Annotation of src/usr.bin/netstat/netstat.1, Revision 1.72
1.72 ! schwarze 1: .\" $OpenBSD: netstat.1,v 1.71 2014/05/10 23:31:40 jmc Exp $
1.1 deraadt 2: .\" $NetBSD: netstat.1,v 1.11 1995/10/03 21:42:43 thorpej Exp $
3: .\"
4: .\" Copyright (c) 1983, 1990, 1992, 1993
5: .\" The Regents of the University of California. All rights reserved.
6: .\"
7: .\" Redistribution and use in source and binary forms, with or without
8: .\" modification, are permitted provided that the following conditions
9: .\" are met:
10: .\" 1. Redistributions of source code must retain the above copyright
11: .\" notice, this list of conditions and the following disclaimer.
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in the
14: .\" documentation and/or other materials provided with the distribution.
1.29 millert 15: .\" 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 16: .\" may be used to endorse or promote products derived from this software
17: .\" without specific prior written permission.
18: .\"
19: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29: .\" SUCH DAMAGE.
30: .\"
31: .\" from: @(#)netstat.1 8.8 (Berkeley) 4/18/94
32: .\"
1.72 ! schwarze 33: .Dd $Mdocdate: May 10 2014 $
1.1 deraadt 34: .Dt NETSTAT 1
1.16 aaron 35: .Os
1.1 deraadt 36: .Sh NAME
37: .Nm netstat
38: .Nd show network status
39: .Sh SYNOPSIS
40: .Nm netstat
1.63 jsing 41: .Op Fl AaBn
1.1 deraadt 42: .Op Fl f Ar address_family
1.59 blambert 43: .Op Fl p Ar protocol
1.1 deraadt 44: .Op Fl M Ar core
45: .Op Fl N Ar system
46: .Nm netstat
1.52 claudio 47: .Bk -words
1.48 pyr 48: .Op Fl bdFgilmnqrstu
1.1 deraadt 49: .Op Fl f Ar address_family
1.59 blambert 50: .Op Fl p Ar protocol
1.1 deraadt 51: .Op Fl M Ar core
52: .Op Fl N Ar system
1.52 claudio 53: .Op Fl T Ar tableid
54: .Ek
1.1 deraadt 55: .Nm netstat
1.68 tedu 56: .Op Fl bdhn
1.57 tedu 57: .Op Fl c Ar count
1.1 deraadt 58: .Op Fl I Ar interface
59: .Op Fl M Ar core
60: .Op Fl N Ar system
61: .Op Fl w Ar wait
62: .Nm netstat
1.61 bluhm 63: .Op Fl v
1.45 jaredy 64: .Op Fl M Ar core
65: .Op Fl N Ar system
66: .Fl P Ar pcbaddr
67: .Nm netstat
1.35 markus 68: .Op Fl s
1.1 deraadt 69: .Op Fl M Ar core
70: .Op Fl N Ar system
1.31 jmc 71: .Op Fl p Ar protocol
1.19 itojun 72: .Nm netstat
1.34 jmc 73: .Op Fl a
1.19 itojun 74: .Op Fl f Ar address_family
1.59 blambert 75: .Op Fl p Ar protocol
1.34 jmc 76: .Op Fl i | I Ar interface
1.42 reyk 77: .Nm netstat
78: .Op Fl W Ar interface
1.1 deraadt 79: .Sh DESCRIPTION
80: The
1.21 aaron 81: .Nm
1.1 deraadt 82: command symbolically displays the contents of various network-related
83: data structures.
84: There are a number of output formats,
85: depending on the options for the information presented.
1.21 aaron 86: .Pp
1.1 deraadt 87: The first form of the command displays a list of active sockets for
88: each protocol.
89: The second form presents the contents of one of the other network
90: data structures according to the option selected.
91: Using the third form, with a
92: .Ar wait
93: interval specified,
1.21 aaron 94: .Nm
1.1 deraadt 95: will continuously display the information regarding packet
96: traffic on the configured network interfaces.
1.61 bluhm 97: The fourth form displays internals of the protocol control block (PCB)
98: and the socket structure.
1.46 jmc 99: The fifth form displays statistics about the named protocol.
100: The sixth form displays per interface statistics for
1.30 jmc 101: the specified address family.
1.43 jmc 102: The final form displays per interface statistics for
103: the specified wireless (802.11) device.
1.1 deraadt 104: .Pp
1.12 aaron 105: The options are as follows:
1.22 aaron 106: .Bl -tag -width Ds
1.1 deraadt 107: .It Fl A
108: With the default display,
109: show the address of any protocol control blocks associated with sockets; used
1.45 jaredy 110: for debugging, e.g. with the
111: .Fl P
112: flag.
1.1 deraadt 113: .It Fl a
114: With the default display,
115: show the state of all sockets; normally sockets used by
116: server processes are not shown.
1.34 jmc 117: With the interface display (options
118: .Fl I
119: or
120: .Fl i ) ,
121: show multicast addresses.
1.63 jsing 122: .It Fl B
123: With the default display,
124: show buffer sizes for TCP sockets.
125: This includes the send window size, receive window size and congestion
126: window size.
1.24 camield 127: .It Fl b
1.34 jmc 128: With the interface display (options
129: .Fl I
130: or
1.24 camield 131: .Fl i ) ,
132: show bytes in and out, instead of packet statistics.
1.57 tedu 133: .It Fl c Ar count
134: Display
135: .Ar count
136: updates, then exit.
137: This option has no effect unless
138: .Fl w
139: is specified as well.
1.1 deraadt 140: .It Fl d
1.34 jmc 141: With either the interface display (options
142: .Fl I
143: or
144: .Fl i )
145: or an interval (option
146: .Fl w ) ,
1.1 deraadt 147: show the number of dropped packets.
1.48 pyr 148: .It Fl F
149: When showing routes, only show routes whose gateway are in the
150: same address family as the destination.
1.16 aaron 151: .It Fl f Ar address_family
1.1 deraadt 152: Limit statistics or address control block reports to those
153: of the specified
1.12 aaron 154: .Ar address_family .
1.21 aaron 155: .Pp
156: The following address families are recognized:
1.65 jmc 157: .Bl -column "Address Family" "AF_APPLETA" "Description" -offset indent
1.21 aaron 158: .It Sy "Address Family" Ta Sy "Constant" Ta Sy "Description"
1.55 mk 159: .It "encap" Ta Dv "PF_KEY" Ta "IPsec"
1.32 jmc 160: .It "inet" Ta Dv "AF_INET" Ta "IP Version 4"
161: .It "inet6" Ta Dv "AF_INET6" Ta "IP Version 6"
162: .It "local" Ta Dv "AF_LOCAL" Ta "Local to Host (i.e., pipes)"
1.55 mk 163: .It "mpls" Ta Dv "AF_MPLS" Ta "MPLS"
164: .It "pflow" Ta Dv "PF_FLOW" Ta "pflow data export"
1.32 jmc 165: .It "unix" Ta Dv "AF_UNIX" Ta "Local to Host (i.e., pipes)"
1.21 aaron 166: .El
1.68 tedu 167: .It Fl h
168: Use unit suffixes to reduce the number of digits shown with the
169: .Fl b
170: and
171: .Fl w
172: options.
1.1 deraadt 173: .It Fl g
174: Show information related to multicast (group address) routing.
1.34 jmc 175: By default, show the IP multicast virtual-interface and routing tables.
1.1 deraadt 176: If the
177: .Fl s
178: option is also present, show multicast routing statistics.
1.16 aaron 179: .It Fl I Ar interface
1.21 aaron 180: Show information about the specified
181: .Ar interface ;
1.1 deraadt 182: used with a
183: .Ar wait
184: interval as described below.
1.21 aaron 185: .Pp
1.19 itojun 186: If the
1.34 jmc 187: .Fl a
188: option is also present, multicast addresses currently in use are shown
189: for the given interface and for each IP interface address.
190: Multicast addresses are shown on separate lines following the interface
191: address with which they are associated.
192: .Pp
193: If the
1.19 itojun 194: .Fl f Ar address_family
195: option (with the
196: .Fl s
1.30 jmc 197: option) is present, show per-interface
198: statistics on the given interface for the specified
199: .Ar address_family .
1.1 deraadt 200: .It Fl i
201: Show the state of interfaces which have been auto-configured
1.21 aaron 202: (interfaces statically configured into a system but not
203: located at boot-time are not shown).
204: .Pp
1.1 deraadt 205: If the
206: .Fl a
1.21 aaron 207: option is also present, multicast addresses currently in use are shown
1.1 deraadt 208: for each Ethernet interface and for each IP interface address.
209: Multicast addresses are shown on separate lines following the interface
210: address with which they are associated.
1.21 aaron 211: .Pp
1.19 itojun 212: If the
213: .Fl f Ar address_family
214: option (with the
215: .Fl s
1.30 jmc 216: option) is present, show per-interface statistics on all interfaces
1.21 aaron 217: for the specified
1.30 jmc 218: .Ar address_family .
1.31 jmc 219: .It Fl l
220: With the
221: .Fl g
222: option, display wider fields for the IPv6 multicast routing table
223: .Qq Origin
224: and
225: .Qq Group
226: columns.
1.17 deraadt 227: .It Fl M Ar core
1.1 deraadt 228: Extract values associated with the name list from the specified core
1.27 miod 229: instead of the running kernel.
1.1 deraadt 230: .It Fl m
231: Show statistics recorded by the memory management routines
232: (the network manages a private pool of memory buffers).
1.17 deraadt 233: .It Fl N Ar system
1.27 miod 234: Extract the name list from the specified system instead of the running kernel.
1.1 deraadt 235: .It Fl n
236: Show network addresses as numbers (normally
1.21 aaron 237: .Nm
1.1 deraadt 238: interprets addresses and attempts to display them
239: symbolically).
240: This option may be used with any of the display formats.
1.45 jaredy 241: .It Fl P Ar pcbaddr
1.61 bluhm 242: Display the contents of the socket or protocol control block (PCB)
243: located at the kernel virtual address
1.45 jaredy 244: .Ar pcbaddr .
245: PCB addresses can be obtained using the
246: .Fl A
247: flag.
1.61 bluhm 248: When used with the
249: .Fl v
250: option, also print socket, domain and protocol specific structures.
1.16 aaron 251: .It Fl p Ar protocol
1.35 markus 252: Restrict the output to
1.12 aaron 253: .Ar protocol ,
1.21 aaron 254: which is either a well-known name for a protocol or an alias for it.
255: Some protocol names and aliases are listed in the file
1.1 deraadt 256: .Pa /etc/protocols .
257: The program will complain if
258: .Ar protocol
1.35 markus 259: is unknown.
260: If the
261: .Fl s
262: option is specified, the per-protocol statistics are displayed.
263: Otherwise the states of the matching sockets are shown.
1.26 brian 264: .It Fl q
265: Only show interfaces that have seen packets (or bytes if
266: .Fl b
1.34 jmc 267: is specified).
1.1 deraadt 268: .It Fl r
269: Show the routing tables.
1.21 aaron 270: If the
1.1 deraadt 271: .Fl s
1.21 aaron 272: option is also specified, show routing statistics instead.
1.60 sobrado 273: When used with the
274: .Fl v
275: option, also print routing labels.
1.26 brian 276: .It Fl s
277: Show per-protocol statistics.
278: If this option is repeated, counters with a value of zero are suppressed.
1.51 claudio 279: .It Fl T Ar tableid
1.67 mikeb 280: Select an alternate routing table to query.
281: The default is to use the current routing table.
1.31 jmc 282: .It Fl t
283: With the
284: .Fl i
285: option, display the current value of the watchdog timer function.
286: .It Fl u
287: Limit statistics or address control block reports to the
288: .Dv AF_UNIX
289: address family.
1.10 peter 290: .It Fl v
1.60 sobrado 291: Show extra (verbose) detail for the routing tables
292: .Pq Fl r ,
293: or avoid truncation of long addresses.
1.61 bluhm 294: When used with the
295: .Fl P
296: option, also print socket, domain and protocol specific structures.
1.42 reyk 297: .It Fl W Ar interface
298: (IEEE 802.11 devices only)
299: Show per-interface IEEE 802.11 wireless statistics.
1.1 deraadt 300: .It Fl w Ar wait
301: Show network interface statistics at intervals of
302: .Ar wait
303: seconds.
304: .El
305: .Pp
306: The default display, for active sockets, shows the local
307: and remote addresses, send and receive queue sizes (in bytes), protocol,
308: and the internal state of the protocol.
1.21 aaron 309: .Pp
310: Address formats are of the form
311: .Dq host.port
312: or
313: .Dq network.port
1.1 deraadt 314: if a socket's address specifies a network but no specific host address.
1.72 ! schwarze 315: When known, the host addresses are displayed symbolically
! 316: according to the
! 317: .Xr hosts 5
! 318: database.
1.21 aaron 319: If a symbolic name for an address is unknown, or if the
1.1 deraadt 320: .Fl n
321: option is specified, the address is printed numerically, according
322: to the address family.
1.21 aaron 323: .Pp
324: For more information regarding the Internet
325: .Dq dot format ,
1.1 deraadt 326: refer to
1.71 jmc 327: .Xr inet_ntop 3 .
1.34 jmc 328: Unspecified or
1.21 aaron 329: .Dq wildcard
330: addresses and ports appear as a single
1.34 jmc 331: .Sq * .
1.6 deraadt 332: If a local port number is registered as being in use for RPC by
1.12 aaron 333: .Xr portmap 8 ,
1.11 aaron 334: its RPC service name or RPC service number will be printed in
1.21 aaron 335: .Dq []
336: immediately after the port number.
1.1 deraadt 337: .Pp
338: The interface display provides a table of cumulative
339: statistics regarding packets transferred, errors, and collisions.
340: The network addresses of the interface
1.21 aaron 341: and the maximum transmission unit (MTU) are also displayed.
1.1 deraadt 342: .Pp
1.21 aaron 343: The routing table display indicates the available routes and their status.
344: Each route consists of a destination host or network and
345: a gateway to use in forwarding packets.
346: If the destination is a
347: network in numeric format, the netmask (in /24 style format) is appended.
348: The flags field shows a collection of information about
349: the route stored as binary choices.
350: The individual flags are discussed in more detail in the
1.1 deraadt 351: .Xr route 8
352: and
353: .Xr route 4
354: manual pages.
1.21 aaron 355: .Pp
1.1 deraadt 356: The mapping between letters and flags is:
1.66 jmc 357: .Bl -column "1" "RTF_BLACKHOLE" "Protocol specific routing flag #1."
358: .It 1 Ta RTF_PROTO1 Ta "Protocol specific routing flag #1."
359: .It 2 Ta RTF_PROTO2 Ta "Protocol specific routing flag #2."
360: .It 3 Ta RTF_PROTO3 Ta "Protocol specific routing flag #3."
361: .It B Ta RTF_BLACKHOLE Ta "Just discard pkts (during updates)."
1.70 mpi 362: .It b Ta RTF_BROADCAST Ta "Correspond to a local broadcast address."
1.66 jmc 363: .It C Ta RTF_CLONING Ta "Generate new routes on use."
364: .It c Ta RTF_CLONED Ta "Cloned routes (generated from RTF_CLONING)."
365: .It D Ta RTF_DYNAMIC Ta "Created dynamically (by redirect)."
366: .It G Ta RTF_GATEWAY Ta "Destination requires forwarding by intermediary."
367: .It H Ta RTF_HOST Ta "Host entry (net otherwise)."
368: .It L Ta RTF_LLINFO Ta "Valid protocol to link address translation."
1.70 mpi 369: .It l Ta RTF_LOCAL Ta "Correspond to a local address."
1.66 jmc 370: .It M Ta RTF_MODIFIED Ta "Modified dynamically (by redirect)."
371: .It P Ta RTF_MPATH Ta "Multipath route."
372: .It R Ta RTF_REJECT Ta "Host or net unreachable."
373: .It S Ta RTF_STATIC Ta "Manually added."
374: .It T Ta RTF_MPLS Ta "MPLS route."
375: .It U Ta RTF_UP Ta "Route usable."
376: .It X Ta RTF_XRESOLVE Ta "External daemon translates proto to link address."
1.1 deraadt 377: .El
378: .Pp
1.21 aaron 379: Direct routes are created for each interface attached to the local host;
1.1 deraadt 380: the gateway field for such entries shows the address of the outgoing interface.
1.21 aaron 381: The refcnt field gives the current number of active uses of the route.
382: Connection oriented protocols normally hold on to a single route for the
383: duration of a connection while connectionless protocols obtain a route while
384: sending to the same destination.
385: The use field provides a count of the number of packets sent using that route.
386: The MTU entry shows the MTU associated with that route.
387: This MTU value is used as the basis for the TCP maximum segment size (MSS).
1.34 jmc 388: The
389: .Sq L
390: flag appended to the MTU value indicates that the value is
391: locked, and that path MTU discovery is turned off for that route.
1.21 aaron 392: A
1.1 deraadt 393: .Sq -
1.12 aaron 394: indicates that the MTU for this route has not been set, and a default
1.21 aaron 395: TCP maximum segment size will be used.
396: The interface entry indicates the network interface utilized for the route.
1.1 deraadt 397: .Pp
398: When
1.21 aaron 399: .Nm
1.1 deraadt 400: is invoked with the
401: .Fl w
402: option and a
403: .Ar wait
404: interval argument, it displays a running count of statistics related to
405: network interfaces.
406: An obsolescent version of this option used a numeric parameter
407: with no option, and is currently supported for backward compatibility.
408: This display consists of a column for the primary interface (the first
409: interface found during autoconfiguration) and a column summarizing
410: information for all interfaces.
411: The primary interface may be replaced with another interface with the
412: .Fl I
413: option.
414: The first line of each screen of information contains a summary since the
1.21 aaron 415: system was last rebooted.
416: Subsequent lines of output show values accumulated over the preceding interval.
1.1 deraadt 417: .Sh SEE ALSO
1.47 jmc 418: .Xr fstat 1 ,
1.1 deraadt 419: .Xr nfsstat 1 ,
420: .Xr ps 1 ,
1.47 jmc 421: .Xr systat 1 ,
1.53 jmc 422: .Xr tcpbench 1 ,
1.47 jmc 423: .Xr top 1 ,
1.71 jmc 424: .Xr inet_ntop 3 ,
1.21 aaron 425: .Xr netintro 4 ,
1.34 jmc 426: .Xr route 4 ,
1.1 deraadt 427: .Xr hosts 5 ,
428: .Xr protocols 5 ,
429: .Xr services 5 ,
1.15 alex 430: .Xr iostat 8 ,
1.34 jmc 431: .Xr portmap 8 ,
1.47 jmc 432: .Xr pstat 8 ,
1.34 jmc 433: .Xr route 8 ,
1.40 jmc 434: .Xr tcpdrop 8 ,
1.1 deraadt 435: .Xr trpt 8 ,
436: .Xr vmstat 8
437: .Sh HISTORY
438: The
1.21 aaron 439: .Nm
1.1 deraadt 440: command appeared in
441: .Bx 4.2 .
1.62 schwarze 442: IPv6 support was added by the WIDE/KAME project.
1.1 deraadt 443: .Sh BUGS
444: The notion of errors is ill-defined.