1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 29.\" $FreeBSD: src/usr.bin/netstat/netstat.1,v 1.22.2.13 2003/05/03 22:10:02 keramida Exp $ 30.\" 31.Dd July 12, 2008 32.Dt NETSTAT 1 33.Os 34.Sh NAME 35.Nm netstat 36.Nd show network status 37.Sh DESCRIPTION 38The 39.Nm 40command symbolically displays the contents of various network-related 41data structures. 42There are a number of output formats, 43depending on the options for the information presented. 44.Bl -tag -width indent 45.It Xo 46.Bk -words 47.Nm 48.Op Fl AaLlnPSW 49.Op Fl c Ar cpu 50.Op Fl f Ar protocol_family | Fl p Ar protocol 51.Op Fl M Ar core 52.Op Fl N Ar system 53.Ek 54.Xc 55Display a list of active sockets 56(protocol control blocks) 57for each network protocol, 58for a particular 59.Ar protocol_family , 60or for a single 61.Ar protocol . 62If 63.Fl A 64is also present, 65show the address of a protocol control block (PCB) 66associated with a socket; used for debugging. 67If 68.Fl a 69is also present, 70show the state of all sockets; 71normally sockets used by server processes are not shown. 72If 73.Fl L 74is also present, 75show the size of the various listen queues. 76The first count shows the number of unaccepted connections, 77the second count shows the amount of unaccepted incomplete connections, 78and the third count is the maximum number of queued connections. 79If 80.Fl S 81is also present, 82show network addresses as numbers (as with 83.Fl n ) 84but show ports symbolically. 85.It Xo 86.Bk -words 87.Nm 88.Fl i | I Ar interface 89.Op Fl aBbdnt 90.Op Fl f Ar address_family 91.Op Fl M Ar core 92.Op Fl N Ar system 93.Ek 94.Xc 95Show the state of all network interfaces or a single 96.Ar interface 97which have been auto-configured 98(interfaces statically configured into a system, but not 99located at boot time are not shown). 100An asterisk 101.Pq Dq Li * 102after an interface name indicates that the interface is 103.Dq down . 104If 105.Fl a 106is also present, multicast addresses currently in use are shown 107for each Ethernet interface and for each IP interface address. 108Multicast addresses are shown on separate lines following the interface 109address with which they are associated. 110If 111.Fl b 112is also present, show the number of bytes in and out. 113If 114.Fl d 115is also present, show the number of dropped packets. 116If 117.Fl t 118is also present, show the contents of watchdog timers. 119If 120.Fl B 121is also present, the maximum buffer sizes are displayed instead 122of current buffer usage. 123.It Xo 124.Bk -words 125.Nm 126.Fl w Ar wait 127.Op Fl I Ar interface 128.Op Fl d 129.Op Fl M Ar core 130.Op Fl N Ar system 131.Ek 132.Xc 133At intervals of 134.Ar wait 135seconds, 136display the information regarding packet 137traffic on all configured network interfaces 138or a single 139.Ar interface . 140If 141.Fl d 142is also present, show the number of dropped packets. 143.It Xo 144.Bk -words 145.Nm 146.Fl s Op Fl s 147.Op Fl z 148.Op Fl f Ar protocol_family | Fl p Ar protocol 149.Op Fl M Ar core 150.Op Fl N Ar system 151.Ek 152.Xc 153Display system-wide statistics for each network protocol, 154for a particular 155.Ar protocol_family , 156or for a single 157.Ar protocol . 158If 159.Fl s 160is repeated, counters with a value of zero are suppressed. 161If 162.Fl z 163is also present, reset statistic counters after displaying them. 164.It Xo 165.Bk -words 166.Nm 167.Fl i | I Ar interface Fl s 168.Op Fl f Ar protocol_family | Fl p Ar protocol 169.Op Fl M Ar core 170.Op Fl N Ar system 171.Ek 172.Xc 173Display per-interface statistics for each network protocol, 174for a particular 175.Ar protocol_family , 176or for a single 177.Ar protocol . 178.It Xo 179.Bk -words 180.Nm 181.Fl m 182.Op Fl M Ar core 183.Op Fl N Ar system 184.Ek 185.Xc 186Show statistics recorded by the memory management routines 187.Pq Xr mbuf 9 . 188The network manages a private pool of memory buffers. 189.It Xo 190.Bk -words 191.Nm 192.Fl r 193.Op Fl AalnW 194.Op Fl f Ar address_family 195.Op Fl M Ar core 196.Op Fl N Ar system 197.Ek 198.Xc 199Display the contents of all routing tables, 200or a routing table for a particular 201.Ar address_family . 202If 203.Fl A 204is also present, 205show the contents of the internal Patricia tree 206structures; used for debugging. 207If 208.Fl a 209is also present, 210show protocol-cloned routes 211(routes generated by an 212.Dv RTF_PRCLONING 213parent route); 214normally these routes are not shown. 215When 216.Fl W 217or 218.Fl l 219is also present, 220show the path MTU, 221MSL, 222initial window size 223and MPLS label operations 224for each route. 225.It Xo 226.Bk -words 227.Nm 228.Fl rs 229.Op Fl s 230.Op Fl M Ar core 231.Op Fl N Ar system 232.Ek 233.Xc 234Display routing statistics. 235If 236.Fl s 237is repeated, counters with a value of zero are suppressed. 238.It Xo 239.Bk -words 240.Nm 241.Fl g 242.Op Fl lW 243.Op Fl f Ar address_family 244.Op Fl M Ar core 245.Op Fl N Ar system 246.Ek 247.Xc 248Show information related to multicast (group address) routing. 249By default, show the IP Multicast virtual-interface and routing tables. 250.It Xo 251.Bk -words 252.Nm 253.Fl gs 254.Op Fl s 255.Op Fl f Ar address_family 256.Op Fl M Ar core 257.Op Fl N Ar system 258.Ek 259.Xc 260Show multicast routing statistics. 261If 262.Fl s 263is repeated, counters with a value of zero are suppressed. 264.El 265.Pp 266Some options have the general meaning: 267.Bl -tag -width flag 268.It Fl c Ar cpu 269On SMP systems the route table is replicated. This option allows 270the route table for a specific cpu to be accessed and exists 271primarily for debugging purposes. 272.It Fl f Ar address_family , Fl f Ar protocol_family , Fl p Ar protocol 273Limit display to those records 274of the specified 275.Ar address_family , 276.Ar protocol_family 277or a single 278.Ar protocol . 279The following address families, protocol families and protocols are recognized: 280.Pp 281.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 282.It Em Family 283.Em Protocols 284.It Cm inet Pq Dv AF_INET PF_INET 285.Cm carp , divert , icmp , igmp , ip , ipsec , pim , tcp , udp 286.It Cm inet6 Pq Dv AF_INET6 PF_INET6 287.Cm carp , icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 288.It Cm pfkey Pq Dv AF_KEY PF_KEY 289.Cm pfkey 290.It Cm netgraph , ng Pq Dv AF_NETGRAPH PF_NETGRAPH 291.Cm ctrl , data 292.It Cm ipx Pq Dv AF_IPX PF_IPX 293.Cm ipx , spx 294.\".It Cm ns Pq Dv AF_NS PF_NS 295.\".Cm idp , ns_err , spp 296.\".It Cm iso Pq Dv AF_ISO PF_ISO 297.\".Cm clnp , cltp , esis , tp 298.It Cm unix Pq Dv AF_UNIX PF_UNIX 299.It Cm link Pq Dv AF_LINK PF_LINK 300.It Cm mpls Pq Dv AF_MPLS PF_MPLS 301.El 302.Pp 303The program will complain if 304.Ar protocol 305is unknown or if there is no statistics routine for it. 306.It Fl l 307The 308.Fl l 309option is equivalent to 310.Fl W . 311.It Fl M 312Extract values associated with the name list from the specified core 313instead of the default 314.Pa /dev/kmem . 315.It Fl N 316Extract the name list from the specified system instead of the default, 317which is the kernel image the system has booted from. 318.It Fl n 319Show network addresses and ports as numbers. 320Normally 321.Nm 322attempts to resolve addresses and ports, 323and display them symbolically. 324.It Fl P 325Display additional protocol-specific information. For TCP the current 326transmit window, unacked sequence space, and RTT is displayed. 327.It Fl W 328Wide display. 329In certain displays, add columns and avoid truncating 330addresses even if this causes some fields to overflow. 331.El 332.Pp 333The default display, for active sockets, shows the local 334and remote addresses, send and receive queue sizes (in bytes), protocol, 335and the internal state of the protocol. 336Address formats are of the form 337.Dq host.port 338or 339.Dq network.port 340if a socket's address specifies a network but no specific host address. 341When known, the host and network addresses are displayed symbolically 342according to the databases 343.Xr hosts 5 344and 345.Xr networks 5 , 346respectively. 347If a symbolic name for an address is unknown, or if 348the 349.Fl n 350option is specified, the address is printed numerically, according 351to the address family. 352For more information regarding 353the Internet IPv4 354.Dq dot format , 355refer to 356.Xr inet 3 . 357Unspecified, 358or 359.Dq wildcard , 360addresses and ports appear as 361.Dq Li * . 362.Pp 363The interface display provides a table of cumulative 364statistics regarding packets transferred, errors, and collisions. 365The network addresses of the interface 366and the maximum transmission unit 367.Pq Dq mtu 368are also displayed. 369.Pp 370The routing table display indicates the available routes and their status. 371Each route consists of a destination host or network, and a gateway to use 372in forwarding packets. 373The flags field shows a collection of information about the route stored 374as binary choices. 375The individual flags are discussed in more detail in the 376.Xr route 8 377and 378.Xr route 4 379manual pages. 380The mapping between letters and flags is: 381.Bl -column ".Li W" ".Dv RTF_WASCLONED" 382.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 383.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 384.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 385.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 386.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 387.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use" 388.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use" 389.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 390.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 391.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 392.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 393.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 394.It Li m Ta Dv RTF_MPLSOPS Ta "MPLS label operations" 395.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 396.It Li S Ta Dv RTF_STATIC Ta "Manually added" 397.It Li U Ta Dv RTF_UP Ta "Route usable" 398.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning" 399.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 400.El 401.Pp 402Direct routes are created for each 403interface attached to the local host; 404the gateway field for such entries shows the address of the outgoing interface. 405The refcnt field gives the 406current number of active uses of the route. 407Connection oriented 408protocols normally hold on to a single route for the duration of 409a connection while connectionless protocols obtain a route while sending 410to the same destination. 411The use field provides a count of the number of packets 412sent using that route. 413The interface entry indicates the network interface utilized for the route. 414.Pp 415When 416.Nm 417is invoked with the 418.Fl w 419option and a 420.Ar wait 421interval argument, it displays a running count of statistics related to 422network interfaces. 423An obsolescent version of this option used a numeric parameter 424with no option, and is currently supported for backward compatibility. 425By default, this display summarizes information for all interfaces. 426Information for a specific interface may be displayed with the 427.Fl I 428option. 429.Sh SEE ALSO 430.Xr fstat 1 , 431.Xr nfsstat 1 , 432.Xr ps 1 , 433.Xr sockstat 1 , 434.Xr carp 4 , 435.Xr inet 4 , 436.Xr inet6 4 , 437.Xr route 4 , 438.Xr unix 4 , 439.Xr hosts 5 , 440.Xr networks 5 , 441.Xr protocols 5 , 442.Xr services 5 , 443.Xr iostat 8 , 444.Xr route 8 , 445.Xr trpt 8 , 446.Xr vmstat 8 , 447.Xr mbuf 9 448.Sh HISTORY 449The 450.Nm 451command appeared in 452.Bx 4.2 . 453.Pp 454IPv6 support was added by WIDE/KAME project. 455.Sh BUGS 456The notion of errors is ill-defined. 457