked with the 472.Fl w 473option and a 474.Ar wait 475interval argument, it displays a running count of statistics related to 476network interfaces. 477An obsolescent version of this option used a numeric parameter 478with no option, and is currently supported for backward compatibility. 479By default, this display summarizes information for all interfaces. 480Information for a specific interface may be displayed with the 481.Fl I 482option. 483.Pp 484The 485.Xr bpf 4 486flags displayed when 487.Nm 488is invoked with the 489.Fl B 490option represent the underlying parameters of the bpf peer. 491Each flag is 492represented as a single lower case letter. 493The mapping between the letters and flags in order of appearance are: 494.Bl -column ".Li i" 495.It Li p Ta Set if listening promiscuously 496.It Li i Ta Dv BIOCIMMEDIATE No has been set on the device 497.It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being 498filled automatically 499.It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and 500remotely on the interface. 501.It Li a Ta Packet reception generates a signal 502.It Li l Ta Dv BIOCLOCK No status: descriptor has been locked 503.El 504.Pp 505For more information about these flags, please refer to 506.Xr bpf 4 . 507.Pp 508The 509.Fl x 510flag causes 511.Nm 512to output all the information recorded about data 513stored in the socket buffers. 514The fields are: 515.Bl -column ".Li R-MBUF" 516.It Li R-MBUF Ta Number of mbufs in the receive queue. 517.It Li S-MBUF Ta Number of mbufs in the send queue. 518.It Li R-CLUS Ta Number of clusters, of any type, in the receive 519queue. 520.It Li S-CLUS Ta Number of clusters, of any type, in the send queue. 521.It Li R-HIWA Ta Receive buffer high water mark, in bytes. 522.It Li S-HIWA Ta Send buffer high water mark, in bytes. 523.It Li R-LOWA Ta Receive buffer low water mark, in bytes. 524.It Li S-LOWA Ta Send buffer low water mark, in bytes. 525.It Li R-BCNT Ta Receive buffer byte count. 526.It Li S-BCNT Ta Send buffer byte count. 527.It Li R-BMAX Ta Maximum bytes that can be used in the receive buffer. 528.It Li S-BMAX Ta Maximum bytes that can be used in the send buffer. 529.El 530.Sh SEE ALSO 531.Xr fstat 1 , 532.Xr nfsstat 1 , 533.Xr procstat 1 , 534.Xr ps 1 , 535.Xr sockstat 1 , 536.Xr bpf 4 , 537.Xr inet 4 , 538.Xr route 4 , 539.Xr unix 4 , 540.Xr hosts 5 , 541.Xr networks 5 , 542.Xr protocols 5 , 543.Xr services 5 , 544.Xr iostat 8 , 545.Xr route 8 , 546.Xr trpt 8 , 547.Xr vmstat 8 , 548.Xr mbuf 9 549.Sh HISTORY 550The 551.Nm 552command appeared in 553.Bx 4.2 . 554.Pp 555IPv6 support was added by WIDE/KAME project. 556.Sh BUGS 557The notion of errors is ill-defined. 558