Annotation of src/usr.bin/netstat/netstat.1, Revision 1.38
1.38 ! jmc 1: .\" $OpenBSD: netstat.1,v 1.37 2004/06/06 22:00:20 jmc Exp $
1.1 deraadt 2: .\" $NetBSD: netstat.1,v 1.11 1995/10/03 21:42:43 thorpej Exp $
3: .\"
4: .\" Copyright (c) 1983, 1990, 1992, 1993
5: .\" The Regents of the University of California. All rights reserved.
6: .\"
7: .\" Redistribution and use in source and binary forms, with or without
8: .\" modification, are permitted provided that the following conditions
9: .\" are met:
10: .\" 1. Redistributions of source code must retain the above copyright
11: .\" notice, this list of conditions and the following disclaimer.
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in the
14: .\" documentation and/or other materials provided with the distribution.
1.29 millert 15: .\" 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 16: .\" may be used to endorse or promote products derived from this software
17: .\" without specific prior written permission.
18: .\"
19: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29: .\" SUCH DAMAGE.
30: .\"
31: .\" from: @(#)netstat.1 8.8 (Berkeley) 4/18/94
32: .\"
33: .Dd April 18, 1994
34: .Dt NETSTAT 1
1.16 aaron 35: .Os
1.1 deraadt 36: .Sh NAME
37: .Nm netstat
38: .Nd show network status
39: .Sh SYNOPSIS
40: .Nm netstat
41: .Op Fl Aan
42: .Op Fl f Ar address_family
43: .Op Fl M Ar core
44: .Op Fl N Ar system
45: .Nm netstat
1.36 cedric 46: .Op Fl bdgilmnqrSstu
1.1 deraadt 47: .Op Fl f Ar address_family
48: .Op Fl M Ar core
49: .Op Fl N Ar system
50: .Nm netstat
1.24 camield 51: .Op Fl bdn
1.1 deraadt 52: .Op Fl I Ar interface
53: .Op Fl M Ar core
54: .Op Fl N Ar system
55: .Op Fl w Ar wait
56: .Nm netstat
1.35 markus 57: .Op Fl s
1.1 deraadt 58: .Op Fl M Ar core
59: .Op Fl N Ar system
1.31 jmc 60: .Op Fl p Ar protocol
1.19 itojun 61: .Nm netstat
1.34 jmc 62: .Op Fl a
1.19 itojun 63: .Op Fl f Ar address_family
1.34 jmc 64: .Op Fl i | I Ar interface
1.1 deraadt 65: .Sh DESCRIPTION
66: The
1.21 aaron 67: .Nm
1.1 deraadt 68: command symbolically displays the contents of various network-related
69: data structures.
70: There are a number of output formats,
71: depending on the options for the information presented.
1.21 aaron 72: .Pp
1.1 deraadt 73: The first form of the command displays a list of active sockets for
74: each protocol.
75: The second form presents the contents of one of the other network
76: data structures according to the option selected.
77: Using the third form, with a
78: .Ar wait
79: interval specified,
1.21 aaron 80: .Nm
1.1 deraadt 81: will continuously display the information regarding packet
82: traffic on the configured network interfaces.
83: The fourth form displays statistics about the named protocol.
1.30 jmc 84: The fifth form displays per interface statistics for
85: the specified address family.
1.1 deraadt 86: .Pp
1.12 aaron 87: The options are as follows:
1.22 aaron 88: .Bl -tag -width Ds
1.1 deraadt 89: .It Fl A
90: With the default display,
91: show the address of any protocol control blocks associated with sockets; used
92: for debugging.
93: .It Fl a
94: With the default display,
95: show the state of all sockets; normally sockets used by
96: server processes are not shown.
1.34 jmc 97: With the interface display (options
98: .Fl I
99: or
100: .Fl i ) ,
101: show multicast addresses.
1.24 camield 102: .It Fl b
1.34 jmc 103: With the interface display (options
104: .Fl I
105: or
1.24 camield 106: .Fl i ) ,
107: show bytes in and out, instead of packet statistics.
1.1 deraadt 108: .It Fl d
1.34 jmc 109: With either the interface display (options
110: .Fl I
111: or
112: .Fl i )
113: or an interval (option
114: .Fl w ) ,
1.1 deraadt 115: show the number of dropped packets.
1.16 aaron 116: .It Fl f Ar address_family
1.1 deraadt 117: Limit statistics or address control block reports to those
118: of the specified
1.12 aaron 119: .Ar address_family .
1.21 aaron 120: .Pp
121: The following address families are recognized:
122: .Pp
123: .Bl -column "Address Family" "AF_APPLETA" "Description" -offset indent -compact
124: .It Sy "Address Family" Ta Sy "Constant" Ta Sy "Description"
1.32 jmc 125: .It "inet" Ta Dv "AF_INET" Ta "IP Version 4"
126: .It "inet6" Ta Dv "AF_INET6" Ta "IP Version 6"
127: .It "ipx" Ta Dv "AF_IPX" Ta "Novell IPX"
128: .It "atalk" Ta Dv "AF_APPLETALK" Ta "AppleTalk"
129: .It "ns" Ta Dv "AF_NS" Ta "Xerox NS Protocols"
130: .It "iso" Ta Dv "AF_ISO" Ta "ISO Protocol Family"
131: .It "encap" Ta Dv "PF_KEY" Ta "IPsec"
132: .It "local" Ta Dv "AF_LOCAL" Ta "Local to Host (i.e., pipes)"
133: .It "unix" Ta Dv "AF_UNIX" Ta "Local to Host (i.e., pipes)"
1.21 aaron 134: .El
135: .Pp
1.1 deraadt 136: .It Fl g
137: Show information related to multicast (group address) routing.
1.34 jmc 138: By default, show the IP multicast virtual-interface and routing tables.
1.1 deraadt 139: If the
140: .Fl s
141: option is also present, show multicast routing statistics.
1.16 aaron 142: .It Fl I Ar interface
1.21 aaron 143: Show information about the specified
144: .Ar interface ;
1.1 deraadt 145: used with a
146: .Ar wait
147: interval as described below.
1.21 aaron 148: .Pp
1.19 itojun 149: If the
1.34 jmc 150: .Fl a
151: option is also present, multicast addresses currently in use are shown
152: for the given interface and for each IP interface address.
153: Multicast addresses are shown on separate lines following the interface
154: address with which they are associated.
155: .Pp
156: If the
1.19 itojun 157: .Fl f Ar address_family
158: option (with the
159: .Fl s
1.30 jmc 160: option) is present, show per-interface
161: statistics on the given interface for the specified
162: .Ar address_family .
1.1 deraadt 163: .It Fl i
164: Show the state of interfaces which have been auto-configured
1.21 aaron 165: (interfaces statically configured into a system but not
166: located at boot-time are not shown).
167: .Pp
1.1 deraadt 168: If the
169: .Fl a
1.21 aaron 170: option is also present, multicast addresses currently in use are shown
1.1 deraadt 171: for each Ethernet interface and for each IP interface address.
172: Multicast addresses are shown on separate lines following the interface
173: address with which they are associated.
1.21 aaron 174: .Pp
1.19 itojun 175: If the
176: .Fl f Ar address_family
177: option (with the
178: .Fl s
1.30 jmc 179: option) is present, show per-interface statistics on all interfaces
1.21 aaron 180: for the specified
1.30 jmc 181: .Ar address_family .
1.31 jmc 182: .It Fl l
183: With the
184: .Fl g
185: option, display wider fields for the IPv6 multicast routing table
186: .Qq Origin
187: and
188: .Qq Group
189: columns.
1.17 deraadt 190: .It Fl M Ar core
1.1 deraadt 191: Extract values associated with the name list from the specified core
1.27 miod 192: instead of the running kernel.
1.1 deraadt 193: .It Fl m
194: Show statistics recorded by the memory management routines
195: (the network manages a private pool of memory buffers).
1.17 deraadt 196: .It Fl N Ar system
1.27 miod 197: Extract the name list from the specified system instead of the running kernel.
1.1 deraadt 198: .It Fl n
199: Show network addresses as numbers (normally
1.21 aaron 200: .Nm
1.1 deraadt 201: interprets addresses and attempts to display them
202: symbolically).
203: This option may be used with any of the display formats.
1.16 aaron 204: .It Fl p Ar protocol
1.35 markus 205: Restrict the output to
1.12 aaron 206: .Ar protocol ,
1.21 aaron 207: which is either a well-known name for a protocol or an alias for it.
208: Some protocol names and aliases are listed in the file
1.1 deraadt 209: .Pa /etc/protocols .
210: The program will complain if
211: .Ar protocol
1.35 markus 212: is unknown.
213: If the
214: .Fl s
215: option is specified, the per-protocol statistics are displayed.
216: Otherwise the states of the matching sockets are shown.
1.26 brian 217: .It Fl q
218: Only show interfaces that have seen packets (or bytes if
219: .Fl b
1.34 jmc 220: is specified).
1.1 deraadt 221: .It Fl r
222: Show the routing tables.
1.21 aaron 223: If the
1.1 deraadt 224: .Fl s
1.21 aaron 225: option is also specified, show routing statistics instead.
1.36 cedric 226: .It Fl S
1.38 ! jmc 227: Make the
1.36 cedric 228: .Fl r
229: command display the source selector part of the routes.
1.26 brian 230: .It Fl s
231: Show per-protocol statistics.
232: If this option is repeated, counters with a value of zero are suppressed.
1.31 jmc 233: .It Fl t
234: With the
235: .Fl i
236: option, display the current value of the watchdog timer function.
237: .It Fl u
238: Limit statistics or address control block reports to the
239: .Dv AF_UNIX
240: address family.
1.10 peter 241: .It Fl v
1.19 itojun 242: Be verbose.
243: Avoids truncation of long addresses.
1.1 deraadt 244: .It Fl w Ar wait
245: Show network interface statistics at intervals of
246: .Ar wait
247: seconds.
248: .El
249: .Pp
250: The default display, for active sockets, shows the local
251: and remote addresses, send and receive queue sizes (in bytes), protocol,
252: and the internal state of the protocol.
1.21 aaron 253: .Pp
254: Address formats are of the form
255: .Dq host.port
256: or
257: .Dq network.port
1.1 deraadt 258: if a socket's address specifies a network but no specific host address.
1.21 aaron 259: When known, the host and network addresses are displayed symbolically
260: according to the databases
1.1 deraadt 261: .Pa /etc/hosts
262: and
263: .Pa /etc/networks ,
1.21 aaron 264: respectively.
265: If a symbolic name for an address is unknown, or if the
1.1 deraadt 266: .Fl n
267: option is specified, the address is printed numerically, according
268: to the address family.
1.21 aaron 269: .Pp
270: For more information regarding the Internet
271: .Dq dot format ,
1.1 deraadt 272: refer to
1.12 aaron 273: .Xr inet 3 .
1.34 jmc 274: Unspecified or
1.21 aaron 275: .Dq wildcard
276: addresses and ports appear as a single
1.34 jmc 277: .Sq * .
1.6 deraadt 278: If a local port number is registered as being in use for RPC by
1.12 aaron 279: .Xr portmap 8 ,
1.11 aaron 280: its RPC service name or RPC service number will be printed in
1.21 aaron 281: .Dq []
282: immediately after the port number.
1.1 deraadt 283: .Pp
284: The interface display provides a table of cumulative
285: statistics regarding packets transferred, errors, and collisions.
286: The network addresses of the interface
1.21 aaron 287: and the maximum transmission unit (MTU) are also displayed.
1.1 deraadt 288: .Pp
1.21 aaron 289: The routing table display indicates the available routes and their status.
290: Each route consists of a destination host or network and
291: a gateway to use in forwarding packets.
292: If the destination is a
293: network in numeric format, the netmask (in /24 style format) is appended.
294: The flags field shows a collection of information about
295: the route stored as binary choices.
296: The individual flags are discussed in more detail in the
1.1 deraadt 297: .Xr route 8
298: and
299: .Xr route 4
300: manual pages.
1.21 aaron 301: .Pp
1.1 deraadt 302: The mapping between letters and flags is:
303: .Bl -column XXXX RTF_BLACKHOLE
1.12 aaron 304: 1 RTF_PROTO1 Protocol specific routing flag #1.
305: 2 RTF_PROTO2 Protocol specific routing flag #2.
1.25 niklas 306: 3 RTF_PROTO3 Protocol specific routing flag #3.
1.16 aaron 307: B RTF_BLACKHOLE Just discard pkts (during updates).
1.12 aaron 308: C RTF_CLONING Generate new routes on use.
1.34 jmc 309: c RTF_CLONED Cloned routes (generated from RTF_CLONING).
1.12 aaron 310: D RTF_DYNAMIC Created dynamically (by redirect).
311: G RTF_GATEWAY Destination requires forwarding by intermediary.
312: H RTF_HOST Host entry (net otherwise).
1.1 deraadt 313: L RTF_LLINFO Valid protocol to link address translation.
1.12 aaron 314: M RTF_MODIFIED Modified dynamically (by redirect).
315: R RTF_REJECT Host or net unreachable.
316: S RTF_STATIC Manually added.
317: U RTF_UP Route usable.
318: X RTF_XRESOLVE External daemon translates proto to link address.
1.1 deraadt 319: .El
320: .Pp
1.21 aaron 321: Direct routes are created for each interface attached to the local host;
1.1 deraadt 322: the gateway field for such entries shows the address of the outgoing interface.
1.21 aaron 323: The refcnt field gives the current number of active uses of the route.
324: Connection oriented protocols normally hold on to a single route for the
325: duration of a connection while connectionless protocols obtain a route while
326: sending to the same destination.
327: The use field provides a count of the number of packets sent using that route.
328: The MTU entry shows the MTU associated with that route.
329: This MTU value is used as the basis for the TCP maximum segment size (MSS).
1.34 jmc 330: The
331: .Sq L
332: flag appended to the MTU value indicates that the value is
333: locked, and that path MTU discovery is turned off for that route.
1.21 aaron 334: A
1.1 deraadt 335: .Sq -
1.12 aaron 336: indicates that the MTU for this route has not been set, and a default
1.21 aaron 337: TCP maximum segment size will be used.
338: The interface entry indicates the network interface utilized for the route.
1.1 deraadt 339: .Pp
340: When
1.21 aaron 341: .Nm
1.1 deraadt 342: is invoked with the
343: .Fl w
344: option and a
345: .Ar wait
346: interval argument, it displays a running count of statistics related to
347: network interfaces.
348: An obsolescent version of this option used a numeric parameter
349: with no option, and is currently supported for backward compatibility.
350: This display consists of a column for the primary interface (the first
351: interface found during autoconfiguration) and a column summarizing
352: information for all interfaces.
353: The primary interface may be replaced with another interface with the
354: .Fl I
355: option.
356: The first line of each screen of information contains a summary since the
1.21 aaron 357: system was last rebooted.
358: Subsequent lines of output show values accumulated over the preceding interval.
1.1 deraadt 359: .Sh SEE ALSO
360: .Xr nfsstat 1 ,
361: .Xr ps 1 ,
1.34 jmc 362: .Xr inet 3 ,
1.21 aaron 363: .Xr netintro 4 ,
1.34 jmc 364: .Xr route 4 ,
1.1 deraadt 365: .Xr hosts 5 ,
366: .Xr networks 5 ,
367: .Xr protocols 5 ,
368: .Xr services 5 ,
1.15 alex 369: .Xr iostat 8 ,
1.34 jmc 370: .Xr portmap 8 ,
371: .Xr route 8 ,
1.1 deraadt 372: .Xr trpt 8 ,
373: .Xr vmstat 8
374: .Sh HISTORY
375: The
1.21 aaron 376: .Nm
1.1 deraadt 377: command appeared in
378: .Bx 4.2 .
1.19 itojun 379: IPv6 support was added by WIDE/KAME project.
1.1 deraadt 380: .Sh BUGS
381: The notion of errors is ill-defined.