1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 33.\" $FreeBSD$ 34.\" 35.Dd June 10, 2007 36.Dt NETSTAT 1 37.Os 38.Sh NAME 39.Nm netstat 40.Nd show network status 41.Sh DESCRIPTION 42The 43.Nm 44command symbolically displays the contents of various network-related 45data structures. 46There are a number of output formats, 47depending on the options for the information presented. 48.Bl -tag -width indent 49.It Xo 50.Bk -words 51.Nm 52.Op Fl AaLnSW 53.Op Fl f Ar protocol_family | Fl p Ar protocol 54.Op Fl M Ar core 55.Op Fl N Ar system 56.Ek 57.Xc 58Display a list of active sockets 59(protocol control blocks) 60for each network protocol, 61for a particular 62.Ar protocol_family , 63or for a single 64.Ar protocol . 65If 66.Fl A 67is also present, 68show the address of a protocol control block (PCB) 69associated with a socket; used for debugging. 70If 71.Fl a 72is also present, 73show the state of all sockets; 74normally sockets used by server processes are not shown. 75If 76.Fl L 77is also present, 78show the size of the various listen queues. 79The first count shows the number of unaccepted connections, 80the second count shows the amount of unaccepted incomplete connections, 81and the third count is the maximum number of queued connections. 82If 83.Fl S 84is also present, 85show network addresses as numbers (as with 86.Fl n ) 87but show ports symbolically. 88.It Xo 89.Bk -words 90.Nm 91.Fl i | I Ar interface 92.Op Fl abdhntW 93.Op Fl f Ar address_family 94.Op Fl M Ar core 95.Op Fl N Ar system 96.Ek 97.Xc 98Show the state of all network interfaces or a single 99.Ar interface 100which have been auto-configured 101(interfaces statically configured into a system, but not 102located at boot time are not shown). 103An asterisk 104.Pq Dq Li * 105after an interface name indicates that the interface is 106.Dq down . 107If 108.Fl a 109is also present, multicast addresses currently in use are shown 110for each Ethernet interface and for each IP interface address. 111Multicast addresses are shown on separate lines following the interface 112address with which they are associated. 113If 114.Fl b 115is also present, show the number of bytes in and out. 116If 117.Fl d 118is also present, show the number of dropped packets. 119If 120.Fl h 121is also present, print all counters in human readable form. 122If 123.Fl t 124is also present, show the contents of watchdog timers. 125If 126.Fl W 127is also present, print interface names using a wider field size. 128.It Xo 129.Bk -words 130.Nm 131.Fl w Ar wait 132.Op Fl I Ar interface 133.Op Fl d 134.Op Fl M Ar core 135.Op Fl N Ar system 136.Ek 137.Xc 138At intervals of 139.Ar wait 140seconds, 141display the information regarding packet 142traffic on all configured network interfaces 143or a single 144.Ar interface . 145If 146.Fl d 147is also present, show the number of dropped packets. 148.It Xo 149.Bk -words 150.Nm 151.Fl s Op Fl s 152.Op Fl z 153.Op Fl f Ar protocol_family | Fl p Ar protocol 154.Op Fl M Ar core 155.Op Fl N Ar system 156.Ek 157.Xc 158Display system-wide statistics for each network protocol, 159for a particular 160.Ar protocol_family , 161or for a single 162.Ar protocol . 163If 164.Fl s 165is repeated, counters with a value of zero are suppressed. 166If 167.Fl z 168is also present, reset statistic counters after displaying them. 169.It Xo 170.Bk -words 171.Nm 172.Fl i | I Ar interface Fl s 173.Op Fl f Ar protocol_family | Fl p Ar protocol 174.Op Fl M Ar core 175.Op Fl N Ar system 176.Ek 177.Xc 178Display per-interface statistics for each network protocol, 179for a particular 180.Ar protocol_family , 181or for a single 182.Ar protocol . 183.It Xo 184.Bk -words 185.Nm 186.Fl m 187.Op Fl M Ar core 188.Op Fl N Ar system 189.Ek 190.Xc 191Show statistics recorded by the memory management routines 192.Pq Xr mbuf 9 . 193The network manages a private pool of memory buffers. 194.It Xo 195.Bk -words 196.Nm 197.Fl B 198.Op Fl I Ar interface 199.Ek 200.Xc 201Show statistics about 202.Xr bpf 4 203peers. 204This includes information like 205how many packets have been matched, dropped and received by the 206bpf device, also information about current buffer sizes and device 207states. 208.It Xo 209.Bk -words 210.Nm 211.Fl r 212.Op Fl AanW 213.Op Fl f Ar address_family 214.Op Fl M Ar core 215.Op Fl N Ar system 216.Ek 217.Xc 218Display the contents of all routing tables, 219or a routing table for a particular 220.Ar address_family . 221If 222.Fl A 223is also present, 224show the contents of the internal Patricia tree 225structures; used for debugging. 226If 227.Fl a 228is also present, 229show protocol-cloned routes 230(routes generated by an 231.Dv RTF_PRCLONING 232parent route); 233normally these routes are not shown. 234When 235.Fl W 236is also present, 237show the path MTU 238for each route, 239and print interface 240names with a wider 241field size. 242.It Xo 243.Bk -words 244.Nm 245.Fl rs 246.Op Fl s 247.Op Fl M Ar core 248.Op Fl N Ar system 249.Ek 250.Xc 251Display routing statistics. 252If 253.Fl s 254is repeated, counters with a value of zero are suppressed. 255.It Xo 256.Bk -words 257.Nm 258.Fl g 259.Op Fl W 260.Op Fl f Ar address_family 261.Op Fl M Ar core 262.Op Fl N Ar system 263.Ek 264.Xc 265Show information related to multicast (group address) routing. 266By default, show the IP Multicast virtual-interface and routing tables, 267and multicast group memberships. 268.It Xo 269.Bk -words 270.Nm 271.Fl gs 272.Op Fl s 273.Op Fl f Ar address_family 274.Op Fl M Ar core 275.Op Fl N Ar system 276.Ek 277.Xc 278Show multicast routing statistics. 279If 280.Fl s 281is repeated, counters with a value of zero are suppressed. 282.El 283.Pp 284Some options have the general meaning: 285.Bl -tag -width flag 286.It Fl f Ar address_family , Fl p Ar protocol 287Limit display to those records 288of the specified 289.Ar address_family 290or a single 291.Ar protocol . 292The following address families and protocols are recognized: 293.Pp 294.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 295.It Em Family 296.Em Protocols 297.It Cm inet Pq Dv AF_INET 298.Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp 299.It Cm inet6 Pq Dv AF_INET6 300.Cm icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 301.It Cm pfkey Pq Dv PF_KEY 302.Cm pfkey 303.It Cm atalk Pq Dv AF_APPLETALK 304.Cm ddp 305.It Cm netgraph , ng Pq Dv AF_NETGRAPH 306.Cm ctrl , data 307.It Cm ipx Pq Dv AF_IPX 308.Cm ipx , spx 309.\".It Cm ns Pq Dv AF_NS 310.\".Cm idp , ns_err , spp 311.\".It Cm iso Pq Dv AF_ISO 312.\".Cm clnp , cltp , esis , tp 313.It Cm unix Pq Dv AF_UNIX 314.It Cm link Pq Dv AF_LINK 315.El 316.Pp 317The program will complain if 318.Ar protocol 319is unknown or if there is no statistics routine for it. 320.It Fl M 321Extract values associated with the name list from the specified core 322instead of the default 323.Pa /dev/kmem . 324.It Fl N 325Extract the name list from the specified system instead of the default, 326which is the kernel image the system has booted from. 327.It Fl n 328Show network addresses and ports as numbers. 329Normally 330.Nm 331attempts to resolve addresses and ports, 332and display them symbolically. 333.It Fl W 334In certain displays, avoid truncating addresses even if this causes 335some fields to overflow. 336.El 337.Pp 338The default display, for active sockets, shows the local 339and remote addresses, send and receive queue sizes (in bytes), protocol, 340and the internal state of the protocol. 341Address formats are of the form 342.Dq host.port 343or 344.Dq network.port 345if a socket's address specifies a network but no specific host address. 346When known, the host and network addresses are displayed symbolically 347according to the databases 348.Xr hosts 5 349and 350.Xr networks 5 , 351respectively. 352If a symbolic name for an address is unknown, or if 353the 354.Fl n 355option is specified, the address is printed numerically, according 356to the address family. 357For more information regarding 358the Internet IPv4 359.Dq dot format , 360refer to 361.Xr inet 3 . 362Unspecified, 363or 364.Dq wildcard , 365addresses and ports appear as 366.Dq Li * . 367.Pp 368The interface display provides a table of cumulative 369statistics regarding packets transferred, errors, and collisions. 370The network addresses of the interface 371and the maximum transmission unit 372.Pq Dq mtu 373are also displayed. 374.Pp 375The routing table display indicates the available routes and their status. 376Each route consists of a destination host or network, and a gateway to use 377in forwarding packets. 378The flags field shows a collection of information about the route stored 379as binary choices. 380The individual flags are discussed in more detail in the 381.Xr route 8 382and 383.Xr route 4 384manual pages. 385The mapping between letters and flags is: 386.Bl -column ".Li W" ".Dv RTF_WASCLONED" 387.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 388.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 389.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 390.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 391.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 392.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use" 393.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use" 394.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 395.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 396.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 397.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 398.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 399.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 400.It Li S Ta Dv RTF_STATIC Ta "Manually added" 401.It Li U Ta Dv RTF_UP Ta "Route usable" 402.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning" 403.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 404.El 405.Pp 406Direct routes are created for each 407interface attached to the local host; 408the gateway field for such entries shows the address of the outgoing interface. 409The refcnt field gives the 410current number of active uses of the route. 411Connection oriented 412protocols normally hold on to a single route for the duration of 413a connection while connectionless protocols obtain a route while sending 414to the same destination. 415The use field provides a count of the number of packets 416sent using that route. 417The interface entry indicates the network interface utilized for the route. 418.Pp 419When 420.Nm 421is invoked with the 422.Fl w 423option and a 424.Ar wait 425interval argument, it displays a running count of statistics related to 426network interfaces. 427An obsolescent version of this option used a numeric parameter 428with no option, and is currently supported for backward compatibility. 429By default, this display summarizes information for all interfaces. 430Information for a specific interface may be displayed with the 431.Fl I 432option. 433.Pp 434The 435.Xr bpf 4 436flags displayed when 437.Nm 438is invoked with the 439.Fl B 440option represent the underlying parameters of the bpf peer. 441Each flag is 442represented as a single lower case letter. 443The mapping between the letters and flags in order of appearance are: 444.Bl -column ".Li i" 445.It Li p Ta Set if listening promiscuously 446.It Li i Ta Dv BIOCIMMEDIATE No has been set on the device 447.It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being 448filled automatically 449.It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and 450remotely on the interface. 451.It Li a Ta Packet reception generates a signal 452.It Li l Ta Dv BIOCLOCK No status: descriptor has been locked 453.El 454.Pp 455For more information about these flags, please refer to 456.Xr bpf 4 . 457.Sh SEE ALSO 458.Xr fstat 1 , 459.Xr nfsstat 1 , 460.Xr ps 1 , 461.Xr sockstat 1 , 462.Xr bpf 4 , 463.Xr inet 4 , 464.Xr route 4 , 465.Xr unix 4 , 466.Xr hosts 5 , 467.Xr networks 5 , 468.Xr protocols 5 , 469.Xr services 5 , 470.Xr iostat 8 , 471.Xr route 8 , 472.Xr trpt 8 , 473.Xr vmstat 8 , 474.Xr mbuf 9 475.Sh HISTORY 476The 477.Nm 478command appeared in 479.Bx 4.2 . 480.Pp 481IPv6 support was added by WIDE/KAME project. 482.Sh BUGS 483The notion of errors is ill-defined. 484