1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 33.\" $FreeBSD$ 34.\" 35.Dd March 25, 2004 36.Dt NETSTAT 1 37.Os 38.Sh NAME 39.Nm netstat 40.Nd show network status 41.Sh DESCRIPTION 42The 43.Nm 44command symbolically displays the contents of various network-related 45data structures. 46There are a number of output formats, 47depending on the options for the information presented. 48.Bl -tag -width indent 49.It Xo 50.Bk -words 51.Nm 52.Op Fl AaLnSW 53.Op Fl f Ar protocol_family | Fl p Ar protocol 54.Op Fl M Ar core 55.Op Fl N Ar system 56.Ek 57.Xc 58Display a list of active sockets 59(protocol control blocks) 60for each network protocol, 61for a particular 62.Ar protocol_family , 63or for a single 64.Ar protocol . 65If 66.Fl A 67is also present, 68show the address of a protocol control block (PCB) 69associated with a socket; used for debugging. 70If 71.Fl a 72is also present, 73show the state of all sockets; 74normally sockets used by server processes are not shown. 75If 76.Fl L 77is also present, 78show the size of the various listen queues. 79The first count shows the number of unaccepted connections, 80the second count shows the amount of unaccepted incomplete connections, 81and the third count is the maximum number of queued connections. 82If 83.Fl S 84is also present, 85show network addresses as numbers (as with 86.Fl n ) 87but show ports symbolically. 88.It Xo 89.Bk -words 90.Nm 91.Fl i | I Ar interface 92.Op Fl abdnt 93.Op Fl f Ar address_family 94.Op Fl M Ar core 95.Op Fl N Ar system 96.Ek 97.Xc 98Show the state of all network interfaces or a single 99.Ar interface 100which have been auto-configured 101(interfaces statically configured into a system, but not 102located at boot time are not shown). 103An asterisk 104.Pq Dq Li * 105after an interface name indicates that the interface is 106.Dq down . 107If 108.Fl a 109is also present, multicast addresses currently in use are shown 110for each Ethernet interface and for each IP interface address. 111Multicast addresses are shown on separate lines following the interface 112address with which they are associated. 113If 114.Fl b 115is also present, show the number of bytes in and out. 116If 117.Fl d 118is also present, show the number of dropped packets. 119If 120.Fl t 121is also present, show the contents of watchdog timers. 122If 123.Fl W 124is also present, print interface names using a wider field size. 125.It Xo 126.Bk -words 127.Nm 128.Fl w Ar wait 129.Op Fl I Ar interface 130.Op Fl d 131.Op Fl M Ar core 132.Op Fl N Ar system 133.Ek 134.Xc 135At intervals of 136.Ar wait 137seconds, 138display the information regarding packet 139traffic on all configured network interfaces 140or a single 141.Ar interface . 142If 143.Fl d 144is also present, show the number of dropped packets. 145.It Xo 146.Bk -words 147.Nm 148.Fl s Op Fl s 149.Op Fl z 150.Op Fl f Ar protocol_family | Fl p Ar protocol 151.Op Fl M Ar core 152.Op Fl N Ar system 153.Ek 154.Xc 155Display system-wide statistics for each network protocol, 156for a particular 157.Ar protocol_family , 158or for a single 159.Ar protocol . 160If 161.Fl s 162is repeated, counters with a value of zero are suppressed. 163If 164.Fl z 165is also present, reset statistic counters after displaying them. 166.It Xo 167.Bk -words 168.Nm 169.Fl i | I Ar interface Fl s 170.Op Fl f Ar protocol_family | Fl p Ar protocol 171.Op Fl M Ar core 172.Op Fl N Ar system 173.Ek 174.Xc 175Display per-interface statistics for each network protocol, 176for a particular 177.Ar protocol_family , 178or for a single 179.Ar protocol . 180.It Xo 181.Bk -words 182.Nm 183.Fl m 184.Op Fl M Ar core 185.Op Fl N Ar system 186.Ek 187.Xc 188Show statistics recorded by the memory management routines 189.Pq Xr mbuf 9 . 190The network manages a private pool of memory buffers. 191.It Xo 192.Bk -words 193.Nm 194.Fl r 195.Op Fl AanW 196.Op Fl f Ar address_family 197.Op Fl M Ar core 198.Op Fl N Ar system 199.Ek 200.Xc 201Display the contents of all routing tables, 202or a routing table for a particular 203.Ar address_family . 204If 205.Fl A 206is also present, 207show the contents of the internal Patricia tree 208structures; used for debugging. 209If 210.Fl a 211is also present, 212show protocol-cloned routes 213(routes generated by an 214.Dv RTF_PRCLONING 215parent route); 216normally these routes are not shown. 217When 218.Fl W 219is also present, 220show the path MTU 221for each route, 222and print interface 223names with a wider 224field size. 225.It Xo 226.Bk -words 227.Nm 228.Fl rs 229.Op Fl s 230.Op Fl M Ar core 231.Op Fl N Ar system 232.Ek 233.Xc 234Display routing statistics. 235If 236.Fl s 237is repeated, counters with a value of zero are suppressed. 238.It Xo 239.Bk -words 240.Nm 241.Fl g 242.Op Fl W 243.Op Fl f Ar address_family 244.Op Fl M Ar core 245.Op Fl N Ar system 246.Ek 247.Xc 248Show information related to multicast (group address) routing. 249By default, show the IP Multicast virtual-interface and routing tables, 250and multicast group memberships. 251.It Xo 252.Bk -words 253.Nm 254.Fl gs 255.Op Fl s 256.Op Fl f Ar address_family 257.Op Fl M Ar core 258.Op Fl N Ar system 259.Ek 260.Xc 261Show multicast routing statistics. 262If 263.Fl s 264is repeated, counters with a value of zero are suppressed. 265.El 266.Pp 267Some options have the general meaning: 268.Bl -tag -width flag 269.It Fl f Ar address_family , Fl p Ar protocol 270Limit display to those records 271of the specified 272.Ar address_family 273or a single 274.Ar protocol . 275The following address families and protocols are recognized: 276.Pp 277.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 278.It Em Family 279.Em Protocols 280.It Cm inet Pq Dv AF_INET 281.Cm bdg , divert , icmp , igmp , ip , ipsec , pim, tcp , udp 282.It Cm inet6 Pq Dv AF_INET6 283.Cm bdg , icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 284.It Cm pfkey Pq Dv PF_KEY 285.Cm pfkey 286.It Cm atalk Pq Dv AF_APPLETALK 287.Cm ddp 288.It Cm netgraph , ng Pq Dv AF_NETGRAPH 289.Cm ctrl , data 290.It Cm ipx Pq Dv AF_IPX 291.Cm ipx , spx 292.\".It Cm ns Pq Dv AF_NS 293.\".Cm idp , ns_err , spp 294.\".It Cm iso Pq Dv AF_ISO 295.\".Cm clnp , cltp , esis , tp 296.It Cm unix Pq Dv AF_UNIX 297.It Cm link Pq Dv AF_LINK 298.El 299.Pp 300The program will complain if 301.Ar protocol 302is unknown or if there is no statistics routine for it. 303.It Fl M 304Extract values associated with the name list from the specified core 305instead of the default 306.Pa /dev/kmem . 307.It Fl N 308Extract the name list from the specified system instead of the default, 309which is the kernel image the system has booted from. 310.It Fl n 311Show network addresses and ports as numbers. 312Normally 313.Nm 314attempts to resolve addresses and ports, 315and display them symbolically. 316.It Fl W 317In certain displays, avoid truncating addresses even if this causes 318some fields to overflow. 319.El 320.Pp 321The default display, for active sockets, shows the local 322and remote addresses, send and receive queue sizes (in bytes), protocol, 323and the internal state of the protocol. 324Address formats are of the form 325.Dq host.port 326or 327.Dq network.port 328if a socket's address specifies a network but no specific host address. 329When known, the host and network addresses are displayed symbolically 330according to the databases 331.Xr hosts 5 332and 333.Xr networks 5 , 334respectively. 335If a symbolic name for an address is unknown, or if 336the 337.Fl n 338option is specified, the address is printed numerically, according 339to the address family. 340For more information regarding 341the Internet IPv4 342.Dq dot format , 343refer to 344.Xr inet 3 . 345Unspecified, 346or 347.Dq wildcard , 348addresses and ports appear as 349.Dq Li * . 350.Pp 351The interface display provides a table of cumulative 352statistics regarding packets transferred, errors, and collisions. 353The network addresses of the interface 354and the maximum transmission unit 355.Pq Dq mtu 356are also displayed. 357.Pp 358The routing table display indicates the available routes and their status. 359Each route consists of a destination host or network, and a gateway to use 360in forwarding packets. 361The flags field shows a collection of information about the route stored 362as binary choices. 363The individual flags are discussed in more detail in the 364.Xr route 8 365and 366.Xr route 4 367manual pages. 368The mapping between letters and flags is: 369.Bl -column ".Li W" ".Dv RTF_WASCLONED" 370.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 371.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 372.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 373.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 374.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 375.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use" 376.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use" 377.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 378.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 379.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 380.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 381.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 382.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 383.It Li S Ta Dv RTF_STATIC Ta "Manually added" 384.It Li U Ta Dv RTF_UP Ta "Route usable" 385.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning" 386.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 387.El 388.Pp 389Direct routes are created for each 390interface attached to the local host; 391the gateway field for such entries shows the address of the outgoing interface. 392The refcnt field gives the 393current number of active uses of the route. 394Connection oriented 395protocols normally hold on to a single route for the duration of 396a connection while connectionless protocols obtain a route while sending 397to the same destination. 398The use field provides a count of the number of packets 399sent using that route. 400The interface entry indicates the network interface utilized for the route. 401.Pp 402When 403.Nm 404is invoked with the 405.Fl w 406option and a 407.Ar wait 408interval argument, it displays a running count of statistics related to 409network interfaces. 410An obsolescent version of this option used a numeric parameter 411with no option, and is currently supported for backward compatibility. 412By default, this display summarizes information for all interfaces. 413Information for a specific interface may be displayed with the 414.Fl I 415option. 416.Sh SEE ALSO 417.Xr fstat 1 , 418.Xr nfsstat 1 , 419.Xr ps 1 , 420.Xr sockstat 1 , 421.Xr inet 4 , 422.Xr route 4 , 423.Xr unix 4 , 424.Xr hosts 5 , 425.Xr networks 5 , 426.Xr protocols 5 , 427.Xr services 5 , 428.Xr iostat 8 , 429.Xr route 8 , 430.Xr trpt 8 , 431.Xr vmstat 8 , 432.Xr mbuf 9 433.Sh HISTORY 434The 435.Nm 436command appeared in 437.Bx 4.2 . 438.Pp 439IPv6 support was added by WIDE/KAME project. 440.Sh BUGS 441The notion of errors is ill-defined. 442