1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 4. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 29.\" $FreeBSD$ 30.\" 31.Dd January 11, 2014 32.Dt NETSTAT 1 33.Os 34.Sh NAME 35.Nm netstat 36.Nd show network status 37.Sh DESCRIPTION 38The 39.Nm 40command symbolically displays the contents of various network-related 41data structures. 42There are a number of output formats, 43depending on the options for the information presented. 44.Bl -tag -width indent 45.It Xo 46.Bk -words 47.Nm 48.Op Fl 46AaLnSTWxR 49.Op Fl f Ar protocol_family | Fl p Ar protocol 50.Op Fl M Ar core 51.Op Fl N Ar system 52.Ek 53.Xc 54Display a list of active sockets 55(protocol control blocks) 56for each network protocol, 57for a particular 58.Ar protocol_family , 59or for a single 60.Ar protocol . 61If 62.Fl A 63is also present, 64show the address of a protocol control block (PCB) 65associated with a socket; used for debugging. 66If 67.Fl a 68is also present, 69show the state of all sockets; 70normally sockets used by server processes are not shown. 71If 72.Fl L 73is also present, 74show the size of the various listen queues. 75The first count shows the number of unaccepted connections, 76the second count shows the amount of unaccepted incomplete connections, 77and the third count is the maximum number of queued connections. 78If 79.Fl S 80is also present, 81show network addresses as numbers (as with 82.Fl n ) 83but show ports symbolically. 84If 85.Fl x 86is present, display socket buffer and tcp timer statistics for each internet socket. 87If 88.Fl R 89is present, display the flowid and flowtype for each internet socket. 90When 91.Fl T 92is present, display information from the TCP control block, including 93retransmits, out-of-order packets received, and zero-sized windows advertised. 94.It Xo 95.Bk -words 96.Nm 97.Fl i | I Ar interface 98.Op Fl 46abdhnW 99.Op Fl f Ar address_family 100.Ek 101.Xc 102Show the state of all network interfaces or a single 103.Ar interface 104which have been auto-configured 105(interfaces statically configured into a system, but not 106located at boot time are not shown). 107An asterisk 108.Pq Dq Li * 109after an interface name indicates that the interface is 110.Dq down . 111If 112.Fl a 113is also present, multicast addresses currently in use are shown 114for each Ethernet interface and for each IP interface address. 115Multicast addresses are shown on separate lines following the interface 116address with which they are associated. 117If 118.Fl b 119is also present, show the number of bytes in and out. 120If 121.Fl d 122is also present, show the number of dropped packets. 123If 124.Fl h 125is also present, print all counters in human readable form. 126If 127.Fl W 128is also present, print interface names using a wider field size. 129.It Xo 130.Bk -words 131.Nm 132.Fl w Ar wait 133.Op Fl I Ar interface 134.Op Fl d 135.Op Fl M Ar core 136.Op Fl N Ar system 137.Op Fl q Ar howmany 138.Ek 139.Xc 140At intervals of 141.Ar wait 142seconds, 143display the information regarding packet 144traffic on all configured network interfaces 145or a single 146.Ar interface . 147If 148.Fl q 149is also present, exit after 150.Ar howmany 151outputs. 152If 153.Fl d 154is also present, show the number of dropped packets. 155.It Xo 156.Bk -words 157.Nm 158.Fl s Op Fl s 159.Op Fl 46z 160.Op Fl f Ar protocol_family | Fl p Ar protocol 161.Op Fl M Ar core 162.Op Fl N Ar system 163.Ek 164.Xc 165Display system-wide statistics for each network protocol, 166for a particular 167.Ar protocol_family , 168or for a single 169.Ar protocol . 170If 171.Fl s 172is repeated, counters with a value of zero are suppressed. 173If 174.Fl z 175is also present, reset statistic counters after displaying them. 176.It Xo 177.Bk -words 178.Nm 179.Fl i | I Ar interface Fl s 180.Op Fl 46 181.Op Fl f Ar protocol_family | Fl p Ar protocol 182.Op Fl M Ar core 183.Op Fl N Ar system 184.Ek 185.Xc 186Display per-interface statistics for each network protocol, 187for a particular 188.Ar protocol_family , 189or for a single 190.Ar protocol . 191.It Xo 192.Bk -words 193.Nm 194.Fl m 195.Op Fl M Ar core 196.Op Fl N Ar system 197.Ek 198.Xc 199Show statistics recorded by the memory management routines 200.Pq Xr mbuf 9 . 201The network manages a private pool of memory buffers. 202.It Xo 203.Bk -words 204.Nm 205.Fl B 206.Op Fl z 207.Op Fl I Ar interface 208.Ek 209.Xc 210Show statistics about 211.Xr bpf 4 212peers. 213This includes information like 214how many packets have been matched, dropped and received by the 215bpf device, also information about current buffer sizes and device 216states. 217.It Xo 218.Bk -words 219.Nm 220.Fl r 221.Op Fl 46AanW 222.Op Fl F Ar fibnum 223.Op Fl f Ar address_family 224.Op Fl M Ar core 225.Op Fl N Ar system 226.Ek 227.Xc 228Display the contents of routing tables. 229When 230.Fl f 231is specified, a routing table for a particular 232.Ar address_family 233is displayed. 234When 235.Fl F 236is specified, a routing table with the number 237.Ar fibnum 238is displayed. 239If the specified 240.Ar fibnum 241is -1 or 242.Fl F 243is not specified, 244the default routing table is displayed. 245If 246.Fl A 247is also present, 248show the contents of the internal Patricia tree 249structures; used for debugging. 250When 251.Fl W 252is also present, 253show the path MTU 254for each route, 255and print interface 256names with a wider 257field size. 258.It Xo 259.Bk -words 260.Nm 261.Fl rs 262.Op Fl s 263.Op Fl M Ar core 264.Op Fl N Ar system 265.Ek 266.Xc 267Display routing statistics. 268If 269.Fl s 270is repeated, counters with a value of zero are suppressed. 271.It Xo 272.Bk -words 273.Nm 274.Fl g 275.Op Fl 46W 276.Op Fl f Ar address_family 277.Op Fl M Ar core 278.Op Fl N Ar system 279.Ek 280.Xc 281Display the contents of the multicast virtual interface tables, 282and multicast forwarding caches. 283Entries in these tables will appear only when the kernel is 284actively forwarding multicast sessions. 285This option is applicable only to the 286.Cm inet 287and 288.Cm inet6 289address families. 290.It Xo 291.Bk -words 292.Nm 293.Fl gs 294.Op Fl 46s 295.Op Fl f Ar address_family 296.Op Fl M Ar core 297.Op Fl N Ar system 298.Ek 299.Xc 300Show multicast routing statistics. 301If 302.Fl s 303is repeated, counters with a value of zero are suppressed. 304.It Xo 305.Bk -words 306.Nm 307.Fl Q 308.Ek 309.Xc 310Show 311.Xr netisr 9 312statistics. 313The flags field shows available ISR handlers: 314.Bl -column ".Li W" ".Dv NETISR_SNP_FLAGS_DRAINEDCPU" 315.It Li C Ta Dv NETISR_SNP_FLAGS_M2CPUID Ta "Able to map mbuf to cpu id" 316.It Li D Ta Dv NETISR_SNP_FLAGS_DRAINEDCPU Ta "Has queue drain handler" 317.It Li F Ta Dv NETISR_SNP_FLAGS_M2FLOW Ta "Able to map mbuf to flow id" 318.El 319.El 320.Pp 321Some options have the general meaning: 322.Bl -tag -width flag 323.It Fl 4 324Is shorthand for 325.Fl f 326.Ar inet 327.It Fl 6 328Is shorthand for 329.Fl f 330.Ar inet6 331.It Fl f Ar address_family , Fl p Ar protocol 332Limit display to those records 333of the specified 334.Ar address_family 335or a single 336.Ar protocol . 337The following address families and protocols are recognized: 338.Pp 339.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 340.It Em Family 341.Em Protocols 342.It Cm inet Pq Dv AF_INET 343.Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp 344.It Cm inet6 Pq Dv AF_INET6 345.Cm icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 346.It Cm pfkey Pq Dv PF_KEY 347.Cm pfkey 348.It Cm netgraph , ng Pq Dv AF_NETGRAPH 349.Cm ctrl , data 350.It Cm unix Pq Dv AF_UNIX 351.It Cm link Pq Dv AF_LINK 352.El 353.Pp 354The program will complain if 355.Ar protocol 356is unknown or if there is no statistics routine for it. 357.It Fl M 358Extract values associated with the name list from the specified core 359instead of the default 360.Pa /dev/kmem . 361.It Fl N 362Extract the name list from the specified system instead of the default, 363which is the kernel image the system has booted from. 364.It Fl n 365Show network addresses and ports as numbers. 366Normally 367.Nm 368attempts to resolve addresses and ports, 369and display them symbolically. 370.It Fl W 371In certain displays, avoid truncating addresses even if this causes 372some fields to overflow. 373.It Fl R 374Display the flowid and flowtype for each socket. 375flowid is a 32 bit hardware specific identifier for each flow. 376flowtype defines which protocol fields are hashed to produce the id. 377A complete listing is available in 378.Pa sys/mbuf.h 379under M_HASHTYPE_* 380.El 381.Pp 382The default display, for active sockets, shows the local 383and remote addresses, send and receive queue sizes (in bytes), protocol, 384and the internal state of the protocol. 385Address formats are of the form 386.Dq host.port 387or 388.Dq network.port 389if a socket's address specifies a network but no specific host address. 390When known, the host and network addresses are displayed symbolically 391according to the databases 392.Xr hosts 5 393and 394.Xr networks 5 , 395respectively. 396If a symbolic name for an address is unknown, or if 397the 398.Fl n 399option is specified, the address is printed numerically, according 400to the address family. 401For more information regarding 402the Internet IPv4 403.Dq dot format , 404refer to 405.Xr inet 3 . 406Unspecified, 407or 408.Dq wildcard , 409addresses and ports appear as 410.Dq Li * . 411.Pp 412The interface display provides a table of cumulative 413statistics regarding packets transferred, errors, and collisions. 414The network addresses of the interface 415and the maximum transmission unit 416.Pq Dq mtu 417are also displayed. 418.Pp 419The routing table display indicates the available routes and their status. 420Each route consists of a destination host or network, and a gateway to use 421in forwarding packets. 422The flags field shows a collection of information about the route stored 423as binary choices. 424The individual flags are discussed in more detail in the 425.Xr route 8 426and 427.Xr route 4 428manual pages. 429The mapping between letters and flags is: 430.Bl -column ".Li W" ".Dv RTF_WASCLONED" 431.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 432.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 433.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 434.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 435.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 436.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 437.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 438.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 439.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 440.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 441.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 442.It Li S Ta Dv RTF_STATIC Ta "Manually added" 443.It Li U Ta Dv RTF_UP Ta "Route usable" 444.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 445.El 446.Pp 447Direct routes are created for each 448interface attached to the local host; 449the gateway field for such entries shows the address of the outgoing interface. 450The refcnt field gives the 451current number of active uses of the route. 452Connection oriented 453protocols normally hold on to a single route for the duration of 454a connection while connectionless protocols obtain a route while sending 455to the same destination. 456The use field provides a count of the number of packets 457sent using that route. 458The interface entry indicates the network interface utilized for the route. 459.Pp 460When 461.Nm 462is invoked with the 463.Fl w 464option and a 465.Ar wait 466interval argument, it displays a running count of statistics related to 467network interfaces. 468An obsolescent version of this option used a numeric parameter 469with no option, and is currently supported for backward compatibility. 470By default, this display summarizes information for all interfaces. 471Information for a specific interface may be displayed with the 472.Fl I 473option. 474.Pp 475The 476.Xr bpf 4 477flags displayed when 478.Nm 479is invoked with the 480.Fl B 481option represent the underlying parameters of the bpf peer. 482Each flag is 483represented as a single lower case letter. 484The mapping between the letters and flags in order of appearance are: 485.Bl -column ".Li i" 486.It Li p Ta Set if listening promiscuously 487.It Li i Ta Dv BIOCIMMEDIATE No has been set on the device 488.It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being 489filled automatically 490.It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and 491remotely on the interface. 492.It Li a Ta Packet reception generates a signal 493.It Li l Ta Dv BIOCLOCK No status: descriptor has been locked 494.El 495.Pp 496For more information about these flags, please refer to 497.Xr bpf 4 . 498.Pp 499The 500.Fl x 501flag causes 502.Nm 503to output all the information recorded about data 504stored in the socket buffers. 505The fields are: 506.Bl -column ".Li R-MBUF" 507.It Li R-MBUF Ta Number of mbufs in the receive queue. 508.It Li S-MBUF Ta Number of mbufs in the send queue. 509.It Li R-CLUS Ta Number of clusters, of any type, in the receive 510queue. 511.It Li S-CLUS Ta Number of clusters, of any type, in the send queue. 512.It Li R-HIWA Ta Receive buffer high water mark, in bytes. 513.It Li S-HIWA Ta Send buffer high water mark, in bytes. 514.It Li R-LOWA Ta Receive buffer low water mark, in bytes. 515.It Li S-LOWA Ta Send buffer low water mark, in bytes. 516.It Li R-BCNT Ta Receive buffer byte count. 517.It Li S-BCNT Ta Send buffer byte count. 518.It Li R-BMAX Ta Maximum bytes that can be used in the receive buffer. 519.It Li S-BMAX Ta Maximum bytes that can be used in the send buffer. 520.El 521.Sh SEE ALSO 522.Xr fstat 1 , 523.Xr nfsstat 1 , 524.Xr procstat 1 , 525.Xr ps 1 , 526.Xr sockstat 1 , 527.Xr bpf 4 , 528.Xr inet 4 , 529.Xr route 4 , 530.Xr unix 4 , 531.Xr hosts 5 , 532.Xr networks 5 , 533.Xr protocols 5 , 534.Xr services 5 , 535.Xr iostat 8 , 536.Xr route 8 , 537.Xr trpt 8 , 538.Xr vmstat 8 , 539.Xr mbuf 9 540.Sh HISTORY 541The 542.Nm 543command appeared in 544.Bx 4.2 . 545.Pp 546IPv6 support was added by WIDE/KAME project. 547.Sh BUGS 548The notion of errors is ill-defined. 549