1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 33.\" $FreeBSD$ 34.\" 35.Dd February 22, 2010 36.Dt NETSTAT 1 37.Os 38.Sh NAME 39.Nm netstat 40.Nd show network status 41.Sh DESCRIPTION 42The 43.Nm 44command symbolically displays the contents of various network-related 45data structures. 46There are a number of output formats, 47depending on the options for the information presented. 48.Bl -tag -width indent 49.It Xo 50.Bk -words 51.Nm 52.Op Fl AaLnSWx 53.Op Fl f Ar protocol_family | Fl p Ar protocol 54.Op Fl M Ar core 55.Op Fl N Ar system 56.Ek 57.Xc 58Display a list of active sockets 59(protocol control blocks) 60for each network protocol, 61for a particular 62.Ar protocol_family , 63or for a single 64.Ar protocol . 65If 66.Fl A 67is also present, 68show the address of a protocol control block (PCB) 69associated with a socket; used for debugging. 70If 71.Fl a 72is also present, 73show the state of all sockets; 74normally sockets used by server processes are not shown. 75If 76.Fl L 77is also present, 78show the size of the various listen queues. 79The first count shows the number of unaccepted connections, 80the second count shows the amount of unaccepted incomplete connections, 81and the third count is the maximum number of queued connections. 82If 83.Fl S 84is also present, 85show network addresses as numbers (as with 86.Fl n ) 87but show ports symbolically. 88If 89.Fl x 90is present, display socket buffer and tcp timer statistics for each internet socket. 91.It Xo 92.Bk -words 93.Nm 94.Fl i | I Ar interface 95.Op Fl abdhnW 96.Op Fl f Ar address_family 97.Op Fl M Ar core 98.Op Fl N Ar system 99.Ek 100.Xc 101Show the state of all network interfaces or a single 102.Ar interface 103which have been auto-configured 104(interfaces statically configured into a system, but not 105located at boot time are not shown). 106An asterisk 107.Pq Dq Li * 108after an interface name indicates that the interface is 109.Dq down . 110If 111.Fl a 112is also present, multicast addresses currently in use are shown 113for each Ethernet interface and for each IP interface address. 114Multicast addresses are shown on separate lines following the interface 115address with which they are associated. 116If 117.Fl b 118is also present, show the number of bytes in and out. 119If 120.Fl d 121is also present, show the number of dropped packets. 122If 123.Fl h 124is also present, print all counters in human readable form. 125If 126.Fl W 127is also present, print interface names using a wider field size. 128.It Xo 129.Bk -words 130.Nm 131.Fl w Ar wait 132.Op Fl I Ar interface 133.Op Fl d 134.Op Fl M Ar core 135.Op Fl N Ar system 136.Op Fl q Ar howmany 137.Ek 138.Xc 139At intervals of 140.Ar wait 141seconds, 142display the information regarding packet 143traffic on all configured network interfaces 144or a single 145.Ar interface . 146If 147.Fl q 148is also present, exit after 149.Ar howmany 150outputs. 151If 152.Fl d 153is also present, show the number of dropped packets. 154.It Xo 155.Bk -words 156.Nm 157.Fl s Op Fl s 158.Op Fl z 159.Op Fl f Ar protocol_family | Fl p Ar protocol 160.Op Fl M Ar core 161.Op Fl N Ar system 162.Ek 163.Xc 164Display system-wide statistics for each network protocol, 165for a particular 166.Ar protocol_family , 167or for a single 168.Ar protocol . 169If 170.Fl s 171is repeated, counters with a value of zero are suppressed. 172If 173.Fl z 174is also present, reset statistic counters after displaying them. 175.It Xo 176.Bk -words 177.Nm 178.Fl i | I Ar interface Fl s 179.Op Fl f Ar protocol_family | Fl p Ar protocol 180.Op Fl M Ar core 181.Op Fl N Ar system 182.Ek 183.Xc 184Display per-interface statistics for each network protocol, 185for a particular 186.Ar protocol_family , 187or for a single 188.Ar protocol . 189.It Xo 190.Bk -words 191.Nm 192.Fl m 193.Op Fl M Ar core 194.Op Fl N Ar system 195.Ek 196.Xc 197Show statistics recorded by the memory management routines 198.Pq Xr mbuf 9 . 199The network manages a private pool of memory buffers. 200.It Xo 201.Bk -words 202.Nm 203.Fl B 204.Op Fl z 205.Op Fl I Ar interface 206.Ek 207.Xc 208Show statistics about 209.Xr bpf 4 210peers. 211This includes information like 212how many packets have been matched, dropped and received by the 213bpf device, also information about current buffer sizes and device 214states. 215.It Xo 216.Bk -words 217.Nm 218.Fl r 219.Op Fl AanW 220.Op Fl f Ar address_family 221.Op Fl M Ar core 222.Op Fl N Ar system 223.Ek 224.Xc 225Display the contents of all routing tables, 226or a routing table for a particular 227.Ar address_family . 228If 229.Fl A 230is also present, 231show the contents of the internal Patricia tree 232structures; used for debugging. 233If 234.Fl a 235is also present, 236show protocol-cloned routes 237(routes generated by an 238.Dv RTF_PRCLONING 239parent route); 240normally these routes are not shown. 241When 242.Fl W 243is also present, 244show the path MTU 245for each route, 246and print interface 247names with a wider 248field size. 249.It Xo 250.Bk -words 251.Nm 252.Fl rs 253.Op Fl s 254.Op Fl M Ar core 255.Op Fl N Ar system 256.Ek 257.Xc 258Display routing statistics. 259If 260.Fl s 261is repeated, counters with a value of zero are suppressed. 262.It Xo 263.Bk -words 264.Nm 265.Fl g 266.Op Fl W 267.Op Fl f Ar address_family 268.Op Fl M Ar core 269.Op Fl N Ar system 270.Ek 271.Xc 272Display the contents of the multicast virtual interface tables, 273and multicast forwarding caches. 274Entries in these tables will appear only when the kernel is 275actively forwarding multicast sessions. 276This option is applicable only to the 277.Cm inet 278and 279.Cm inet6 280address families. 281.It Xo 282.Bk -words 283.Nm 284.Fl gs 285.Op Fl s 286.Op Fl f Ar address_family 287.Op Fl M Ar core 288.Op Fl N Ar system 289.Ek 290.Xc 291Show multicast routing statistics. 292If 293.Fl s 294is repeated, counters with a value of zero are suppressed. 295.It Xo 296.Bk -words 297.Nm 298.Fl Q 299.Ek 300.Xc 301Show 302.Xr netisr 9 303statistics. 304.El 305.Pp 306Some options have the general meaning: 307.Bl -tag -width flag 308.It Fl f Ar address_family , Fl p Ar protocol 309Limit display to those records 310of the specified 311.Ar address_family 312or a single 313.Ar protocol . 314The following address families and protocols are recognized: 315.Pp 316.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 317.It Em Family 318.Em Protocols 319.It Cm inet Pq Dv AF_INET 320.Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp 321.It Cm inet6 Pq Dv AF_INET6 322.Cm icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 323.It Cm pfkey Pq Dv PF_KEY 324.Cm pfkey 325.It Cm atalk Pq Dv AF_APPLETALK 326.Cm ddp 327.It Cm netgraph , ng Pq Dv AF_NETGRAPH 328.Cm ctrl , data 329.It Cm ipx Pq Dv AF_IPX 330.Cm ipx , spx 331.\".It Cm ns Pq Dv AF_NS 332.\".Cm idp , ns_err , spp 333.\".It Cm iso Pq Dv AF_ISO 334.\".Cm clnp , cltp , esis , tp 335.It Cm unix Pq Dv AF_UNIX 336.It Cm link Pq Dv AF_LINK 337.El 338.Pp 339The program will complain if 340.Ar protocol 341is unknown or if there is no statistics routine for it. 342.It Fl M 343Extract values associated with the name list from the specified core 344instead of the default 345.Pa /dev/kmem . 346.It Fl N 347Extract the name list from the specified system instead of the default, 348which is the kernel image the system has booted from. 349.It Fl n 350Show network addresses and ports as numbers. 351Normally 352.Nm 353attempts to resolve addresses and ports, 354and display them symbolically. 355.It Fl W 356In certain displays, avoid truncating addresses even if this causes 357some fields to overflow. 358.El 359.Pp 360The default display, for active sockets, shows the local 361and remote addresses, send and receive queue sizes (in bytes), protocol, 362and the internal state of the protocol. 363Address formats are of the form 364.Dq host.port 365or 366.Dq network.port 367if a socket's address specifies a network but no specific host address. 368When known, the host and network addresses are displayed symbolically 369according to the databases 370.Xr hosts 5 371and 372.Xr networks 5 , 373respectively. 374If a symbolic name for an address is unknown, or if 375the 376.Fl n 377option is specified, the address is printed numerically, according 378to the address family. 379For more information regarding 380the Internet IPv4 381.Dq dot format , 382refer to 383.Xr inet 3 . 384Unspecified, 385or 386.Dq wildcard , 387addresses and ports appear as 388.Dq Li * . 389.Pp 390The interface display provides a table of cumulative 391statistics regarding packets transferred, errors, and collisions. 392The network addresses of the interface 393and the maximum transmission unit 394.Pq Dq mtu 395are also displayed. 396.Pp 397The routing table display indicates the available routes and their status. 398Each route consists of a destination host or network, and a gateway to use 399in forwarding packets. 400The flags field shows a collection of information about the route stored 401as binary choices. 402The individual flags are discussed in more detail in the 403.Xr route 8 404and 405.Xr route 4 406manual pages. 407The mapping between letters and flags is: 408.Bl -column ".Li W" ".Dv RTF_WASCLONED" 409.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 410.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 411.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 412.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 413.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 414.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use" 415.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use" 416.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 417.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 418.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 419.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 420.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 421.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 422.It Li S Ta Dv RTF_STATIC Ta "Manually added" 423.It Li U Ta Dv RTF_UP Ta "Route usable" 424.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning" 425.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 426.El 427.Pp 428Direct routes are created for each 429interface attached to the local host; 430the gateway field for such entries shows the address of the outgoing interface. 431The refcnt field gives the 432current number of active uses of the route. 433Connection oriented 434protocols normally hold on to a single route for the duration of 435a connection while connectionless protocols obtain a route while sending 436to the same destination. 437The use field provides a count of the number of packets 438sent using that route. 439The interface entry indicates the network interface utilized for the route. 440.Pp 441When 442.Nm 443is invoked with the 444.Fl w 445option and a 446.Ar wait 447interval argument, it displays a running count of statistics related to 448network interfaces. 449An obsolescent version of this option used a numeric parameter 450with no option, and is currently supported for backward compatibility. 451By default, this display summarizes information for all interfaces. 452Information for a specific interface may be displayed with the 453.Fl I 454option. 455.Pp 456The 457.Xr bpf 4 458flags displayed when 459.Nm 460is invoked with the 461.Fl B 462option represent the underlying parameters of the bpf peer. 463Each flag is 464represented as a single lower case letter. 465The mapping between the letters and flags in order of appearance are: 466.Bl -column ".Li i" 467.It Li p Ta Set if listening promiscuously 468.It Li i Ta Dv BIOCIMMEDIATE No has been set on the device 469.It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being 470filled automatically 471.It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and 472remotely on the interface. 473.It Li a Ta Packet reception generates a signal 474.It Li l Ta Dv BIOCLOCK No status: descriptor has been locked 475.El 476.Pp 477For more information about these flags, please refer to 478.Xr bpf 4 . 479.Pp 480The 481.Fl x 482flag causes 483.Nm 484to output all the information recorded about data 485stored in the socket buffers. 486The fields are: 487.Bl -column ".Li R-MBUF" 488.It Li R-MBUF Ta Number of mbufs in the receive queue. 489.It Li S-MBUF Ta Number of mbufs in the send queue. 490.It Li R-CLUS Ta Number of clusters, of any type, in the receive 491queue. 492.It Li S-CLUS Ta Number of clusters, of any type, in the send queue. 493.It Li R-HIWA Ta Receive buffer high water mark, in bytes. 494.It Li S-HIWA Ta Send buffer high water mark, in bytes. 495.It Li R-LOWA Ta Receive buffer low water mark, in bytes. 496.It Li S-LOWA Ta Send buffer low water mark, in bytes. 497.It Li R-BCNT Ta Receive buffer byte count. 498.It Li S-BCNT Ta Send buffer byte count. 499.It Li R-BMAX Ta Maximum bytes that can be used in the receive buffer. 500.It Li S-BMAX Ta Maximum bytes that can be used in the send buffer. 501.El 502.Sh SEE ALSO 503.Xr fstat 1 , 504.Xr nfsstat 1 , 505.Xr procstat 1 , 506.Xr ps 1 , 507.Xr sockstat 1 , 508.Xr bpf 4 , 509.Xr inet 4 , 510.Xr route 4 , 511.Xr unix 4 , 512.Xr hosts 5 , 513.Xr networks 5 , 514.Xr protocols 5 , 515.Xr services 5 , 516.Xr iostat 8 , 517.Xr route 8 , 518.Xr trpt 8 , 519.Xr vmstat 8 , 520.Xr mbuf 9 521.Sh HISTORY 522The 523.Nm 524command appeared in 525.Bx 4.2 . 526.Pp 527IPv6 support was added by WIDE/KAME project. 528.Sh BUGS 529The notion of errors is ill-defined. 530