xref: /freebsd/usr.bin/netstat/netstat.1 (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1.\" Copyright (c) 1983, 1990, 1992, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgement:
14.\"	This product includes software developed by the University of
15.\"	California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\"	@(#)netstat.1	8.8 (Berkeley) 4/18/94
33.\" $FreeBSD$
34.\"
35.Dd June 10, 2007
36.Dt NETSTAT 1
37.Os
38.Sh NAME
39.Nm netstat
40.Nd show network status
41.Sh DESCRIPTION
42The
43.Nm
44command symbolically displays the contents of various network-related
45data structures.
46There are a number of output formats,
47depending on the options for the information presented.
48.Bl -tag -width indent
49.It Xo
50.Bk -words
51.Nm
52.Op Fl AaLnSW
53.Op Fl f Ar protocol_family | Fl p Ar protocol
54.Op Fl M Ar core
55.Op Fl N Ar system
56.Ek
57.Xc
58Display a list of active sockets
59(protocol control blocks)
60for each network protocol,
61for a particular
62.Ar protocol_family ,
63or for a single
64.Ar protocol .
65If
66.Fl A
67is also present,
68show the address of a protocol control block (PCB)
69associated with a socket; used for debugging.
70If
71.Fl a
72is also present,
73show the state of all sockets;
74normally sockets used by server processes are not shown.
75If
76.Fl L
77is also present,
78show the size of the various listen queues.
79The first count shows the number of unaccepted connections,
80the second count shows the amount of unaccepted incomplete connections,
81and the third count is the maximum number of queued connections.
82If
83.Fl S
84is also present,
85show network addresses as numbers (as with
86.Fl n )
87but show ports symbolically.
88.It Xo
89.Bk -words
90.Nm
91.Fl i | I Ar interface
92.Op Fl abdhntW
93.Op Fl f Ar address_family
94.Op Fl M Ar core
95.Op Fl N Ar system
96.Ek
97.Xc
98Show the state of all network interfaces or a single
99.Ar interface
100which have been auto-configured
101(interfaces statically configured into a system, but not
102located at boot time are not shown).
103An asterisk
104.Pq Dq Li *
105after an interface name indicates that the interface is
106.Dq down .
107If
108.Fl a
109is also present, multicast addresses currently in use are shown
110for each Ethernet interface and for each IP interface address.
111Multicast addresses are shown on separate lines following the interface
112address with which they are associated.
113If
114.Fl b
115is also present, show the number of bytes in and out.
116If
117.Fl d
118is also present, show the number of dropped packets.
119If
120.Fl h
121is also present, print all counters in human readable form.
122If
123.Fl t
124is also present, show the contents of watchdog timers.
125If
126.Fl W
127is also present, print interface names using a wider field size.
128.It Xo
129.Bk -words
130.Nm
131.Fl w Ar wait
132.Op Fl I Ar interface
133.Op Fl d
134.Op Fl M Ar core
135.Op Fl N Ar system
136.Ek
137.Xc
138At intervals of
139.Ar wait
140seconds,
141display the information regarding packet
142traffic on all configured network interfaces
143or a single
144.Ar interface .
145If
146.Fl d
147is also present, show the number of dropped packets.
148.It Xo
149.Bk -words
150.Nm
151.Fl s Op Fl s
152.Op Fl z
153.Op Fl f Ar protocol_family | Fl p Ar protocol
154.Op Fl M Ar core
155.Op Fl N Ar system
156.Ek
157.Xc
158Display system-wide statistics for each network protocol,
159for a particular
160.Ar protocol_family ,
161or for a single
162.Ar protocol .
163If
164.Fl s
165is repeated, counters with a value of zero are suppressed.
166If
167.Fl z
168is also present, reset statistic counters after displaying them.
169.It Xo
170.Bk -words
171.Nm
172.Fl i | I Ar interface Fl s
173.Op Fl f Ar protocol_family | Fl p Ar protocol
174.Op Fl M Ar core
175.Op Fl N Ar system
176.Ek
177.Xc
178Display per-interface statistics for each network protocol,
179for a particular
180.Ar protocol_family ,
181or for a single
182.Ar protocol .
183.It Xo
184.Bk -words
185.Nm
186.Fl m
187.Op Fl M Ar core
188.Op Fl N Ar system
189.Ek
190.Xc
191Show statistics recorded by the memory management routines
192.Pq Xr mbuf 9 .
193The network manages a private pool of memory buffers.
194.It Xo
195.Bk -words
196.Nm
197.Fl B
198.Op Fl I Ar interface
199.Ek
200.Xc
201Show statistics about
202.Xr bpf 4
203peers.
204This includes information like
205how many packets have been matched, dropped and received by the
206bpf device, also information about current buffer sizes and device
207states.
208.It Xo
209.Bk -words
210.Nm
211.Fl r
212.Op Fl AanW
213.Op Fl f Ar address_family
214.Op Fl M Ar core
215.Op Fl N Ar system
216.Ek
217.Xc
218Display the contents of all routing tables,
219or a routing table for a particular
220.Ar address_family .
221If
222.Fl A
223is also present,
224show the contents of the internal Patricia tree
225structures; used for debugging.
226If
227.Fl a
228is also present,
229show protocol-cloned routes
230(routes generated by an
231.Dv RTF_PRCLONING
232parent route);
233normally these routes are not shown.
234When
235.Fl W
236is also present,
237show the path MTU
238for each route,
239and print interface
240names with a wider
241field size.
242.It Xo
243.Bk -words
244.Nm
245.Fl rs
246.Op Fl s
247.Op Fl M Ar core
248.Op Fl N Ar system
249.Ek
250.Xc
251Display routing statistics.
252If
253.Fl s
254is repeated, counters with a value of zero are suppressed.
255.It Xo
256.Bk -words
257.Nm
258.Fl g
259.Op Fl W
260.Op Fl f Ar address_family
261.Op Fl M Ar core
262.Op Fl N Ar system
263.Ek
264.Xc
265Show information related to multicast (group address) routing.
266By default, show the IP Multicast virtual-interface and routing tables,
267and multicast group memberships.
268.It Xo
269.Bk -words
270.Nm
271.Fl gs
272.Op Fl s
273.Op Fl f Ar address_family
274.Op Fl M Ar core
275.Op Fl N Ar system
276.Ek
277.Xc
278Show multicast routing statistics.
279If
280.Fl s
281is repeated, counters with a value of zero are suppressed.
282.El
283.Pp
284Some options have the general meaning:
285.Bl -tag -width flag
286.It Fl f Ar address_family , Fl p Ar protocol
287Limit display to those records
288of the specified
289.Ar address_family
290or a single
291.Ar protocol .
292The following address families and protocols are recognized:
293.Pp
294.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact
295.It Em Family
296.Em Protocols
297.It Cm inet Pq Dv AF_INET
298.Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp
299.It Cm inet6 Pq Dv AF_INET6
300.Cm icmp6 , ip6 , ipsec6 , rip6 , tcp , udp
301.It Cm pfkey Pq Dv PF_KEY
302.Cm pfkey
303.It Cm atalk Pq Dv AF_APPLETALK
304.Cm ddp
305.It Cm netgraph , ng Pq Dv AF_NETGRAPH
306.Cm ctrl , data
307.It Cm ipx Pq Dv AF_IPX
308.Cm ipx , spx
309.\".It Cm ns Pq Dv AF_NS
310.\".Cm idp , ns_err , spp
311.\".It Cm iso Pq Dv AF_ISO
312.\".Cm clnp , cltp , esis , tp
313.It Cm unix Pq Dv AF_UNIX
314.It Cm link Pq Dv AF_LINK
315.El
316.Pp
317The program will complain if
318.Ar protocol
319is unknown or if there is no statistics routine for it.
320.It Fl M
321Extract values associated with the name list from the specified core
322instead of the default
323.Pa /dev/kmem .
324.It Fl N
325Extract the name list from the specified system instead of the default,
326which is the kernel image the system has booted from.
327.It Fl n
328Show network addresses and ports as numbers.
329Normally
330.Nm
331attempts to resolve addresses and ports,
332and display them symbolically.
333.It Fl W
334In certain displays, avoid truncating addresses even if this causes
335some fields to overflow.
336.El
337.Pp
338The default display, for active sockets, shows the local
339and remote addresses, send and receive queue sizes (in bytes), protocol,
340and the internal state of the protocol.
341Address formats are of the form
342.Dq host.port
343or
344.Dq network.port
345if a socket's address specifies a network but no specific host address.
346When known, the host and network addresses are displayed symbolically
347according to the databases
348.Xr hosts 5
349and
350.Xr networks 5 ,
351respectively.
352If a symbolic name for an address is unknown, or if
353the
354.Fl n
355option is specified, the address is printed numerically, according
356to the address family.
357For more information regarding
358the Internet IPv4
359.Dq dot format ,
360refer to
361.Xr inet 3 .
362Unspecified,
363or
364.Dq wildcard ,
365addresses and ports appear as
366.Dq Li * .
367.Pp
368The interface display provides a table of cumulative
369statistics regarding packets transferred, errors, and collisions.
370The network addresses of the interface
371and the maximum transmission unit
372.Pq Dq mtu
373are also displayed.
374.Pp
375The routing table display indicates the available routes and their status.
376Each route consists of a destination host or network, and a gateway to use
377in forwarding packets.
378The flags field shows a collection of information about the route stored
379as binary choices.
380The individual flags are discussed in more detail in the
381.Xr route 8
382and
383.Xr route 4
384manual pages.
385The mapping between letters and flags is:
386.Bl -column ".Li W" ".Dv RTF_WASCLONED"
387.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1"
388.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2"
389.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3"
390.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)"
391.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address"
392.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use"
393.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use"
394.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)"
395.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary"
396.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)"
397.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation"
398.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)"
399.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable"
400.It Li S Ta Dv RTF_STATIC Ta "Manually added"
401.It Li U Ta Dv RTF_UP Ta "Route usable"
402.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning"
403.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address"
404.El
405.Pp
406Direct routes are created for each
407interface attached to the local host;
408the gateway field for such entries shows the address of the outgoing interface.
409The refcnt field gives the
410current number of active uses of the route.
411Connection oriented
412protocols normally hold on to a single route for the duration of
413a connection while connectionless protocols obtain a route while sending
414to the same destination.
415The use field provides a count of the number of packets
416sent using that route.
417The interface entry indicates the network interface utilized for the route.
418.Pp
419When
420.Nm
421is invoked with the
422.Fl w
423option and a
424.Ar wait
425interval argument, it displays a running count of statistics related to
426network interfaces.
427An obsolescent version of this option used a numeric parameter
428with no option, and is currently supported for backward compatibility.
429By default, this display summarizes information for all interfaces.
430Information for a specific interface may be displayed with the
431.Fl I
432option.
433.Pp
434The
435.Xr bpf 4
436flags displayed when
437.Nm
438is invoked with the
439.Fl B
440option represent the underlying parameters of the bpf peer.
441Each flag is
442represented as a single lower case letter.
443The mapping between the letters and flags in order of appearance are:
444.Bl -column ".Li i"
445.It Li p Ta Set if listening promiscuously
446.It Li i Ta Dv BIOCIMMEDIATE No has been set on the device
447.It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being
448filled automatically
449.It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and
450remotely on the interface.
451.It Li a Ta Packet reception generates a signal
452.It Li l Ta Dv BIOCLOCK No status: descriptor has been locked
453.El
454.Pp
455For more information about these flags, please refer to
456.Xr bpf 4 .
457.Sh SEE ALSO
458.Xr fstat 1 ,
459.Xr nfsstat 1 ,
460.Xr ps 1 ,
461.Xr sockstat 1 ,
462.Xr bpf 4 ,
463.Xr inet 4 ,
464.Xr route 4 ,
465.Xr unix 4 ,
466.Xr hosts 5 ,
467.Xr networks 5 ,
468.Xr protocols 5 ,
469.Xr services 5 ,
470.Xr iostat 8 ,
471.Xr route 8 ,
472.Xr trpt 8 ,
473.Xr vmstat 8 ,
474.Xr mbuf 9
475.Sh HISTORY
476The
477.Nm
478command appeared in
479.Bx 4.2 .
480.Pp
481IPv6 support was added by WIDE/KAME project.
482.Sh BUGS
483The notion of errors is ill-defined.
484