1.\" Copyright (c) 1983, 1990, 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 33.\" $FreeBSD: src/usr.bin/netstat/netstat.1,v 1.22.2.13 2003/05/03 22:10:02 keramida Exp $ 34.\" $DragonFly: src/usr.bin/netstat/netstat.1,v 1.9 2008/07/11 23:09:18 thomas Exp $ 35.\" 36.Dd July 12, 2008 37.Dt NETSTAT 1 38.Os 39.Sh NAME 40.Nm netstat 41.Nd show network status 42.Sh DESCRIPTION 43The 44.Nm 45command symbolically displays the contents of various network-related 46data structures. 47There are a number of output formats, 48depending on the options for the information presented. 49.Bl -tag -width indent 50.It Xo 51.Bk -words 52.Nm 53.Op Fl AaLlnPSW 54.Op Fl c Ar cpu 55.Op Fl f Ar protocol_family | Fl p Ar protocol 56.Op Fl M Ar core 57.Op Fl N Ar system 58.Ek 59.Xc 60Display a list of active sockets 61(protocol control blocks) 62for each network protocol, 63for a particular 64.Ar protocol_family , 65or for a single 66.Ar protocol . 67If 68.Fl A 69is also present, 70show the address of a protocol control block (PCB) 71associated with a socket; used for debugging. 72If 73.Fl a 74is also present, 75show the state of all sockets; 76normally sockets used by server processes are not shown. 77If 78.Fl L 79is also present, 80show the size of the various listen queues. 81The first count shows the number of unaccepted connections, 82the second count shows the amount of unaccepted incomplete connections, 83and the third count is the maximum number of queued connections. 84If 85.Fl S 86is also present, 87show network addresses as numbers (as with 88.Fl n ) 89but show ports symbolically. 90.It Xo 91.Bk -words 92.Nm 93.Fl i | I Ar interface 94.Op Fl aBbdnt 95.Op Fl f Ar address_family 96.Op Fl M Ar core 97.Op Fl N Ar system 98.Ek 99.Xc 100Show the state of all network interfaces or a single 101.Ar interface 102which have been auto-configured 103(interfaces statically configured into a system, but not 104located at boot time are not shown). 105An asterisk 106.Pq Dq Li * 107after an interface name indicates that the interface is 108.Dq down . 109If 110.Fl a 111is also present, multicast addresses currently in use are shown 112for each Ethernet interface and for each IP interface address. 113Multicast addresses are shown on separate lines following the interface 114address with which they are associated. 115If 116.Fl b 117is also present, show the number of bytes in and out. 118If 119.Fl d 120is also present, show the number of dropped packets. 121If 122.Fl t 123is also present, show the contents of watchdog timers. 124If 125.Fl B 126is also present, the maximum buffer sizes are displayed instead 127of current buffer usage. 128.It Xo 129.Bk -words 130.Nm 131.Fl w Ar wait 132.Op Fl I Ar interface 133.Op Fl d 134.Op Fl M Ar core 135.Op Fl N Ar system 136.Ek 137.Xc 138At intervals of 139.Ar wait 140seconds, 141display the information regarding packet 142traffic on all configured network interfaces 143or a single 144.Ar interface . 145If 146.Fl d 147is also present, show the number of dropped packets. 148.It Xo 149.Bk -words 150.Nm 151.Fl s Op Fl s 152.Op Fl z 153.Op Fl f Ar protocol_family | Fl p Ar protocol 154.Op Fl M Ar core 155.Op Fl N Ar system 156.Ek 157.Xc 158Display system-wide statistics for each network protocol, 159for a particular 160.Ar protocol_family , 161or for a single 162.Ar protocol . 163If 164.Fl s 165is repeated, counters with a value of zero are suppressed. 166If 167.Fl z 168is also present, reset statistic counters after displaying them. 169.It Xo 170.Bk -words 171.Nm 172.Fl i | I Ar interface Fl s 173.Op Fl f Ar protocol_family | Fl p Ar protocol 174.Op Fl M Ar core 175.Op Fl N Ar system 176.Ek 177.Xc 178Display per-interface statistics for each network protocol, 179for a particular 180.Ar protocol_family , 181or for a single 182.Ar protocol . 183.It Xo 184.Bk -words 185.Nm 186.Fl m 187.Op Fl M Ar core 188.Op Fl N Ar system 189.Ek 190.Xc 191Show statistics recorded by the memory management routines 192.Pq Xr mbuf 9 . 193The network manages a private pool of memory buffers. 194.It Xo 195.Bk -words 196.Nm 197.Fl r 198.Op Fl AalnW 199.Op Fl f Ar address_family 200.Op Fl M Ar core 201.Op Fl N Ar system 202.Ek 203.Xc 204Display the contents of all routing tables, 205or a routing table for a particular 206.Ar address_family . 207If 208.Fl A 209is also present, 210show the contents of the internal Patricia tree 211structures; used for debugging. 212If 213.Fl a 214is also present, 215show protocol-cloned routes 216(routes generated by an 217.Dv RTF_PRCLONING 218parent route); 219normally these routes are not shown. 220When 221.Fl W 222or 223.Fl l 224is also present, 225show the path MTU 226and MPLS label operations 227for each route. 228.It Xo 229.Bk -words 230.Nm 231.Fl rs 232.Op Fl s 233.Op Fl M Ar core 234.Op Fl N Ar system 235.Ek 236.Xc 237Display routing statistics. 238If 239.Fl s 240is repeated, counters with a value of zero are suppressed. 241.It Xo 242.Bk -words 243.Nm 244.Fl g 245.Op Fl lW 246.Op Fl f Ar address_family 247.Op Fl M Ar core 248.Op Fl N Ar system 249.Ek 250.Xc 251Show information related to multicast (group address) routing. 252By default, show the IP Multicast virtual-interface and routing tables. 253.It Xo 254.Bk -words 255.Nm 256.Fl gs 257.Op Fl s 258.Op Fl f Ar address_family 259.Op Fl M Ar core 260.Op Fl N Ar system 261.Ek 262.Xc 263Show multicast routing statistics. 264If 265.Fl s 266is repeated, counters with a value of zero are suppressed. 267.El 268.Pp 269Some options have the general meaning: 270.Bl -tag -width flag 271.It Fl c Ar cpu 272On SMP systems the route table is replicated. This option allows 273the route table for a specific cpu to be accessed and exists 274primarily for debugging purposes. 275.It Fl f Ar address_family , Fl f Ar protocol_family , Fl p Ar protocol 276Limit display to those records 277of the specified 278.Ar address_family , 279.Ar protocol_family 280or a single 281.Ar protocol . 282The following address families, protocol families and protocols are recognized: 283.Pp 284.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact 285.It Em Family 286.Em Protocols 287.It Cm inet Pq Dv AF_INET PF_INET 288.Cm carp , divert , icmp , igmp , ip , ipsec , pim , tcp , udp 289.It Cm inet6 Pq Dv AF_INET6 PF_INET6 290.Cm carp , icmp6 , ip6 , ipsec6 , rip6 , tcp , udp 291.It Cm pfkey Pq Dv AF_KEY PF_KEY 292.Cm pfkey 293.It Cm atalk Pq Dv AF_APPLETALK PF_APPLETALK 294.Cm ddp 295.It Cm netgraph , ng Pq Dv AF_NETGRAPH PF_NETGRAPH 296.Cm ctrl , data 297.It Cm ipx Pq Dv AF_IPX PF_IPX 298.Cm ipx , spx 299.\".It Cm ns Pq Dv AF_NS PF_NS 300.\".Cm idp , ns_err , spp 301.\".It Cm iso Pq Dv AF_ISO PF_ISO 302.\".Cm clnp , cltp , esis , tp 303.It Cm unix Pq Dv AF_UNIX PF_UNIX 304.It Cm link Pq Dv AF_LINK PF_LINK 305.It Cm mpls Pq Dv AF_MPLS PF_MPLS 306.El 307.Pp 308The program will complain if 309.Ar protocol 310is unknown or if there is no statistics routine for it. 311.It Fl l 312The 313.Fl l 314option is equivalent to 315.Fl W . 316.It Fl M 317Extract values associated with the name list from the specified core 318instead of the default 319.Pa /dev/kmem . 320.It Fl N 321Extract the name list from the specified system instead of the default, 322which is the kernel image the system has booted from. 323.It Fl n 324Show network addresses and ports as numbers. 325Normally 326.Nm 327attempts to resolve addresses and ports, 328and display them symbolically. 329.It Fl P 330Display additional protocol-specific information. For TCP the current 331transmit window, unacked sequence space, and RTT is displayed. 332.It Fl W 333Wide display. 334In certain displays, add columns and avoid truncating 335addresses even if this causes some fields to overflow. 336.El 337.Pp 338The default display, for active sockets, shows the local 339and remote addresses, send and receive queue sizes (in bytes), protocol, 340and the internal state of the protocol. 341Address formats are of the form 342.Dq host.port 343or 344.Dq network.port 345if a socket's address specifies a network but no specific host address. 346When known, the host and network addresses are displayed symbolically 347according to the databases 348.Xr hosts 5 349and 350.Xr networks 5 , 351respectively. 352If a symbolic name for an address is unknown, or if 353the 354.Fl n 355option is specified, the address is printed numerically, according 356to the address family. 357For more information regarding 358the Internet IPv4 359.Dq dot format , 360refer to 361.Xr inet 3 . 362Unspecified, 363or 364.Dq wildcard , 365addresses and ports appear as 366.Dq Li * . 367.Pp 368The interface display provides a table of cumulative 369statistics regarding packets transferred, errors, and collisions. 370The network addresses of the interface 371and the maximum transmission unit 372.Pq Dq mtu 373are also displayed. 374.Pp 375The routing table display indicates the available routes and their status. 376Each route consists of a destination host or network, and a gateway to use 377in forwarding packets. 378The flags field shows a collection of information about the route stored 379as binary choices. 380The individual flags are discussed in more detail in the 381.Xr route 8 382and 383.Xr route 4 384manual pages. 385The mapping between letters and flags is: 386.Bl -column ".Li W" ".Dv RTF_WASCLONED" 387.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1" 388.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2" 389.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3" 390.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)" 391.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address" 392.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use" 393.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use" 394.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)" 395.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary" 396.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)" 397.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation" 398.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)" 399.It Li m Ta Dv RTF_MPLSOPS Ta "MPLS label operations" 400.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable" 401.It Li S Ta Dv RTF_STATIC Ta "Manually added" 402.It Li U Ta Dv RTF_UP Ta "Route usable" 403.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning" 404.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address" 405.El 406.Pp 407Direct routes are created for each 408interface attached to the local host; 409the gateway field for such entries shows the address of the outgoing interface. 410The refcnt field gives the 411current number of active uses of the route. 412Connection oriented 413protocols normally hold on to a single route for the duration of 414a connection while connectionless protocols obtain a route while sending 415to the same destination. 416The use field provides a count of the number of packets 417sent using that route. 418The interface entry indicates the network interface utilized for the route. 419.Pp 420When 421.Nm 422is invoked with the 423.Fl w 424option and a 425.Ar wait 426interval argument, it displays a running count of statistics related to 427network interfaces. 428An obsolescent version of this option used a numeric parameter 429with no option, and is currently supported for backward compatibility. 430By default, this display summarizes information for all interfaces. 431Information for a specific interface may be displayed with the 432.Fl I 433option. 434.Sh SEE ALSO 435.Xr fstat 1 , 436.Xr nfsstat 1 , 437.Xr ps 1 , 438.Xr sockstat 1 , 439.Xr carp 4 , 440.Xr inet 4 , 441.Xr inet6 4 , 442.Xr route 4 , 443.Xr unix 4 , 444.Xr hosts 5 , 445.Xr networks 5 , 446.Xr protocols 5 , 447.Xr services 5 , 448.Xr iostat 8 , 449.Xr route 8 , 450.Xr trpt 8 , 451.Xr vmstat 8 , 452.Xr mbuf 9 453.Sh HISTORY 454The 455.Nm 456command appeared in 457.Bx 4.2 . 458.Pp 459IPv6 support was added by WIDE/KAME project. 460.Sh BUGS 461The notion of errors is ill-defined. 462