Annotation of src/usr.bin/netstat/netstat.1, Revision 1.57
1.57 ! tedu 1: .\" $OpenBSD: netstat.1,v 1.56 2009/06/27 11:35:57 michele Exp $
1.1 deraadt 2: .\" $NetBSD: netstat.1,v 1.11 1995/10/03 21:42:43 thorpej Exp $
3: .\"
4: .\" Copyright (c) 1983, 1990, 1992, 1993
5: .\" The Regents of the University of California. All rights reserved.
6: .\"
7: .\" Redistribution and use in source and binary forms, with or without
8: .\" modification, are permitted provided that the following conditions
9: .\" are met:
10: .\" 1. Redistributions of source code must retain the above copyright
11: .\" notice, this list of conditions and the following disclaimer.
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in the
14: .\" documentation and/or other materials provided with the distribution.
1.29 millert 15: .\" 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 16: .\" may be used to endorse or promote products derived from this software
17: .\" without specific prior written permission.
18: .\"
19: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29: .\" SUCH DAMAGE.
30: .\"
31: .\" from: @(#)netstat.1 8.8 (Berkeley) 4/18/94
32: .\"
1.57 ! tedu 33: .Dd $Mdocdate: June 27 2009 $
1.1 deraadt 34: .Dt NETSTAT 1
1.16 aaron 35: .Os
1.1 deraadt 36: .Sh NAME
37: .Nm netstat
38: .Nd show network status
39: .Sh SYNOPSIS
40: .Nm netstat
41: .Op Fl Aan
42: .Op Fl f Ar address_family
43: .Op Fl M Ar core
44: .Op Fl N Ar system
45: .Nm netstat
1.52 claudio 46: .Bk -words
1.48 pyr 47: .Op Fl bdFgilmnqrstu
1.1 deraadt 48: .Op Fl f Ar address_family
49: .Op Fl M Ar core
50: .Op Fl N Ar system
1.52 claudio 51: .Op Fl T Ar tableid
52: .Ek
1.1 deraadt 53: .Nm netstat
1.24 camield 54: .Op Fl bdn
1.57 ! tedu 55: .Op Fl c Ar count
1.1 deraadt 56: .Op Fl I Ar interface
57: .Op Fl M Ar core
58: .Op Fl N Ar system
59: .Op Fl w Ar wait
60: .Nm netstat
1.45 jaredy 61: .Op Fl M Ar core
62: .Op Fl N Ar system
63: .Fl P Ar pcbaddr
64: .Nm netstat
1.35 markus 65: .Op Fl s
1.1 deraadt 66: .Op Fl M Ar core
67: .Op Fl N Ar system
1.31 jmc 68: .Op Fl p Ar protocol
1.19 itojun 69: .Nm netstat
1.34 jmc 70: .Op Fl a
1.19 itojun 71: .Op Fl f Ar address_family
1.34 jmc 72: .Op Fl i | I Ar interface
1.42 reyk 73: .Nm netstat
74: .Op Fl W Ar interface
1.1 deraadt 75: .Sh DESCRIPTION
76: The
1.21 aaron 77: .Nm
1.1 deraadt 78: command symbolically displays the contents of various network-related
79: data structures.
80: There are a number of output formats,
81: depending on the options for the information presented.
1.21 aaron 82: .Pp
1.1 deraadt 83: The first form of the command displays a list of active sockets for
84: each protocol.
85: The second form presents the contents of one of the other network
86: data structures according to the option selected.
87: Using the third form, with a
88: .Ar wait
89: interval specified,
1.21 aaron 90: .Nm
1.1 deraadt 91: will continuously display the information regarding packet
92: traffic on the configured network interfaces.
1.46 jmc 93: The fourth form displays statistics about the protocol control block (PCB).
94: The fifth form displays statistics about the named protocol.
95: The sixth form displays per interface statistics for
1.30 jmc 96: the specified address family.
1.43 jmc 97: The final form displays per interface statistics for
98: the specified wireless (802.11) device.
1.1 deraadt 99: .Pp
1.12 aaron 100: The options are as follows:
1.22 aaron 101: .Bl -tag -width Ds
1.1 deraadt 102: .It Fl A
103: With the default display,
104: show the address of any protocol control blocks associated with sockets; used
1.45 jaredy 105: for debugging, e.g. with the
106: .Fl P
107: flag.
1.1 deraadt 108: .It Fl a
109: With the default display,
110: show the state of all sockets; normally sockets used by
111: server processes are not shown.
1.34 jmc 112: With the interface display (options
113: .Fl I
114: or
115: .Fl i ) ,
116: show multicast addresses.
1.24 camield 117: .It Fl b
1.34 jmc 118: With the interface display (options
119: .Fl I
120: or
1.24 camield 121: .Fl i ) ,
122: show bytes in and out, instead of packet statistics.
1.57 ! tedu 123: .It Fl c Ar count
! 124: Display
! 125: .Ar count
! 126: updates, then exit.
! 127: This option has no effect unless
! 128: .Fl w
! 129: is specified as well.
1.1 deraadt 130: .It Fl d
1.34 jmc 131: With either the interface display (options
132: .Fl I
133: or
134: .Fl i )
135: or an interval (option
136: .Fl w ) ,
1.1 deraadt 137: show the number of dropped packets.
1.48 pyr 138: .It Fl F
139: When showing routes, only show routes whose gateway are in the
140: same address family as the destination.
1.16 aaron 141: .It Fl f Ar address_family
1.1 deraadt 142: Limit statistics or address control block reports to those
143: of the specified
1.12 aaron 144: .Ar address_family .
1.21 aaron 145: .Pp
146: The following address families are recognized:
147: .Pp
148: .Bl -column "Address Family" "AF_APPLETA" "Description" -offset indent -compact
149: .It Sy "Address Family" Ta Sy "Constant" Ta Sy "Description"
1.55 mk 150: .It "atalk" Ta Dv "AF_APPLETALK" Ta "AppleTalk"
151: .It "encap" Ta Dv "PF_KEY" Ta "IPsec"
1.32 jmc 152: .It "inet" Ta Dv "AF_INET" Ta "IP Version 4"
153: .It "inet6" Ta Dv "AF_INET6" Ta "IP Version 6"
154: .It "local" Ta Dv "AF_LOCAL" Ta "Local to Host (i.e., pipes)"
1.55 mk 155: .It "mpls" Ta Dv "AF_MPLS" Ta "MPLS"
156: .It "pflow" Ta Dv "PF_FLOW" Ta "pflow data export"
1.32 jmc 157: .It "unix" Ta Dv "AF_UNIX" Ta "Local to Host (i.e., pipes)"
1.21 aaron 158: .El
159: .Pp
1.1 deraadt 160: .It Fl g
161: Show information related to multicast (group address) routing.
1.34 jmc 162: By default, show the IP multicast virtual-interface and routing tables.
1.1 deraadt 163: If the
164: .Fl s
165: option is also present, show multicast routing statistics.
1.16 aaron 166: .It Fl I Ar interface
1.21 aaron 167: Show information about the specified
168: .Ar interface ;
1.1 deraadt 169: used with a
170: .Ar wait
171: interval as described below.
1.21 aaron 172: .Pp
1.19 itojun 173: If the
1.34 jmc 174: .Fl a
175: option is also present, multicast addresses currently in use are shown
176: for the given interface and for each IP interface address.
177: Multicast addresses are shown on separate lines following the interface
178: address with which they are associated.
179: .Pp
180: If the
1.19 itojun 181: .Fl f Ar address_family
182: option (with the
183: .Fl s
1.30 jmc 184: option) is present, show per-interface
185: statistics on the given interface for the specified
186: .Ar address_family .
1.1 deraadt 187: .It Fl i
188: Show the state of interfaces which have been auto-configured
1.21 aaron 189: (interfaces statically configured into a system but not
190: located at boot-time are not shown).
191: .Pp
1.1 deraadt 192: If the
193: .Fl a
1.21 aaron 194: option is also present, multicast addresses currently in use are shown
1.1 deraadt 195: for each Ethernet interface and for each IP interface address.
196: Multicast addresses are shown on separate lines following the interface
197: address with which they are associated.
1.21 aaron 198: .Pp
1.19 itojun 199: If the
200: .Fl f Ar address_family
201: option (with the
202: .Fl s
1.30 jmc 203: option) is present, show per-interface statistics on all interfaces
1.21 aaron 204: for the specified
1.30 jmc 205: .Ar address_family .
1.31 jmc 206: .It Fl l
207: With the
208: .Fl g
209: option, display wider fields for the IPv6 multicast routing table
210: .Qq Origin
211: and
212: .Qq Group
213: columns.
1.17 deraadt 214: .It Fl M Ar core
1.1 deraadt 215: Extract values associated with the name list from the specified core
1.27 miod 216: instead of the running kernel.
1.1 deraadt 217: .It Fl m
218: Show statistics recorded by the memory management routines
219: (the network manages a private pool of memory buffers).
1.17 deraadt 220: .It Fl N Ar system
1.27 miod 221: Extract the name list from the specified system instead of the running kernel.
1.1 deraadt 222: .It Fl n
223: Show network addresses as numbers (normally
1.21 aaron 224: .Nm
1.1 deraadt 225: interprets addresses and attempts to display them
226: symbolically).
227: This option may be used with any of the display formats.
1.45 jaredy 228: .It Fl P Ar pcbaddr
229: Display the contents of the protocol control block (PCB) located at
230: the kernel virtual address
231: .Ar pcbaddr .
232: PCB addresses can be obtained using the
233: .Fl A
234: flag.
235: This option can currently only be used to display TCP control blocks.
1.16 aaron 236: .It Fl p Ar protocol
1.35 markus 237: Restrict the output to
1.12 aaron 238: .Ar protocol ,
1.21 aaron 239: which is either a well-known name for a protocol or an alias for it.
240: Some protocol names and aliases are listed in the file
1.1 deraadt 241: .Pa /etc/protocols .
242: The program will complain if
243: .Ar protocol
1.35 markus 244: is unknown.
245: If the
246: .Fl s
247: option is specified, the per-protocol statistics are displayed.
248: Otherwise the states of the matching sockets are shown.
1.26 brian 249: .It Fl q
250: Only show interfaces that have seen packets (or bytes if
251: .Fl b
1.34 jmc 252: is specified).
1.1 deraadt 253: .It Fl r
254: Show the routing tables.
1.21 aaron 255: If the
1.1 deraadt 256: .Fl s
1.21 aaron 257: option is also specified, show routing statistics instead.
1.26 brian 258: .It Fl s
259: Show per-protocol statistics.
260: If this option is repeated, counters with a value of zero are suppressed.
1.51 claudio 261: .It Fl T Ar tableid
262: Select an alternate routing table to modify or query.
263: Table 0 is the default table.
1.31 jmc 264: .It Fl t
265: With the
266: .Fl i
267: option, display the current value of the watchdog timer function.
268: .It Fl u
269: Limit statistics or address control block reports to the
270: .Dv AF_UNIX
271: address family.
1.10 peter 272: .It Fl v
1.19 itojun 273: Be verbose.
274: Avoids truncation of long addresses.
1.42 reyk 275: .It Fl W Ar interface
276: (IEEE 802.11 devices only)
277: Show per-interface IEEE 802.11 wireless statistics.
1.1 deraadt 278: .It Fl w Ar wait
279: Show network interface statistics at intervals of
280: .Ar wait
281: seconds.
282: .El
283: .Pp
284: The default display, for active sockets, shows the local
285: and remote addresses, send and receive queue sizes (in bytes), protocol,
286: and the internal state of the protocol.
1.21 aaron 287: .Pp
288: Address formats are of the form
289: .Dq host.port
290: or
291: .Dq network.port
1.1 deraadt 292: if a socket's address specifies a network but no specific host address.
1.21 aaron 293: When known, the host and network addresses are displayed symbolically
294: according to the databases
1.1 deraadt 295: .Pa /etc/hosts
296: and
297: .Pa /etc/networks ,
1.21 aaron 298: respectively.
299: If a symbolic name for an address is unknown, or if the
1.1 deraadt 300: .Fl n
301: option is specified, the address is printed numerically, according
302: to the address family.
1.21 aaron 303: .Pp
304: For more information regarding the Internet
305: .Dq dot format ,
1.1 deraadt 306: refer to
1.12 aaron 307: .Xr inet 3 .
1.34 jmc 308: Unspecified or
1.21 aaron 309: .Dq wildcard
310: addresses and ports appear as a single
1.34 jmc 311: .Sq * .
1.6 deraadt 312: If a local port number is registered as being in use for RPC by
1.12 aaron 313: .Xr portmap 8 ,
1.11 aaron 314: its RPC service name or RPC service number will be printed in
1.21 aaron 315: .Dq []
316: immediately after the port number.
1.1 deraadt 317: .Pp
318: The interface display provides a table of cumulative
319: statistics regarding packets transferred, errors, and collisions.
320: The network addresses of the interface
1.21 aaron 321: and the maximum transmission unit (MTU) are also displayed.
1.1 deraadt 322: .Pp
1.21 aaron 323: The routing table display indicates the available routes and their status.
324: Each route consists of a destination host or network and
325: a gateway to use in forwarding packets.
326: If the destination is a
327: network in numeric format, the netmask (in /24 style format) is appended.
328: The flags field shows a collection of information about
329: the route stored as binary choices.
330: The individual flags are discussed in more detail in the
1.1 deraadt 331: .Xr route 8
332: and
333: .Xr route 4
334: manual pages.
1.21 aaron 335: .Pp
1.1 deraadt 336: The mapping between letters and flags is:
337: .Bl -column XXXX RTF_BLACKHOLE
1.12 aaron 338: 1 RTF_PROTO1 Protocol specific routing flag #1.
339: 2 RTF_PROTO2 Protocol specific routing flag #2.
1.25 niklas 340: 3 RTF_PROTO3 Protocol specific routing flag #3.
1.16 aaron 341: B RTF_BLACKHOLE Just discard pkts (during updates).
1.12 aaron 342: C RTF_CLONING Generate new routes on use.
1.34 jmc 343: c RTF_CLONED Cloned routes (generated from RTF_CLONING).
1.12 aaron 344: D RTF_DYNAMIC Created dynamically (by redirect).
345: G RTF_GATEWAY Destination requires forwarding by intermediary.
346: H RTF_HOST Host entry (net otherwise).
1.1 deraadt 347: L RTF_LLINFO Valid protocol to link address translation.
1.12 aaron 348: M RTF_MODIFIED Modified dynamically (by redirect).
1.54 claudio 349: P RTF_MPATH Multipath route.
1.12 aaron 350: R RTF_REJECT Host or net unreachable.
351: S RTF_STATIC Manually added.
1.56 michele 352: T RTF_MPLS MPLS route.
1.12 aaron 353: U RTF_UP Route usable.
354: X RTF_XRESOLVE External daemon translates proto to link address.
1.1 deraadt 355: .El
356: .Pp
1.21 aaron 357: Direct routes are created for each interface attached to the local host;
1.1 deraadt 358: the gateway field for such entries shows the address of the outgoing interface.
1.21 aaron 359: The refcnt field gives the current number of active uses of the route.
360: Connection oriented protocols normally hold on to a single route for the
361: duration of a connection while connectionless protocols obtain a route while
362: sending to the same destination.
363: The use field provides a count of the number of packets sent using that route.
364: The MTU entry shows the MTU associated with that route.
365: This MTU value is used as the basis for the TCP maximum segment size (MSS).
1.34 jmc 366: The
367: .Sq L
368: flag appended to the MTU value indicates that the value is
369: locked, and that path MTU discovery is turned off for that route.
1.21 aaron 370: A
1.1 deraadt 371: .Sq -
1.12 aaron 372: indicates that the MTU for this route has not been set, and a default
1.21 aaron 373: TCP maximum segment size will be used.
374: The interface entry indicates the network interface utilized for the route.
1.1 deraadt 375: .Pp
376: When
1.21 aaron 377: .Nm
1.1 deraadt 378: is invoked with the
379: .Fl w
380: option and a
381: .Ar wait
382: interval argument, it displays a running count of statistics related to
383: network interfaces.
384: An obsolescent version of this option used a numeric parameter
385: with no option, and is currently supported for backward compatibility.
386: This display consists of a column for the primary interface (the first
387: interface found during autoconfiguration) and a column summarizing
388: information for all interfaces.
389: The primary interface may be replaced with another interface with the
390: .Fl I
391: option.
392: The first line of each screen of information contains a summary since the
1.21 aaron 393: system was last rebooted.
394: Subsequent lines of output show values accumulated over the preceding interval.
1.1 deraadt 395: .Sh SEE ALSO
1.47 jmc 396: .Xr fstat 1 ,
1.1 deraadt 397: .Xr nfsstat 1 ,
398: .Xr ps 1 ,
1.47 jmc 399: .Xr systat 1 ,
1.53 jmc 400: .Xr tcpbench 1 ,
1.47 jmc 401: .Xr top 1 ,
1.34 jmc 402: .Xr inet 3 ,
1.21 aaron 403: .Xr netintro 4 ,
1.34 jmc 404: .Xr route 4 ,
1.1 deraadt 405: .Xr hosts 5 ,
406: .Xr networks 5 ,
407: .Xr protocols 5 ,
408: .Xr services 5 ,
1.15 alex 409: .Xr iostat 8 ,
1.34 jmc 410: .Xr portmap 8 ,
1.47 jmc 411: .Xr pstat 8 ,
1.34 jmc 412: .Xr route 8 ,
1.40 jmc 413: .Xr tcpdrop 8 ,
1.1 deraadt 414: .Xr trpt 8 ,
415: .Xr vmstat 8
416: .Sh HISTORY
417: The
1.21 aaron 418: .Nm
1.1 deraadt 419: command appeared in
420: .Bx 4.2 .
1.19 itojun 421: IPv6 support was added by WIDE/KAME project.
1.1 deraadt 422: .Sh BUGS
423: The notion of errors is ill-defined.
![[BACK]](/icons/back.gif){kind=icon}
Return to netstat.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / netstat