usr.bin/netstat/netstat.1

.\"	$OpenBSD: netstat.1,v 1.40 2004/07/13 23:33:29 jmc Exp $
.\"	$NetBSD: netstat.1,v 1.11 1995/10/03 21:42:43 thorpej Exp $
.\"
.\" Copyright (c) 1983, 1990, 1992, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"	from: @(#)netstat.1	8.8 (Berkeley) 4/18/94
.\"
.Dd April 18, 1994
.Dt NETSTAT 1
.Os
.Sh NAME
.Nm netstat
.Nd show network status
.Sh SYNOPSIS
.Nm netstat
.Op Fl Aan
.Op Fl f Ar address_family
.Op Fl M Ar core
.Op Fl N Ar system
.Nm netstat
.Op Fl bdgilmnqrSstu
.Op Fl f Ar address_family
.Op Fl M Ar core
.Op Fl N Ar system
.Nm netstat
.Op Fl bdn
.Op Fl I Ar interface
.Op Fl M Ar core
.Op Fl N Ar system
.Op Fl w Ar wait
.Nm netstat
.Op Fl s
.Op Fl M Ar core
.Op Fl N Ar system
.Op Fl p Ar protocol
.Nm netstat
.Op Fl a
.Op Fl f Ar address_family
.Op Fl i | I Ar interface
.Sh DESCRIPTION
The
.Nm
command symbolically displays the contents of various network-related
data structures.
There are a number of output formats,
depending on the options for the information presented.
.Pp
The first form of the command displays a list of active sockets for
each protocol.
The second form presents the contents of one of the other network
data structures according to the option selected.
Using the third form, with a
.Ar wait
interval specified,
.Nm
will continuously display the information regarding packet
traffic on the configured network interfaces.
The fourth form displays statistics about the named protocol.
The fifth form displays per interface statistics for
the specified address family.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl A
With the default display,
show the address of any protocol control blocks associated with sockets; used
for debugging.
.It Fl a
With the default display,
show the state of all sockets; normally sockets used by
server processes are not shown.
With the interface display (options
.Fl I
or
.Fl i ) ,
show multicast addresses.
.It Fl b
With the interface display (options
.Fl I
or
.Fl i ) ,
show bytes in and out, instead of packet statistics.
.It Fl d
With either the interface display (options
.Fl I
or
.Fl i )
or an interval (option
.Fl w ) ,
show the number of dropped packets.
.It Fl f Ar address_family
Limit statistics or address control block reports to those
of the specified
.Ar address_family .
.Pp
The following address families are recognized:
.Pp
.Bl -column "Address Family" "AF_APPLETA" "Description" -offset indent -compact
.It Sy "Address Family" Ta Sy "Constant" Ta Sy "Description"
.It "inet" Ta Dv "AF_INET" Ta "IP Version 4"
.It "inet6" Ta Dv "AF_INET6" Ta "IP Version 6"
.It "ipx" Ta Dv "AF_IPX" Ta "Novell IPX"
.It "atalk" Ta Dv "AF_APPLETALK" Ta "AppleTalk"
.It "ns" Ta Dv "AF_NS" Ta "Xerox NS Protocols"
.It "encap" Ta Dv "PF_KEY" Ta "IPsec"
.It "local" Ta Dv "AF_LOCAL" Ta "Local to Host (i.e., pipes)"
.It "unix" Ta Dv "AF_UNIX" Ta "Local to Host (i.e., pipes)"
.El
.Pp
.It Fl g
Show information related to multicast (group address) routing.
By default, show the IP multicast virtual-interface and routing tables.
If the
.Fl s
option is also present, show multicast routing statistics.
.It Fl I Ar interface
Show information about the specified
.Ar interface ;
used with a
.Ar wait
interval as described below.
.Pp
If the
.Fl a
option is also present, multicast addresses currently in use are shown
for the given interface and for each IP interface address.
Multicast addresses are shown on separate lines following the interface
address with which they are associated.
.Pp
If the
.Fl f Ar address_family
option (with the
.Fl s
option) is present, show per-interface
statistics on the given interface for the specified
.Ar address_family .
.It Fl i
Show the state of interfaces which have been auto-configured
(interfaces statically configured into a system but not
located at boot-time are not shown).
.Pp
If the
.Fl a
option is also present, multicast addresses currently in use are shown
for each Ethernet interface and for each IP interface address.
Multicast addresses are shown on separate lines following the interface
address with which they are associated.
.Pp
If the
.Fl f Ar address_family
option (with the
.Fl s
option) is present, show per-interface statistics on all interfaces
for the specified
.Ar address_family .
.It Fl l
With the
.Fl g
option, display wider fields for the IPv6 multicast routing table
.Qq Origin
and
.Qq Group
columns.
.It Fl M Ar core
Extract values associated with the name list from the specified core
instead of the running kernel.
.It Fl m
Show statistics recorded by the memory management routines
(the network manages a private pool of memory buffers).
.It Fl N Ar system
Extract the name list from the specified system instead of the running kernel.
.It Fl n
Show network addresses as numbers (normally
.Nm
interprets addresses and attempts to display them
symbolically).
This option may be used with any of the display formats.
.It Fl p Ar protocol
Restrict the output to
.Ar protocol ,
which is either a well-known name for a protocol or an alias for it.
Some protocol names and aliases are listed in the file
.Pa /etc/protocols .
The program will complain if
.Ar protocol
is unknown.
If the
.Fl s
option is specified, the per-protocol statistics are displayed.
Otherwise the states of the matching sockets are shown.
.It Fl q
Only show interfaces that have seen packets (or bytes if
.Fl b
is specified).
.It Fl r
Show the routing tables.
If the
.Fl s
option is also specified, show routing statistics instead.
.It Fl S
Make the
.Fl r
command display the source selector part of the routes.
.It Fl s
Show per-protocol statistics.
If this option is repeated, counters with a value of zero are suppressed.
.It Fl t
With the
.Fl i
option, display the current value of the watchdog timer function.
.It Fl u
Limit statistics or address control block reports to the
.Dv AF_UNIX
address family.
.It Fl v
Be verbose.
Avoids truncation of long addresses.
.It Fl w Ar wait
Show network interface statistics at intervals of
.Ar wait
seconds.
.El
.Pp
The default display, for active sockets, shows the local
and remote addresses, send and receive queue sizes (in bytes), protocol,
and the internal state of the protocol.
.Pp
Address formats are of the form
.Dq host.port
or
.Dq network.port
if a socket's address specifies a network but no specific host address.
When known, the host and network addresses are displayed symbolically
according to the databases
.Pa /etc/hosts
and
.Pa /etc/networks ,
respectively.
If a symbolic name for an address is unknown, or if the
.Fl n
option is specified, the address is printed numerically, according
to the address family.
.Pp
For more information regarding the Internet
.Dq dot format ,
refer to
.Xr inet 3 .
Unspecified or
.Dq wildcard
addresses and ports appear as a single
.Sq * .
If a local port number is registered as being in use for RPC by
.Xr portmap 8 ,
its RPC service name or RPC service number will be printed in
.Dq []
immediately after the port number.
.Pp
The interface display provides a table of cumulative
statistics regarding packets transferred, errors, and collisions.
The network addresses of the interface
and the maximum transmission unit (MTU) are also displayed.
.Pp
The routing table display indicates the available routes and their status.
Each route consists of a destination host or network and
a gateway to use in forwarding packets.
If the destination is a
network in numeric format, the netmask (in /24 style format) is appended.
The flags field shows a collection of information about
the route stored as binary choices.
The individual flags are discussed in more detail in the
.Xr route 8
and
.Xr route 4
manual pages.
.Pp
The mapping between letters and flags is:
.Bl -column XXXX RTF_BLACKHOLE
1	RTF_PROTO1	Protocol specific routing flag #1.
2	RTF_PROTO2	Protocol specific routing flag #2.
3	RTF_PROTO3	Protocol specific routing flag #3.
B	RTF_BLACKHOLE	Just discard pkts (during updates).
C	RTF_CLONING	Generate new routes on use.
c	RTF_CLONED	Cloned routes (generated from RTF_CLONING).
D	RTF_DYNAMIC	Created dynamically (by redirect).
G	RTF_GATEWAY	Destination requires forwarding by intermediary.
H	RTF_HOST	Host entry (net otherwise).
L	RTF_LLINFO	Valid protocol to link address translation.
M	RTF_MODIFIED	Modified dynamically (by redirect).
R	RTF_REJECT	Host or net unreachable.
S	RTF_STATIC	Manually added.
U	RTF_UP	Route usable.
X	RTF_XRESOLVE	External daemon translates proto to link address.
.El
.Pp
Direct routes are created for each interface attached to the local host;
the gateway field for such entries shows the address of the outgoing interface.
The refcnt field gives the current number of active uses of the route.
Connection oriented protocols normally hold on to a single route for the
duration of a connection while connectionless protocols obtain a route while
sending to the same destination.
The use field provides a count of the number of packets sent using that route.
The MTU entry shows the MTU associated with that route.
This MTU value is used as the basis for the TCP maximum segment size (MSS).
The
.Sq L
flag appended to the MTU value indicates that the value is
locked, and that path MTU discovery is turned off for that route.
A
.Sq -
indicates that the MTU for this route has not been set, and a default
TCP maximum segment size will be used.
The interface entry indicates the network interface utilized for the route.
.Pp
When
.Nm
is invoked with the
.Fl w
option and a
.Ar wait
interval argument, it displays a running count of statistics related to
network interfaces.
An obsolescent version of this option used a numeric parameter
with no option, and is currently supported for backward compatibility.
This display consists of a column for the primary interface (the first
interface found during autoconfiguration) and a column summarizing
information for all interfaces.
The primary interface may be replaced with another interface with the
.Fl I
option.
The first line of each screen of information contains a summary since the
system was last rebooted.
Subsequent lines of output show values accumulated over the preceding interval.
.Sh SEE ALSO
.Xr nfsstat 1 ,
.Xr ps 1 ,
.Xr inet 3 ,
.Xr netintro 4 ,
.Xr route 4 ,
.Xr hosts 5 ,
.Xr networks 5 ,
.Xr protocols 5 ,
.Xr services 5 ,
.Xr iostat 8 ,
.Xr portmap 8 ,
.Xr route 8 ,
.Xr tcpdrop 8 ,
.Xr trpt 8 ,
.Xr vmstat 8
.Sh HISTORY
The
.Nm
command appeared in
.Bx 4.2 .
IPv6 support was added by WIDE/KAME project.
.Sh BUGS
The notion of errors is ill-defined.