xref: /freebsd/usr.bin/netstat/netstat.1 (revision 2e1417489338b971e5fd599ff48b5f65df9e8d3b)
1.\" Copyright (c) 1983, 1990, 1992, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 4. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"	@(#)netstat.1	8.8 (Berkeley) 4/18/94
29.\" $FreeBSD$
30.\"
31.Dd February 22, 2010
32.Dt NETSTAT 1
33.Os
34.Sh NAME
35.Nm netstat
36.Nd show network status
37.Sh DESCRIPTION
38The
39.Nm
40command symbolically displays the contents of various network-related
41data structures.
42There are a number of output formats,
43depending on the options for the information presented.
44.Bl -tag -width indent
45.It Xo
46.Bk -words
47.Nm
48.Op Fl AaLnSTWx
49.Op Fl f Ar protocol_family | Fl p Ar protocol
50.Op Fl M Ar core
51.Op Fl N Ar system
52.Ek
53.Xc
54Display a list of active sockets
55(protocol control blocks)
56for each network protocol,
57for a particular
58.Ar protocol_family ,
59or for a single
60.Ar protocol .
61If
62.Fl A
63is also present,
64show the address of a protocol control block (PCB)
65associated with a socket; used for debugging.
66If
67.Fl a
68is also present,
69show the state of all sockets;
70normally sockets used by server processes are not shown.
71If
72.Fl L
73is also present,
74show the size of the various listen queues.
75The first count shows the number of unaccepted connections,
76the second count shows the amount of unaccepted incomplete connections,
77and the third count is the maximum number of queued connections.
78If
79.Fl S
80is also present,
81show network addresses as numbers (as with
82.Fl n )
83but show ports symbolically.
84If
85.Fl x
86is present, display socket buffer and tcp timer statistics for each internet socket.
87When
88.Fl T
89is present, display information from the TCP control block, including
90retransmits, out-of-order packets received, and zero-sized windows advertised.
91.It Xo
92.Bk -words
93.Nm
94.Fl i | I Ar interface
95.Op Fl abdhnW
96.Op Fl f Ar address_family
97.Op Fl M Ar core
98.Op Fl N Ar system
99.Ek
100.Xc
101Show the state of all network interfaces or a single
102.Ar interface
103which have been auto-configured
104(interfaces statically configured into a system, but not
105located at boot time are not shown).
106An asterisk
107.Pq Dq Li *
108after an interface name indicates that the interface is
109.Dq down .
110If
111.Fl a
112is also present, multicast addresses currently in use are shown
113for each Ethernet interface and for each IP interface address.
114Multicast addresses are shown on separate lines following the interface
115address with which they are associated.
116If
117.Fl b
118is also present, show the number of bytes in and out.
119If
120.Fl d
121is also present, show the number of dropped packets.
122If
123.Fl h
124is also present, print all counters in human readable form.
125If
126.Fl W
127is also present, print interface names using a wider field size.
128.It Xo
129.Bk -words
130.Nm
131.Fl w Ar wait
132.Op Fl I Ar interface
133.Op Fl d
134.Op Fl M Ar core
135.Op Fl N Ar system
136.Op Fl q Ar howmany
137.Ek
138.Xc
139At intervals of
140.Ar wait
141seconds,
142display the information regarding packet
143traffic on all configured network interfaces
144or a single
145.Ar interface .
146If
147.Fl q
148is also present, exit after
149.Ar howmany
150outputs.
151If
152.Fl d
153is also present, show the number of dropped packets.
154.It Xo
155.Bk -words
156.Nm
157.Fl s Op Fl s
158.Op Fl z
159.Op Fl f Ar protocol_family | Fl p Ar protocol
160.Op Fl M Ar core
161.Op Fl N Ar system
162.Ek
163.Xc
164Display system-wide statistics for each network protocol,
165for a particular
166.Ar protocol_family ,
167or for a single
168.Ar protocol .
169If
170.Fl s
171is repeated, counters with a value of zero are suppressed.
172If
173.Fl z
174is also present, reset statistic counters after displaying them.
175.It Xo
176.Bk -words
177.Nm
178.Fl i | I Ar interface Fl s
179.Op Fl f Ar protocol_family | Fl p Ar protocol
180.Op Fl M Ar core
181.Op Fl N Ar system
182.Ek
183.Xc
184Display per-interface statistics for each network protocol,
185for a particular
186.Ar protocol_family ,
187or for a single
188.Ar protocol .
189.It Xo
190.Bk -words
191.Nm
192.Fl m
193.Op Fl M Ar core
194.Op Fl N Ar system
195.Ek
196.Xc
197Show statistics recorded by the memory management routines
198.Pq Xr mbuf 9 .
199The network manages a private pool of memory buffers.
200.It Xo
201.Bk -words
202.Nm
203.Fl B
204.Op Fl z
205.Op Fl I Ar interface
206.Ek
207.Xc
208Show statistics about
209.Xr bpf 4
210peers.
211This includes information like
212how many packets have been matched, dropped and received by the
213bpf device, also information about current buffer sizes and device
214states.
215.It Xo
216.Bk -words
217.Nm
218.Fl r
219.Op Fl AanW
220.Op Fl f Ar address_family
221.Op Fl M Ar core
222.Op Fl N Ar system
223.Ek
224.Xc
225Display the contents of all routing tables,
226or a routing table for a particular
227.Ar address_family .
228If
229.Fl A
230is also present,
231show the contents of the internal Patricia tree
232structures; used for debugging.
233If
234.Fl a
235is also present,
236show protocol-cloned routes
237(routes generated by an
238.Dv RTF_PRCLONING
239parent route);
240normally these routes are not shown.
241When
242.Fl W
243is also present,
244show the path MTU
245for each route,
246and print interface
247names with a wider
248field size.
249.It Xo
250.Bk -words
251.Nm
252.Fl rs
253.Op Fl s
254.Op Fl M Ar core
255.Op Fl N Ar system
256.Ek
257.Xc
258Display routing statistics.
259If
260.Fl s
261is repeated, counters with a value of zero are suppressed.
262.It Xo
263.Bk -words
264.Nm
265.Fl g
266.Op Fl W
267.Op Fl f Ar address_family
268.Op Fl M Ar core
269.Op Fl N Ar system
270.Ek
271.Xc
272Display the contents of the multicast virtual interface tables,
273and multicast forwarding caches.
274Entries in these tables will appear only when the kernel is
275actively forwarding multicast sessions.
276This option is applicable only to the
277.Cm inet
278and
279.Cm inet6
280address families.
281.It Xo
282.Bk -words
283.Nm
284.Fl gs
285.Op Fl s
286.Op Fl f Ar address_family
287.Op Fl M Ar core
288.Op Fl N Ar system
289.Ek
290.Xc
291Show multicast routing statistics.
292If
293.Fl s
294is repeated, counters with a value of zero are suppressed.
295.It Xo
296.Bk -words
297.Nm
298.Fl Q
299.Ek
300.Xc
301Show
302.Xr netisr 9
303statistics.
304.El
305.Pp
306Some options have the general meaning:
307.Bl -tag -width flag
308.It Fl f Ar address_family , Fl p Ar protocol
309Limit display to those records
310of the specified
311.Ar address_family
312or a single
313.Ar protocol .
314The following address families and protocols are recognized:
315.Pp
316.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact
317.It Em Family
318.Em Protocols
319.It Cm inet Pq Dv AF_INET
320.Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp
321.It Cm inet6 Pq Dv AF_INET6
322.Cm icmp6 , ip6 , ipsec6 , rip6 , tcp , udp
323.It Cm pfkey Pq Dv PF_KEY
324.Cm pfkey
325.It Cm atalk Pq Dv AF_APPLETALK
326.Cm ddp
327.It Cm netgraph , ng Pq Dv AF_NETGRAPH
328.Cm ctrl , data
329.It Cm ipx Pq Dv AF_IPX
330.Cm ipx , spx
331.\".It Cm ns Pq Dv AF_NS
332.\".Cm idp , ns_err , spp
333.\".It Cm iso Pq Dv AF_ISO
334.\".Cm clnp , cltp , esis , tp
335.It Cm unix Pq Dv AF_UNIX
336.It Cm link Pq Dv AF_LINK
337.El
338.Pp
339The program will complain if
340.Ar protocol
341is unknown or if there is no statistics routine for it.
342.It Fl M
343Extract values associated with the name list from the specified core
344instead of the default
345.Pa /dev/kmem .
346.It Fl N
347Extract the name list from the specified system instead of the default,
348which is the kernel image the system has booted from.
349.It Fl n
350Show network addresses and ports as numbers.
351Normally
352.Nm
353attempts to resolve addresses and ports,
354and display them symbolically.
355.It Fl W
356In certain displays, avoid truncating addresses even if this causes
357some fields to overflow.
358.El
359.Pp
360The default display, for active sockets, shows the local
361and remote addresses, send and receive queue sizes (in bytes), protocol,
362and the internal state of the protocol.
363Address formats are of the form
364.Dq host.port
365or
366.Dq network.port
367if a socket's address specifies a network but no specific host address.
368When known, the host and network addresses are displayed symbolically
369according to the databases
370.Xr hosts 5
371and
372.Xr networks 5 ,
373respectively.
374If a symbolic name for an address is unknown, or if
375the
376.Fl n
377option is specified, the address is printed numerically, according
378to the address family.
379For more information regarding
380the Internet IPv4
381.Dq dot format ,
382refer to
383.Xr inet 3 .
384Unspecified,
385or
386.Dq wildcard ,
387addresses and ports appear as
388.Dq Li * .
389.Pp
390The interface display provides a table of cumulative
391statistics regarding packets transferred, errors, and collisions.
392The network addresses of the interface
393and the maximum transmission unit
394.Pq Dq mtu
395are also displayed.
396.Pp
397The routing table display indicates the available routes and their status.
398Each route consists of a destination host or network, and a gateway to use
399in forwarding packets.
400The flags field shows a collection of information about the route stored
401as binary choices.
402The individual flags are discussed in more detail in the
403.Xr route 8
404and
405.Xr route 4
406manual pages.
407The mapping between letters and flags is:
408.Bl -column ".Li W" ".Dv RTF_WASCLONED"
409.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1"
410.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2"
411.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3"
412.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)"
413.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address"
414.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use"
415.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use"
416.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)"
417.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary"
418.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)"
419.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation"
420.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)"
421.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable"
422.It Li S Ta Dv RTF_STATIC Ta "Manually added"
423.It Li U Ta Dv RTF_UP Ta "Route usable"
424.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning"
425.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address"
426.El
427.Pp
428Direct routes are created for each
429interface attached to the local host;
430the gateway field for such entries shows the address of the outgoing interface.
431The refcnt field gives the
432current number of active uses of the route.
433Connection oriented
434protocols normally hold on to a single route for the duration of
435a connection while connectionless protocols obtain a route while sending
436to the same destination.
437The use field provides a count of the number of packets
438sent using that route.
439The interface entry indicates the network interface utilized for the route.
440.Pp
441When
442.Nm
443is invoked with the
444.Fl w
445option and a
446.Ar wait
447interval argument, it displays a running count of statistics related to
448network interfaces.
449An obsolescent version of this option used a numeric parameter
450with no option, and is currently supported for backward compatibility.
451By default, this display summarizes information for all interfaces.
452Information for a specific interface may be displayed with the
453.Fl I
454option.
455.Pp
456The
457.Xr bpf 4
458flags displayed when
459.Nm
460is invoked with the
461.Fl B
462option represent the underlying parameters of the bpf peer.
463Each flag is
464represented as a single lower case letter.
465The mapping between the letters and flags in order of appearance are:
466.Bl -column ".Li i"
467.It Li p Ta Set if listening promiscuously
468.It Li i Ta Dv BIOCIMMEDIATE No has been set on the device
469.It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being
470filled automatically
471.It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and
472remotely on the interface.
473.It Li a Ta Packet reception generates a signal
474.It Li l Ta Dv BIOCLOCK No status: descriptor has been locked
475.El
476.Pp
477For more information about these flags, please refer to
478.Xr bpf 4 .
479.Pp
480The
481.Fl x
482flag causes
483.Nm
484to output all the information recorded about data
485stored in the socket buffers.
486The fields are:
487.Bl -column ".Li R-MBUF"
488.It Li R-MBUF Ta Number of mbufs in the receive queue.
489.It Li S-MBUF Ta Number of mbufs in the send queue.
490.It Li R-CLUS Ta Number of clusters, of any type, in the receive
491queue.
492.It Li S-CLUS Ta Number of clusters, of any type, in the send queue.
493.It Li R-HIWA Ta Receive buffer high water mark, in bytes.
494.It Li S-HIWA Ta Send buffer high water mark, in bytes.
495.It Li R-LOWA Ta Receive buffer low water mark, in bytes.
496.It Li S-LOWA Ta Send buffer low water mark, in bytes.
497.It Li R-BCNT Ta Receive buffer byte count.
498.It Li S-BCNT Ta Send buffer byte count.
499.It Li R-BMAX Ta Maximum bytes that can be used in the receive buffer.
500.It Li S-BMAX Ta Maximum bytes that can be used in the send buffer.
501.El
502.Sh SEE ALSO
503.Xr fstat 1 ,
504.Xr nfsstat 1 ,
505.Xr procstat 1 ,
506.Xr ps 1 ,
507.Xr sockstat 1 ,
508.Xr bpf 4 ,
509.Xr inet 4 ,
510.Xr route 4 ,
511.Xr unix 4 ,
512.Xr hosts 5 ,
513.Xr networks 5 ,
514.Xr protocols 5 ,
515.Xr services 5 ,
516.Xr iostat 8 ,
517.Xr route 8 ,
518.Xr trpt 8 ,
519.Xr vmstat 8 ,
520.Xr mbuf 9
521.Sh HISTORY
522The
523.Nm
524command appeared in
525.Bx 4.2 .
526.Pp
527IPv6 support was added by WIDE/KAME project.
528.Sh BUGS
529The notion of errors is ill-defined.
530