1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 33.\" $FreeBSD$ 34.\" 35.Dd July 9, 2009 36.Dt NETSTAT 1 37.Os 38.Sh NAME 39.Nm netstat 40.Nd show network status 41.Sh DESCRIPTION 42The 43.Nm 44command symbolically displays the contents of various network-related 45data structures. 46There are a number of output formats, 47depending on the options for the information presented. 48.Bl -tag -width indent 49.It Xo 50.Bk -words 51.Nm 52.Op Fl AaLnSWx 53.Op Fl f Ar protocol_family | Fl p Ar protocol 54.Op Fl M Ar core 55.Op Fl N Ar system 56.Ek 57.Xc 58Display a list of active sockets 59(protocol control blocks) 60for each network protocol, 61for a particular 62.Ar protocol_family , 63or for a single 64.Ar protocol . 65If 66.Fl A 67is also present, 68show the address of a protocol control block (PCB) 69associated with a socket; used for debugging. 70If 71.Fl a 72is also present, 73show the state of all sockets; 74normally sockets used by server processes are not shown. 75If 76.Fl L 77is also present, 78show the size of the various listen queues. 79The first count shows the number of unaccepted connections, 80the second count shows the amount of unaccepted incomplete connections, 81and the third count is the maximum number of queued connections. 82If 83.Fl S 84is also present, 85show network addresses as numbers (as with 86.Fl n ) 87but show ports symbolically. 88If 89.Fl x 90is present, display socket buffer and tcp timer statistics for each internet socket. 91.It Xo 92.Bk -words 93.Nm 94.Fl i | I Ar interface 95.Op Fl abdhnW 96.Op Fl f Ar address_family 97.Op Fl M Ar core 98.Op Fl N Ar system 99.Ek 100.Xc 101Show the state of all network interfaces or a single 102.Ar interface 103which have been auto-configured 104(interfaces statically configured into a system, but not 105located at boot time are not shown). 106An asterisk 107.Pq Dq Li * 108after an interface name indicates that the interface is 109.Dq down . 110If 111.Fl a 112is also present, multicast addresses currently in use are shown 113for each Ethernet interface and for each IP interface address. 114Multicast addresses are shown on separate lines following the interface 115address with which they are associated. 116If 117.Fl b 118is also present, show the number of bytes in and out. 119If 120.Fl d 121is also present, show the number of dropped packets. 122If 123.Fl h 124is also present, print all counters in human readable form. 125If 126.Fl W 127is also present, print interface names using a wider field size. 128.It Xo 129.Bk -words 130.Nm 131.Fl w Ar wait 132.Op Fl I Ar interface 133.Op Fl d 134.Op Fl M Ar core 135.Op Fl N Ar system 136.Ek 137.Xc 138At intervals of 139.Ar wait 140seconds, 141display the information regarding packet 142traffic on all configured network interfaces 143or a single 144.Ar interface . 145If 146.Fl d 147is also present, show the number of dropped packets. 148.It Xo 149.Bk -words 150.Nm 151.Fl s Op Fl s 152.Op Fl z 153.Op Fl f Ar protocol_family | Fl p Ar protocol 154.Op Fl M Ar core 155.Op Fl N Ar system 156.Ek 157.Xc 158Display system-wide statistics for each network protocol, 159for a particular 160.Ar protocol_family , 161or for a single 162.Ar protocol . 163If 164.Fl s 165is repeated, counters with a value of zero are suppressed. 166If 167.Fl z 168is also present, reset statistic counters after displaying them. 169.It Xo 170.Bk -words 171.Nm 172.Fl i | I Ar interface Fl s 173.Op Fl f Ar protocol_family | Fl p Ar protocol 174.Op Fl M Ar core 175.Op Fl N Ar system 176.Ek 177.Xc 178Display per-interface statistics for each network protocol, 179for a particular 180.Ar protocol_family , 181or for a single 182.Ar protocol . 183.It Xo 184.Bk -words 185.Nm 186.Fl m 187.Op Fl M Ar core 188.Op Fl N Ar system 189.Ek 190.Xc 191Show statistics recorded by the memory management routines 192.Pq Xr mbuf 9 . 193The network manages a private pool of memory buffers. 194.It Xo 195.Bk -words 196.Nm 197.Fl B 198.Op Fl z 199.Op Fl I Ar interface 200.Ek 201.Xc 202Show statistics about 203.Xr bpf 4 204peers. 205This includes information like 206how many packets have been matched, dropped and received by the 207bpf device, also information about current buffer sizes and device 208states. 209.It Xo 210.Bk -words 211.Nm 212.Fl r 213.Op Fl AanW 214.Op Fl f Ar address_family 215.Op Fl M Ar core 216.Op Fl N Ar system 217.Ek 218.Xc 219Display the contents of all routing tables, 220or a routing table for a particular 221.Ar address_family . 222If 223.Fl A 224is also present, 225show the contents of the internal Patricia tree 226structures; used for debugging. 227If 228.Fl a 229is also present, 230show protocol-cloned routes 231(routes generated by an 232.Dv RTF_PRCLONING 233parent route); 234normally these routes are not shown. 235When 236.Fl W 237is also present, 238show the path MTU 239for each route, 240and print interface 241names with a wider 242field size. 243.It Xo 244.Bk -words 245.Nm 246.Fl rs 247.Op Fl s 248.Op Fl M Ar core 249.Op Fl N Ar system 250.Ek 251.Xc 252Display routing statistics. 253If 254.Fl s 255is repeated, counters with a value of zero are suppressed. 256.It Xo 257.Bk -words 258.Nm 259.Fl g 260.Op Fl W 261.Op Fl f Ar address_family 262.Op Fl M Ar core 263.Op Fl N Ar system 264.Ek 265.Xc 266Display the contents of the multicast virtual interface tables, 267and multicast forwarding caches. 268Entries in these tables will appear only when the kernel is 269actively forwarding multicast sessions. 270This option is applicable only to the 271.Cm inet 272and 273.Cm inet6 274address families. 275.It Xo 276.Bk -words 277.Nm 278.Fl gs 279.Op Fl s 280.Op Fl f Ar address_family 281.Op Fl M Ar core 282.Op Fl N Ar system 283.Ek 284.Xc 285Show multicast routing statistics. 286If 287.Fl s 288is repeated, counters with a value of zero are suppressed. 289.El 290.Pp 291Some options have the general meaning: 292.Bl -tag -width flag 293.It Fl f Ar address_family , Fl p Ar protocol 294Limit display to those records 295of the specified 296.Ar address_family 297or a single 298.Ar protocol . 299The following address families and protocols are recognized: 300.Pp 301.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 302.It Em Family 303.Em Protocols 304.It Cm inet Pq Dv AF_INET 305.Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp 306.It Cm inet6 Pq Dv AF_INET6 307.Cm icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 308.It Cm pfkey Pq Dv PF_KEY 309.Cm pfkey 310.It Cm atalk Pq Dv AF_APPLETALK 311.Cm ddp 312.It Cm netgraph , ng Pq Dv AF_NETGRAPH 313.Cm ctrl , data 314.It Cm ipx Pq Dv AF_IPX 315.Cm ipx , spx 316.\".It Cm ns Pq Dv AF_NS 317.\".Cm idp , ns_err , spp 318.\".It Cm iso Pq Dv AF_ISO 319.\".Cm clnp , cltp , esis , tp 320.It Cm unix Pq Dv AF_UNIX 321.It Cm link Pq Dv AF_LINK 322.El 323.Pp 324The program will complain if 325.Ar protocol 326is unknown or if there is no statistics routine for it. 327.It Fl M 328Extract values associated with the name list from the specified core 329instead of the default 330.Pa /dev/kmem . 331.It Fl N 332Extract the name list from the specified system instead of the default, 333which is the kernel image the system has booted from. 334.It Fl n 335Show network addresses and ports as numbers. 336Normally 337.Nm 338attempts to resolve addresses and ports, 339and display them symbolically. 340.It Fl W 341In certain displays, avoid truncating addresses even if this causes 342some fields to overflow. 343.El 344.Pp 345The default display, for active sockets, shows the local 346and remote addresses, send and receive queue sizes (in bytes), protocol, 347and the internal state of the protocol. 348Address formats are of the form 349.Dq host.port 350or 351.Dq network.port 352if a socket's address specifies a network but no specific host address. 353When known, the host and network addresses are displayed symbolically 354according to the databases 355.Xr hosts 5 356and 357.Xr networks 5 , 358respectively. 359If a symbolic name for an address is unknown, or if 360the 361.Fl n 362option is specified, the address is printed numerically, according 363to the address family. 364For more information regarding 365the Internet IPv4 366.Dq dot format , 367refer to 368.Xr inet 3 . 369Unspecified, 370or 371.Dq wildcard , 372addresses and ports appear as 373.Dq Li * . 374.Pp 375The interface display provides a table of cumulative 376statistics regarding packets transferred, errors, and collisions. 377The network addresses of the interface 378and the maximum transmission unit 379.Pq Dq mtu 380are also displayed. 381.Pp 382The routing table display indicates the available routes and their status. 383Each route consists of a destination host or network, and a gateway to use 384in forwarding packets. 385The flags field shows a collection of information about the route stored 386as binary choices. 387The individual flags are discussed in more detail in the 388.Xr route 8 389and 390.Xr route 4 391manual pages. 392The mapping between letters and flags is: 393.Bl -column ".Li W" ".Dv RTF_WASCLONED" 394.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 395.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 396.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 397.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 398.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 399.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use" 400.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use" 401.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 402.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 403.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 404.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 405.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 406.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 407.It Li S Ta Dv RTF_STATIC Ta "Manually added" 408.It Li U Ta Dv RTF_UP Ta "Route usable" 409.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning" 410.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 411.El 412.Pp 413Direct routes are created for each 414interface attached to the local host; 415the gateway field for such entries shows the address of the outgoing interface. 416The refcnt field gives the 417current number of active uses of the route. 418Connection oriented 419protocols normally hold on to a single route for the duration of 420a connection while connectionless protocols obtain a route while sending 421to the same destination. 422The use field provides a count of the number of packets 423sent using that route. 424The interface entry indicates the network interface utilized for the route. 425.Pp 426When 427.Nm 428is invoked with the 429.Fl w 430option and a 431.Ar wait 432interval argument, it displays a running count of statistics related to 433network interfaces. 434An obsolescent version of this option used a numeric parameter 435with no option, and is currently supported for backward compatibility. 436By default, this display summarizes information for all interfaces. 437Information for a specific interface may be displayed with the 438.Fl I 439option. 440.Pp 441The 442.Xr bpf 4 443flags displayed when 444.Nm 445is invoked with the 446.Fl B 447option represent the underlying parameters of the bpf peer. 448Each flag is 449represented as a single lower case letter. 450The mapping between the letters and flags in order of appearance are: 451.Bl -column ".Li i" 452.It Li p Ta Set if listening promiscuously 453.It Li i Ta Dv BIOCIMMEDIATE No has been set on the device 454.It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being 455filled automatically 456.It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and 457remotely on the interface. 458.It Li a Ta Packet reception generates a signal 459.It Li l Ta Dv BIOCLOCK No status: descriptor has been locked 460.El 461.Pp 462For more information about these flags, please refer to 463.Xr bpf 4 . 464.Pp 465The 466.Fl x 467flag causes 468.Nm 469to output all the information recorded about data 470stored in the socket buffers. 471The fields are: 472.Bl -column ".Li R-MBUF" 473.It Li R-MBUF Ta Number of mbufs in the receive queue. 474.It Li S-MBUF Ta Number of mbufs in the send queue. 475.It Li R-CLUS Ta Number of clusters, of any type, in the receive 476queue. 477.It Li S-CLUS Ta Number of clusters, of any type, in the send queue. 478.It Li R-HIWA Ta Receive buffer high water mark, in bytes. 479.It Li S-HIWA Ta Send buffer high water mark, in bytes. 480.It Li R-LOWA Ta Receive buffer low water mark, in bytes. 481.It Li S-LOWA Ta Send buffer low water mark, in bytes. 482.It Li R-BCNT Ta Receive buffer byte count. 483.It Li S-BCNT Ta Send buffer byte count. 484.It Li R-BMAX Ta Maximum bytes that can be used in the receive buffer. 485.It Li S-BMAX Ta Maximum bytes that can be used in the send buffer. 486.El 487.Sh SEE ALSO 488.Xr fstat 1 , 489.Xr nfsstat 1 , 490.Xr procstat 1 , 491.Xr ps 1 , 492.Xr sockstat 1 , 493.Xr bpf 4 , 494.Xr inet 4 , 495.Xr route 4 , 496.Xr unix 4 , 497.Xr hosts 5 , 498.Xr networks 5 , 499.Xr protocols 5 , 500.Xr services 5 , 501.Xr iostat 8 , 502.Xr route 8 , 503.Xr trpt 8 , 504.Xr vmstat 8 , 505.Xr mbuf 9 506.Sh HISTORY 507The 508.Nm 509command appeared in 510.Bx 4.2 . 511.Pp 512IPv6 support was added by WIDE/KAME project. 513.Sh BUGS 514The notion of errors is ill-defined. 515