1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 33.\" $FreeBSD: src/usr.bin/netstat/netstat.1,v 1.22.2.13 2003/05/03 22:10:02 keramida Exp $ 34.\" 35.Dd July 12, 2008 36.Dt NETSTAT 1 37.Os 38.Sh NAME 39.Nm netstat 40.Nd show network status 41.Sh DESCRIPTION 42The 43.Nm 44command symbolically displays the contents of various network-related 45data structures. 46There are a number of output formats, 47depending on the options for the information presented. 48.Bl -tag -width indent 49.It Xo 50.Bk -words 51.Nm 52.Op Fl AaLlnPSW 53.Op Fl c Ar cpu 54.Op Fl f Ar protocol_family | Fl p Ar protocol 55.Op Fl M Ar core 56.Op Fl N Ar system 57.Ek 58.Xc 59Display a list of active sockets 60(protocol control blocks) 61for each network protocol, 62for a particular 63.Ar protocol_family , 64or for a single 65.Ar protocol . 66If 67.Fl A 68is also present, 69show the address of a protocol control block (PCB) 70associated with a socket; used for debugging. 71If 72.Fl a 73is also present, 74show the state of all sockets; 75normally sockets used by server processes are not shown. 76If 77.Fl L 78is also present, 79show the size of the various listen queues. 80The first count shows the number of unaccepted connections, 81the second count shows the amount of unaccepted incomplete connections, 82and the third count is the maximum number of queued connections. 83If 84.Fl S 85is also present, 86show network addresses as numbers (as with 87.Fl n ) 88but show ports symbolically. 89.It Xo 90.Bk -words 91.Nm 92.Fl i | I Ar interface 93.Op Fl aBbdnt 94.Op Fl f Ar address_family 95.Op Fl M Ar core 96.Op Fl N Ar system 97.Ek 98.Xc 99Show the state of all network interfaces or a single 100.Ar interface 101which have been auto-configured 102(interfaces statically configured into a system, but not 103located at boot time are not shown). 104An asterisk 105.Pq Dq Li * 106after an interface name indicates that the interface is 107.Dq down . 108If 109.Fl a 110is also present, multicast addresses currently in use are shown 111for each Ethernet interface and for each IP interface address. 112Multicast addresses are shown on separate lines following the interface 113address with which they are associated. 114If 115.Fl b 116is also present, show the number of bytes in and out. 117If 118.Fl d 119is also present, show the number of dropped packets. 120If 121.Fl t 122is also present, show the contents of watchdog timers. 123If 124.Fl B 125is also present, the maximum buffer sizes are displayed instead 126of current buffer usage. 127.It Xo 128.Bk -words 129.Nm 130.Fl w Ar wait 131.Op Fl I Ar interface 132.Op Fl d 133.Op Fl M Ar core 134.Op Fl N Ar system 135.Ek 136.Xc 137At intervals of 138.Ar wait 139seconds, 140display the information regarding packet 141traffic on all configured network interfaces 142or a single 143.Ar interface . 144If 145.Fl d 146is also present, show the number of dropped packets. 147.It Xo 148.Bk -words 149.Nm 150.Fl s Op Fl s 151.Op Fl z 152.Op Fl f Ar protocol_family | Fl p Ar protocol 153.Op Fl M Ar core 154.Op Fl N Ar system 155.Ek 156.Xc 157Display system-wide statistics for each network protocol, 158for a particular 159.Ar protocol_family , 160or for a single 161.Ar protocol . 162If 163.Fl s 164is repeated, counters with a value of zero are suppressed. 165If 166.Fl z 167is also present, reset statistic counters after displaying them. 168.It Xo 169.Bk -words 170.Nm 171.Fl i | I Ar interface Fl s 172.Op Fl f Ar protocol_family | Fl p Ar protocol 173.Op Fl M Ar core 174.Op Fl N Ar system 175.Ek 176.Xc 177Display per-interface statistics for each network protocol, 178for a particular 179.Ar protocol_family , 180or for a single 181.Ar protocol . 182.It Xo 183.Bk -words 184.Nm 185.Fl m 186.Op Fl M Ar core 187.Op Fl N Ar system 188.Ek 189.Xc 190Show statistics recorded by the memory management routines 191.Pq Xr mbuf 9 . 192The network manages a private pool of memory buffers. 193.It Xo 194.Bk -words 195.Nm 196.Fl r 197.Op Fl AalnW 198.Op Fl f Ar address_family 199.Op Fl M Ar core 200.Op Fl N Ar system 201.Ek 202.Xc 203Display the contents of all routing tables, 204or a routing table for a particular 205.Ar address_family . 206If 207.Fl A 208is also present, 209show the contents of the internal Patricia tree 210structures; used for debugging. 211If 212.Fl a 213is also present, 214show protocol-cloned routes 215(routes generated by an 216.Dv RTF_PRCLONING 217parent route); 218normally these routes are not shown. 219When 220.Fl W 221or 222.Fl l 223is also present, 224show the path MTU 225and MPLS label operations 226for each route. 227.It Xo 228.Bk -words 229.Nm 230.Fl rs 231.Op Fl s 232.Op Fl M Ar core 233.Op Fl N Ar system 234.Ek 235.Xc 236Display routing statistics. 237If 238.Fl s 239is repeated, counters with a value of zero are suppressed. 240.It Xo 241.Bk -words 242.Nm 243.Fl g 244.Op Fl lW 245.Op Fl f Ar address_family 246.Op Fl M Ar core 247.Op Fl N Ar system 248.Ek 249.Xc 250Show information related to multicast (group address) routing. 251By default, show the IP Multicast virtual-interface and routing tables. 252.It Xo 253.Bk -words 254.Nm 255.Fl gs 256.Op Fl s 257.Op Fl f Ar address_family 258.Op Fl M Ar core 259.Op Fl N Ar system 260.Ek 261.Xc 262Show multicast routing statistics. 263If 264.Fl s 265is repeated, counters with a value of zero are suppressed. 266.El 267.Pp 268Some options have the general meaning: 269.Bl -tag -width flag 270.It Fl c Ar cpu 271On SMP systems the route table is replicated. This option allows 272the route table for a specific cpu to be accessed and exists 273primarily for debugging purposes. 274.It Fl f Ar address_family , Fl f Ar protocol_family , Fl p Ar protocol 275Limit display to those records 276of the specified 277.Ar address_family , 278.Ar protocol_family 279or a single 280.Ar protocol . 281The following address families, protocol families and protocols are recognized: 282.Pp 283.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 284.It Em Family 285.Em Protocols 286.It Cm inet Pq Dv AF_INET PF_INET 287.Cm carp , divert , icmp , igmp , ip , ipsec , pim , tcp , udp 288.It Cm inet6 Pq Dv AF_INET6 PF_INET6 289.Cm carp , icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 290.It Cm pfkey Pq Dv AF_KEY PF_KEY 291.Cm pfkey 292.It Cm netgraph , ng Pq Dv AF_NETGRAPH PF_NETGRAPH 293.Cm ctrl , data 294.It Cm ipx Pq Dv AF_IPX PF_IPX 295.Cm ipx , spx 296.\".It Cm ns Pq Dv AF_NS PF_NS 297.\".Cm idp , ns_err , spp 298.\".It Cm iso Pq Dv AF_ISO PF_ISO 299.\".Cm clnp , cltp , esis , tp 300.It Cm unix Pq Dv AF_UNIX PF_UNIX 301.It Cm link Pq Dv AF_LINK PF_LINK 302.It Cm mpls Pq Dv AF_MPLS PF_MPLS 303.El 304.Pp 305The program will complain if 306.Ar protocol 307is unknown or if there is no statistics routine for it. 308.It Fl l 309The 310.Fl l 311option is equivalent to 312.Fl W . 313.It Fl M 314Extract values associated with the name list from the specified core 315instead of the default 316.Pa /dev/kmem . 317.It Fl N 318Extract the name list from the specified system instead of the default, 319which is the kernel image the system has booted from. 320.It Fl n 321Show network addresses and ports as numbers. 322Normally 323.Nm 324attempts to resolve addresses and ports, 325and display them symbolically. 326.It Fl P 327Display additional protocol-specific information. For TCP the current 328transmit window, unacked sequence space, and RTT is displayed. 329.It Fl W 330Wide display. 331In certain displays, add columns and avoid truncating 332addresses even if this causes some fields to overflow. 333.El 334.Pp 335The default display, for active sockets, shows the local 336and remote addresses, send and receive queue sizes (in bytes), protocol, 337and the internal state of the protocol. 338Address formats are of the form 339.Dq host.port 340or 341.Dq network.port 342if a socket's address specifies a network but no specific host address. 343When known, the host and network addresses are displayed symbolically 344according to the databases 345.Xr hosts 5 346and 347.Xr networks 5 , 348respectively. 349If a symbolic name for an address is unknown, or if 350the 351.Fl n 352option is specified, the address is printed numerically, according 353to the address family. 354For more information regarding 355the Internet IPv4 356.Dq dot format , 357refer to 358.Xr inet 3 . 359Unspecified, 360or 361.Dq wildcard , 362addresses and ports appear as 363.Dq Li * . 364.Pp 365The interface display provides a table of cumulative 366statistics regarding packets transferred, errors, and collisions. 367The network addresses of the interface 368and the maximum transmission unit 369.Pq Dq mtu 370are also displayed. 371.Pp 372The routing table display indicates the available routes and their status. 373Each route consists of a destination host or network, and a gateway to use 374in forwarding packets. 375The flags field shows a collection of information about the route stored 376as binary choices. 377The individual flags are discussed in more detail in the 378.Xr route 8 379and 380.Xr route 4 381manual pages. 382The mapping between letters and flags is: 383.Bl -column ".Li W" ".Dv RTF_WASCLONED" 384.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 385.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 386.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 387.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 388.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 389.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use" 390.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use" 391.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 392.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 393.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 394.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 395.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 396.It Li m Ta Dv RTF_MPLSOPS Ta "MPLS label operations" 397.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 398.It Li S Ta Dv RTF_STATIC Ta "Manually added" 399.It Li U Ta Dv RTF_UP Ta "Route usable" 400.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning" 401.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 402.El 403.Pp 404Direct routes are created for each 405interface attached to the local host; 406the gateway field for such entries shows the address of the outgoing interface. 407The refcnt field gives the 408current number of active uses of the route. 409Connection oriented 410protocols normally hold on to a single route for the duration of 411a connection while connectionless protocols obtain a route while sending 412to the same destination. 413The use field provides a count of the number of packets 414sent using that route. 415The interface entry indicates the network interface utilized for the route. 416.Pp 417When 418.Nm 419is invoked with the 420.Fl w 421option and a 422.Ar wait 423interval argument, it displays a running count of statistics related to 424network interfaces. 425An obsolescent version of this option used a numeric parameter 426with no option, and is currently supported for backward compatibility. 427By default, this display summarizes information for all interfaces. 428Information for a specific interface may be displayed with the 429.Fl I 430option. 431.Sh SEE ALSO 432.Xr fstat 1 , 433.Xr nfsstat 1 , 434.Xr ps 1 , 435.Xr sockstat 1 , 436.Xr carp 4 , 437.Xr inet 4 , 438.Xr inet6 4 , 439.Xr route 4 , 440.Xr unix 4 , 441.Xr hosts 5 , 442.Xr networks 5 , 443.Xr protocols 5 , 444.Xr services 5 , 445.Xr iostat 8 , 446.Xr route 8 , 447.Xr trpt 8 , 448.Xr vmstat 8 , 449.Xr mbuf 9 450.Sh HISTORY 451The 452.Nm 453command appeared in 454.Bx 4.2 . 455.Pp 456IPv6 support was added by WIDE/KAME project. 457.Sh BUGS 458The notion of errors is ill-defined. 459