1.\" $NetBSD: netstat.1,v 1.48 2007/08/30 18:52:36 jnemeth Exp $ 2.\" 3.\" Copyright (c) 1983, 1990, 1992, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 31.\" 32.Dd August 30, 2007 33.Dt NETSTAT 1 34.Os 35.Sh NAME 36.Nm netstat 37.Nd show network status 38.Sh SYNOPSIS 39.Nm 40.Op Fl Aan 41.Op Fl f Ar address_family 42.Op Fl M Ar core 43.Op Fl N Ar system 44.Nm 45.Op Fl bdgiLmnqrsSv 46.Op Fl f Ar address_family 47.Op Fl M Ar core 48.Op Fl N Ar system 49.Nm 50.Op Fl dn 51.Op Fl I Ar interface 52.Op Fl M Ar core 53.Op Fl N Ar system 54.Op Fl w Ar wait 55.Nm 56.Op Fl p Ar protocol 57.Op Fl M Ar core 58.Op Fl N Ar system 59.Nm 60.Op Fl p Ar protocol 61.Op Fl M Ar core 62.Op Fl N Ar system 63.Fl P Ar pcbaddr 64.Nm 65.Op Fl p Ar protocol 66.Op Fl i 67.Op Fl I Ar Interface 68.Nm 69.Op Fl s 70.Op Fl f Ar address_family 71.Op Fl i 72.Op Fl I Ar Interface 73.Nm 74.Op Fl s 75.Op Fl I Ar Interface 76.Fl B 77.Sh DESCRIPTION 78The 79.Nm 80command symbolically displays the contents of various network-related 81data structures. 82There are a number of output formats, 83depending on the options for the information presented. 84The first form of the command displays a list of active sockets for 85each protocol. 86The second form presents the contents of one of the other network 87data structures according to the option selected. 88Using the third form, with a 89.Ar wait 90interval specified, 91.Nm 92will continuously display the information regarding packet 93traffic on the configured network interfaces. 94The fourth form displays statistics about the named protocol. 95The fifth and sixth forms display per interface statistics for 96the specified protocol or address family. 97.Pp 98The options have the following meaning: 99.Bl -tag -width flag 100.It Fl A 101With the default display, 102show the address of any protocol control blocks associated with sockets; used 103for debugging. 104.It Fl a 105With the default display, 106show the state of all sockets; normally sockets used by 107server processes are not shown. 108.It Fl B 109With the default display, 110show the current 111.Xr bpf 4 112peers. 113To show only the peers listening to a specific interface, 114use the 115.Fl I 116option. 117If the 118.Fl s 119option is present, show the current 120.Xr bpf 4 121statistics. 122.It Fl b 123With the interface display (option 124.Fl i ) , 125show bytes in and out, instead of packets in and out. 126.It Fl d 127With either interface display (option 128.Fl i 129or an interval, as described below), 130show the number of dropped packets. 131.It Fl f Ar address_family 132Limit statistics or address control block reports to those 133of the specified 134.Ar address_family . 135The following address families 136are recognized: 137.Ar inet , 138for 139.Dv AF_INET ; 140.Ar inet6 , 141for 142.Dv AF_INET6 ; 143.Ar arp , 144for 145.Dv AF_ARP ; 146.Ar ns , 147for 148.Dv AF_NS ; 149.Ar iso , 150for 151.Dv AF_ISO ; 152.Ar atalk , 153for 154.Dv AF_APPLETALK ; 155and 156.Ar local 157or 158.Ar unix , 159for 160.Dv AF_LOCAL . 161.It Fl g 162Show information related to multicast (group address) routing. 163By default, show the IP Multicast virtual-interface and routing tables. 164If the 165.Fl s 166option is also present, show multicast routing statistics. 167.It Fl I Ar interface 168Show information about the specified interface; 169used with a 170.Ar wait 171interval as described below. 172If the 173.Fl f Ar address_family 174option (with the 175.Fl s 176option) or the 177.Fl p Ar protocol 178option is present, show per-interface statistics on the 179.Ar interface 180for the specified 181.Ar address_family 182or 183.Ar protocol , 184respectively. 185.It Fl i 186Show the state of interfaces which have been auto-configured 187(interfaces statically configured into a system, but not 188located at boot time are not shown). 189If the 190.Fl a 191options is also present, multicast addresses currently in use are shown 192for each Ethernet interface and for each IP interface address. 193Multicast addresses are shown on separate lines following the interface 194address with which they are associated. 195If the 196.Fl f Ar address_family 197option (with the 198.Fl s 199option) or the 200.Fl p Ar protocol 201option is present, show per-interface statistics on all interfaces 202for the specified 203.Ar address_family 204or 205.Ar protocol , 206respectively. 207.It Fl L 208Don't show link-level routes (e.g., IPv4 ARP or IPv6 neighbour cache). 209.It Fl M 210Extract values associated with the name list from the specified core 211instead of the default 212.Pa /dev/kmem . 213.It Fl m 214Show statistics recorded by the memory management routines 215(the network manages a private pool of memory buffers). 216.It Fl N 217Extract the name list from the specified system instead of the default 218.Pa /netbsd . 219.It Fl n 220Show network addresses and ports as numbers (normally 221.Nm 222interprets addresses and ports and attempts to display them 223symbolically). 224This option may be used with any of the display formats. 225.It Fl S 226Show network addresses as numbers (as with 227.Fl n , 228but show ports symbolically). 229.It Fl P Ar pcbaddr 230Dump the contents of the protocol control block (PCB) located at kernel 231virtual address 232.Ar pcbaddr . 233This address may be obtained using the 234.Fl A 235flag. 236The default protocol is TCP, but may be overridden using the 237.Fl p 238flag. 239.It Fl p Ar protocol 240Show statistics about 241.Ar protocol , 242which is either a well-known name for a protocol or an alias for it. 243Some protocol names and aliases are listed in the file 244.Pa /etc/protocols . 245A null response typically means that there are no interesting numbers to 246report. 247The program will complain if 248.Ar protocol 249is unknown or if there is no statistics routine for it. 250.It Fl q 251Show software interrupt queue setting/statistics for all protocols. 252.It Fl s 253Show per-protocol statistics. 254If this option is repeated, counters with a value of zero are suppressed. 255.It Fl r 256Show the routing tables. 257When 258.Fl s 259is also present, show routing statistics instead. 260.It Fl v 261Show extra (verbose) detail for the routing tables 262.Pq Fl r , 263or avoid truncation of long addresses. 264.It Fl w Ar wait 265Show network interface statistics at intervals of 266.Ar wait 267seconds. 268.El 269.Pp 270The default display, for active sockets, shows the local 271and remote addresses, send and receive queue sizes (in bytes), protocol, 272and the internal state of the protocol. 273Address formats are of the form ``host.port'' or ``network.port'' 274if a socket's address specifies a network but no specific host address. 275When known the host and network addresses are displayed symbolically 276according to the data bases 277.Pa /etc/hosts 278and 279.Pa /etc/networks , 280respectively. 281If a symbolic name for an address is unknown, or if 282the 283.Fl n 284option is specified, the address is printed numerically, according 285to the address family. 286For more information regarding 287the Internet ``dot format,'' 288refer to 289.Xr inet 3 ) . 290Unspecified, 291or ``wildcard'', addresses and ports appear as ``*''. 292You can use the 293.Xr fstat 1 294to find out which process or processes hold references to a socket. 295.Pp 296The interface display provides a table of cumulative 297statistics regarding packets transferred, errors, and collisions. 298The network addresses of the interface 299and the maximum transmission unit (``mtu'') are also displayed. 300.Pp 301The routing table display indicates the available routes and 302their status. 303Each route consists of a destination host or network 304and a gateway to use in forwarding packets. 305The flags field shows 306a collection of information about the route stored as 307binary choices. 308The individual flags are discussed in more 309detail in the 310.Xr route 8 311and 312.Xr route 4 313manual pages. 314The mapping between letters and flags is: 315.Bl -column XXXX RTF_BLACKHOLE 3161 RTF_PROTO1 Protocol specific routing flag #1 3172 RTF_PROTO2 Protocol specific routing flag #2 318B RTF_BLACKHOLE Just discard pkts (during updates) 319C RTF_CLONING Generate new routes on use 320c RTF_CLONED Cloned routes (generated from RTF_CLONING) 321D RTF_DYNAMIC Created dynamically (by redirect) 322G RTF_GATEWAY Destination requires forwarding by intermediary 323H RTF_HOST Host entry (net otherwise) 324L RTF_LLINFO Valid protocol to link address translation. 325M RTF_MODIFIED Modified dynamically (by redirect) 326R RTF_REJECT Host or net unreachable 327S RTF_STATIC Manually added 328U RTF_UP Route usable 329X RTF_XRESOLVE External daemon translates proto to link address 330.El 331.Pp 332Direct routes are created for each 333interface attached to the local host; 334the gateway field for such entries shows the address of the outgoing interface. 335The refcnt field gives the 336current number of active uses of the route. 337Connection oriented 338protocols normally hold on to a single route for the duration of 339a connection while connectionless protocols obtain a route while sending 340to the same destination. 341The use field provides a count of the number of packets 342sent using that route. 343The mtu entry shows the mtu associated with 344that route. 345This mtu value is used as the basis for the TCP maximum 346segment size. 347The 'L' flag appended to the mtu value indicates that 348the value is locked, and that path mtu discovery is turned off for 349that route. 350A 351.Sq - 352indicates that the mtu for this route has not been set, and a default 353TCP maximum segment size will be used. 354The interface entry indicates 355the network interface used for the route. 356.Pp 357When 358.Nm 359is invoked with the 360.Fl w 361option and a 362.Ar wait 363interval argument, it displays a running count of statistics related to 364network interfaces. 365An obsolescent version of this option used a numeric parameter 366with no option, and is currently supported for backward compatibility. 367This display consists of a column for the primary interface (the first 368interface found during autoconfiguration) and a column summarizing 369information for all interfaces. 370The primary interface may be replaced with another interface with the 371.Fl I 372option. 373The first line of each screen of information contains a summary since the 374system was last rebooted. 375Subsequent lines of output show values 376accumulated over the preceding interval. 377.Pp 378The first character of the flags column in the 379.Fl B 380option shows the status of the 381.Xr bpf 4 382descriptor which has three different values: 383Idle ('I'), Waiting ('W') and Timed Out ('T'). 384The second character indicates wheter the promisc flag is set. 385The third character indicates the status of the immediate mode. 386The fourth character indicates whether the peer will have the ability 387to see the packets sent. 388And the fifth character shows the header complete flag status. 389.Sh SEE ALSO 390.Xr fstat 1 , 391.Xr nfsstat 1 , 392.Xr ps 1 , 393.Xr sockstat 1 , 394.Xr vmstat 1 , 395.Xr inet 3 , 396.Xr bpf 4 , 397.Xr hosts 5 , 398.Xr networks 5 , 399.Xr protocols 5 , 400.Xr services 5 , 401.Xr iostat 8 , 402.Xr trpt 8 , 403.Sh HISTORY 404The 405.Nm 406command appeared in 407.Bx 4.2 . 408IPv6 support was added by WIDE/KAME project. 409.\" .Sh FILES 410.\" .Bl -tag -width /dev/kmem -compact 411.\" .It Pa /netbsd 412.\" default kernel namelist 413.\" .It Pa /dev/kmem 414.\" default memory file 415.\" .El 416.Sh BUGS 417The notion of errors is ill-defined. 418