1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 4. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 29.\" $FreeBSD$ 30.\" 31.Dd May 17, 2013 32.Dt NETSTAT 1 33.Os 34.Sh NAME 35.Nm netstat 36.Nd show network status 37.Sh DESCRIPTION 38The 39.Nm 40command symbolically displays the contents of various network-related 41data structures. 42There are a number of output formats, 43depending on the options for the information presented. 44.Bl -tag -width indent 45.It Xo 46.Bk -words 47.Nm 48.Op Fl AaLnSTWx 49.Op Fl f Ar protocol_family | Fl p Ar protocol 50.Op Fl M Ar core 51.Op Fl N Ar system 52.Ek 53.Xc 54Display a list of active sockets 55(protocol control blocks) 56for each network protocol, 57for a particular 58.Ar protocol_family , 59or for a single 60.Ar protocol . 61If 62.Fl A 63is also present, 64show the address of a protocol control block (PCB) 65associated with a socket; used for debugging. 66If 67.Fl a 68is also present, 69show the state of all sockets; 70normally sockets used by server processes are not shown. 71If 72.Fl L 73is also present, 74show the size of the various listen queues. 75The first count shows the number of unaccepted connections, 76the second count shows the amount of unaccepted incomplete connections, 77and the third count is the maximum number of queued connections. 78If 79.Fl S 80is also present, 81show network addresses as numbers (as with 82.Fl n ) 83but show ports symbolically. 84If 85.Fl x 86is present, display socket buffer and tcp timer statistics for each internet socket. 87When 88.Fl T 89is present, display information from the TCP control block, including 90retransmits, out-of-order packets received, and zero-sized windows advertised. 91.It Xo 92.Bk -words 93.Nm 94.Fl i | I Ar interface 95.Op Fl abdhnW 96.Op Fl f Ar address_family 97.Op Fl M Ar core 98.Op Fl N Ar system 99.Ek 100.Xc 101Show the state of all network interfaces or a single 102.Ar interface 103which have been auto-configured 104(interfaces statically configured into a system, but not 105located at boot time are not shown). 106An asterisk 107.Pq Dq Li * 108after an interface name indicates that the interface is 109.Dq down . 110If 111.Fl a 112is also present, multicast addresses currently in use are shown 113for each Ethernet interface and for each IP interface address. 114Multicast addresses are shown on separate lines following the interface 115address with which they are associated. 116If 117.Fl b 118is also present, show the number of bytes in and out. 119If 120.Fl d 121is also present, show the number of dropped packets. 122If 123.Fl h 124is also present, print all counters in human readable form. 125If 126.Fl W 127is also present, print interface names using a wider field size. 128.It Xo 129.Bk -words 130.Nm 131.Fl w Ar wait 132.Op Fl I Ar interface 133.Op Fl d 134.Op Fl M Ar core 135.Op Fl N Ar system 136.Op Fl q Ar howmany 137.Ek 138.Xc 139At intervals of 140.Ar wait 141seconds, 142display the information regarding packet 143traffic on all configured network interfaces 144or a single 145.Ar interface . 146If 147.Fl q 148is also present, exit after 149.Ar howmany 150outputs. 151If 152.Fl d 153is also present, show the number of dropped packets. 154.It Xo 155.Bk -words 156.Nm 157.Fl s Op Fl s 158.Op Fl z 159.Op Fl f Ar protocol_family | Fl p Ar protocol 160.Op Fl M Ar core 161.Op Fl N Ar system 162.Ek 163.Xc 164Display system-wide statistics for each network protocol, 165for a particular 166.Ar protocol_family , 167or for a single 168.Ar protocol . 169If 170.Fl s 171is repeated, counters with a value of zero are suppressed. 172If 173.Fl z 174is also present, reset statistic counters after displaying them. 175.It Xo 176.Bk -words 177.Nm 178.Fl i | I Ar interface Fl s 179.Op Fl f Ar protocol_family | Fl p Ar protocol 180.Op Fl M Ar core 181.Op Fl N Ar system 182.Ek 183.Xc 184Display per-interface statistics for each network protocol, 185for a particular 186.Ar protocol_family , 187or for a single 188.Ar protocol . 189.It Xo 190.Bk -words 191.Nm 192.Fl m 193.Op Fl M Ar core 194.Op Fl N Ar system 195.Ek 196.Xc 197Show statistics recorded by the memory management routines 198.Pq Xr mbuf 9 . 199The network manages a private pool of memory buffers. 200.It Xo 201.Bk -words 202.Nm 203.Fl B 204.Op Fl z 205.Op Fl I Ar interface 206.Ek 207.Xc 208Show statistics about 209.Xr bpf 4 210peers. 211This includes information like 212how many packets have been matched, dropped and received by the 213bpf device, also information about current buffer sizes and device 214states. 215.It Xo 216.Bk -words 217.Nm 218.Fl r 219.Op Fl AanW 220.Op Fl F Ar fibnum 221.Op Fl f Ar address_family 222.Op Fl M Ar core 223.Op Fl N Ar system 224.Ek 225.Xc 226Display the contents of routing tables. 227When 228.Fl f 229is specified, a routing table for a particular 230.Ar address_family 231is displayed. 232When 233.Fl F 234is specified, a routing table with the number 235.Ar fibnum 236is displayed. 237If the specified 238.Ar fibnum 239is -1 or 240.Fl F 241is not specified, 242the default routing table is displayed. 243If 244.Fl A 245is also present, 246show the contents of the internal Patricia tree 247structures; used for debugging. 248If 249.Fl a 250is also present, 251show protocol-cloned routes 252(routes generated by an 253.Dv RTF_PRCLONING 254parent route); 255normally these routes are not shown. 256When 257.Fl W 258is also present, 259show the path MTU 260for each route, 261and print interface 262names with a wider 263field size. 264.It Xo 265.Bk -words 266.Nm 267.Fl rs 268.Op Fl s 269.Op Fl M Ar core 270.Op Fl N Ar system 271.Ek 272.Xc 273Display routing statistics. 274If 275.Fl s 276is repeated, counters with a value of zero are suppressed. 277.It Xo 278.Bk -words 279.Nm 280.Fl g 281.Op Fl W 282.Op Fl f Ar address_family 283.Op Fl M Ar core 284.Op Fl N Ar system 285.Ek 286.Xc 287Display the contents of the multicast virtual interface tables, 288and multicast forwarding caches. 289Entries in these tables will appear only when the kernel is 290actively forwarding multicast sessions. 291This option is applicable only to the 292.Cm inet 293and 294.Cm inet6 295address families. 296.It Xo 297.Bk -words 298.Nm 299.Fl gs 300.Op Fl s 301.Op Fl f Ar address_family 302.Op Fl M Ar core 303.Op Fl N Ar system 304.Ek 305.Xc 306Show multicast routing statistics. 307If 308.Fl s 309is repeated, counters with a value of zero are suppressed. 310.It Xo 311.Bk -words 312.Nm 313.Fl Q 314.Ek 315.Xc 316Show 317.Xr netisr 9 318statistics. 319The flags field shows available ISR handlers: 320.Bl -column ".Li W" ".Dv NETISR_SNP_FLAGS_DRAINEDCPU" 321.It Li C Ta Dv NETISR_SNP_FLAGS_M2CPUID Ta "Able to map mbuf to cpu id" 322.It Li D Ta Dv NETISR_SNP_FLAGS_DRAINEDCPU Ta "Has queue drain handler" 323.It Li F Ta Dv NETISR_SNP_FLAGS_M2FLOW Ta "Able to map mbuf to flow id" 324.El 325.El 326.Pp 327Some options have the general meaning: 328.Bl -tag -width flag 329.It Fl f Ar address_family , Fl p Ar protocol 330Limit display to those records 331of the specified 332.Ar address_family 333or a single 334.Ar protocol . 335The following address families and protocols are recognized: 336.Pp 337.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 338.It Em Family 339.Em Protocols 340.It Cm inet Pq Dv AF_INET 341.Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp 342.It Cm inet6 Pq Dv AF_INET6 343.Cm icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 344.It Cm pfkey Pq Dv PF_KEY 345.Cm pfkey 346.It Cm atalk Pq Dv AF_APPLETALK 347.Cm ddp 348.It Cm netgraph , ng Pq Dv AF_NETGRAPH 349.Cm ctrl , data 350.It Cm ipx Pq Dv AF_IPX 351.Cm ipx , spx 352.\".It Cm ns Pq Dv AF_NS 353.\".Cm idp , ns_err , spp 354.\".It Cm iso Pq Dv AF_ISO 355.\".Cm clnp , cltp , esis , tp 356.It Cm unix Pq Dv AF_UNIX 357.It Cm link Pq Dv AF_LINK 358.El 359.Pp 360The program will complain if 361.Ar protocol 362is unknown or if there is no statistics routine for it. 363.It Fl M 364Extract values associated with the name list from the specified core 365instead of the default 366.Pa /dev/kmem . 367.It Fl N 368Extract the name list from the specified system instead of the default, 369which is the kernel image the system has booted from. 370.It Fl n 371Show network addresses and ports as numbers. 372Normally 373.Nm 374attempts to resolve addresses and ports, 375and display them symbolically. 376.It Fl W 377In certain displays, avoid truncating addresses even if this causes 378some fields to overflow. 379.El 380.Pp 381The default display, for active sockets, shows the local 382and remote addresses, send and receive queue sizes (in bytes), protocol, 383and the internal state of the protocol. 384Address formats are of the form 385.Dq host.port 386or 387.Dq network.port 388if a socket's address specifies a network but no specific host address. 389When known, the host and network addresses are displayed symbolically 390according to the databases 391.Xr hosts 5 392and 393.Xr networks 5 , 394respectively. 395If a symbolic name for an address is unknown, or if 396the 397.Fl n 398option is specified, the address is printed numerically, according 399to the address family. 400For more information regarding 401the Internet IPv4 402.Dq dot format , 403refer to 404.Xr inet 3 . 405Unspecified, 406or 407.Dq wildcard , 408addresses and ports appear as 409.Dq Li * . 410.Pp 411The interface display provides a table of cumulative 412statistics regarding packets transferred, errors, and collisions. 413The network addresses of the interface 414and the maximum transmission unit 415.Pq Dq mtu 416are also displayed. 417.Pp 418The routing table display indicates the available routes and their status. 419Each route consists of a destination host or network, and a gateway to use 420in forwarding packets. 421The flags field shows a collection of information about the route stored 422as binary choices. 423The individual flags are discussed in more detail in the 424.Xr route 8 425and 426.Xr route 4 427manual pages. 428The mapping between letters and flags is: 429.Bl -column ".Li W" ".Dv RTF_WASCLONED" 430.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 431.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 432.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 433.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 434.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 435.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use" 436.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use" 437.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 438.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 439.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 440.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 441.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 442.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 443.It Li S Ta Dv RTF_STATIC Ta "Manually added" 444.It Li U Ta Dv RTF_UP Ta "Route usable" 445.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning" 446.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 447.El 448.Pp 449Direct routes are created for each 450interface attached to the local host; 451the gateway field for such entries shows the address of the outgoing interface. 452The refcnt field gives the 453current number of active uses of the route. 454Connection oriented 455protocols normally hold on to a single route for the duration of 456a connection while connectionless protocols obtain a route while sending 457to the same destination. 458The use field provides a count of the number of packets 459sent using that route. 460The interface entry indicates the network interface utilized for the route. 461.Pp 462When 463.Nm 464is invoked with the 465.Fl w 466option and a 467.Ar wait 468interval argument, it displays a running count of statistics related to 469network interfaces. 470An obsolescent version of this option used a numeric parameter 471with no option, and is currently supported for backward compatibility. 472By default, this display summarizes information for all interfaces. 473Information for a specific interface may be displayed with the 474.Fl I 475option. 476.Pp 477The 478.Xr bpf 4 479flags displayed when 480.Nm 481is invoked with the 482.Fl B 483option represent the underlying parameters of the bpf peer. 484Each flag is 485represented as a single lower case letter. 486The mapping between the letters and flags in order of appearance are: 487.Bl -column ".Li i" 488.It Li p Ta Set if listening promiscuously 489.It Li i Ta Dv BIOCIMMEDIATE No has been set on the device 490.It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being 491filled automatically 492.It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and 493remotely on the interface. 494.It Li a Ta Packet reception generates a signal 495.It Li l Ta Dv BIOCLOCK No status: descriptor has been locked 496.El 497.Pp 498For more information about these flags, please refer to 499.Xr bpf 4 . 500.Pp 501The 502.Fl x 503flag causes 504.Nm 505to output all the information recorded about data 506stored in the socket buffers. 507The fields are: 508.Bl -column ".Li R-MBUF" 509.It Li R-MBUF Ta Number of mbufs in the receive queue. 510.It Li S-MBUF Ta Number of mbufs in the send queue. 511.It Li R-CLUS Ta Number of clusters, of any type, in the receive 512queue. 513.It Li S-CLUS Ta Number of clusters, of any type, in the send queue. 514.It Li R-HIWA Ta Receive buffer high water mark, in bytes. 515.It Li S-HIWA Ta Send buffer high water mark, in bytes. 516.It Li R-LOWA Ta Receive buffer low water mark, in bytes. 517.It Li S-LOWA Ta Send buffer low water mark, in bytes. 518.It Li R-BCNT Ta Receive buffer byte count. 519.It Li S-BCNT Ta Send buffer byte count. 520.It Li R-BMAX Ta Maximum bytes that can be used in the receive buffer. 521.It Li S-BMAX Ta Maximum bytes that can be used in the send buffer. 522.El 523.Sh SEE ALSO 524.Xr fstat 1 , 525.Xr nfsstat 1 , 526.Xr procstat 1 , 527.Xr ps 1 , 528.Xr sockstat 1 , 529.Xr bpf 4 , 530.Xr inet 4 , 531.Xr route 4 , 532.Xr unix 4 , 533.Xr hosts 5 , 534.Xr networks 5 , 535.Xr protocols 5 , 536.Xr services 5 , 537.Xr iostat 8 , 538.Xr route 8 , 539.Xr trpt 8 , 540.Xr vmstat 8 , 541.Xr mbuf 9 542.Sh HISTORY 543The 544.Nm 545command appeared in 546.Bx 4.2 . 547.Pp 548IPv6 support was added by WIDE/KAME project. 549.Sh BUGS 550The notion of errors is ill-defined. 551