Annotation of src/usr.bin/netstat/netstat.1, Revision 1.86
1.86 ! jmc 1: .\" $OpenBSD: netstat.1,v 1.85 2019/04/17 20:17:00 jmc Exp $
1.1 deraadt 2: .\" $NetBSD: netstat.1,v 1.11 1995/10/03 21:42:43 thorpej Exp $
3: .\"
4: .\" Copyright (c) 1983, 1990, 1992, 1993
5: .\" The Regents of the University of California. All rights reserved.
6: .\"
7: .\" Redistribution and use in source and binary forms, with or without
8: .\" modification, are permitted provided that the following conditions
9: .\" are met:
10: .\" 1. Redistributions of source code must retain the above copyright
11: .\" notice, this list of conditions and the following disclaimer.
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in the
14: .\" documentation and/or other materials provided with the distribution.
1.29 millert 15: .\" 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 16: .\" may be used to endorse or promote products derived from this software
17: .\" without specific prior written permission.
18: .\"
19: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29: .\" SUCH DAMAGE.
30: .\"
31: .\" from: @(#)netstat.1 8.8 (Berkeley) 4/18/94
32: .\"
1.86 ! jmc 33: .Dd $Mdocdate: April 17 2019 $
1.1 deraadt 34: .Dt NETSTAT 1
1.16 aaron 35: .Os
1.1 deraadt 36: .Sh NAME
37: .Nm netstat
38: .Nd show network status
39: .Sh SYNOPSIS
1.85 jmc 40: .Nm
1.81 benno 41: .Op Fl AaBln
1.1 deraadt 42: .Op Fl f Ar address_family
1.59 blambert 43: .Op Fl p Ar protocol
1.1 deraadt 44: .Op Fl M Ar core
45: .Op Fl N Ar system
1.85 jmc 46: .Nm
1.84 dlg 47: .Op Fl bdeFgilmnqrstu
1.1 deraadt 48: .Op Fl f Ar address_family
1.59 blambert 49: .Op Fl p Ar protocol
1.1 deraadt 50: .Op Fl M Ar core
51: .Op Fl N Ar system
1.83 kn 52: .Op Fl T Ar rtable
1.85 jmc 53: .Nm
1.84 dlg 54: .Op Fl bdehn
1.57 tedu 55: .Op Fl c Ar count
1.1 deraadt 56: .Op Fl I Ar interface
57: .Op Fl M Ar core
58: .Op Fl N Ar system
59: .Op Fl w Ar wait
1.85 jmc 60: .Nm
1.61 bluhm 61: .Op Fl v
1.45 jaredy 62: .Op Fl M Ar core
63: .Op Fl N Ar system
64: .Fl P Ar pcbaddr
1.85 jmc 65: .Nm
1.35 markus 66: .Op Fl s
1.1 deraadt 67: .Op Fl M Ar core
68: .Op Fl N Ar system
1.31 jmc 69: .Op Fl p Ar protocol
1.85 jmc 70: .Nm
1.34 jmc 71: .Op Fl a
1.19 itojun 72: .Op Fl f Ar address_family
1.59 blambert 73: .Op Fl p Ar protocol
1.34 jmc 74: .Op Fl i | I Ar interface
1.85 jmc 75: .Nm
1.42 reyk 76: .Op Fl W Ar interface
1.1 deraadt 77: .Sh DESCRIPTION
78: The
1.21 aaron 79: .Nm
1.1 deraadt 80: command symbolically displays the contents of various network-related
81: data structures.
82: There are a number of output formats,
83: depending on the options for the information presented.
1.21 aaron 84: .Pp
1.1 deraadt 85: The first form of the command displays a list of active sockets for
86: each protocol.
87: The second form presents the contents of one of the other network
88: data structures according to the option selected.
89: Using the third form, with a
90: .Ar wait
91: interval specified,
1.21 aaron 92: .Nm
1.1 deraadt 93: will continuously display the information regarding packet
94: traffic on the configured network interfaces.
1.61 bluhm 95: The fourth form displays internals of the protocol control block (PCB)
96: and the socket structure.
1.46 jmc 97: The fifth form displays statistics about the named protocol.
98: The sixth form displays per interface statistics for
1.30 jmc 99: the specified address family.
1.43 jmc 100: The final form displays per interface statistics for
101: the specified wireless (802.11) device.
1.1 deraadt 102: .Pp
1.12 aaron 103: The options are as follows:
1.22 aaron 104: .Bl -tag -width Ds
1.1 deraadt 105: .It Fl A
1.76 jmc 106: Show the address of any protocol control blocks associated with sockets;
107: useful for debugging e.g. with the
1.45 jaredy 108: .Fl P
109: flag.
1.75 claudio 110: When used with the
1.76 jmc 111: .Fl r
112: flag it shows the internal addresses of the routing table.
113: Only the super-user can see these addresses;
114: unprivileged users will see them as 0x0.
1.1 deraadt 115: .It Fl a
116: With the default display,
117: show the state of all sockets; normally sockets used by
118: server processes are not shown.
1.63 jsing 119: .It Fl B
120: With the default display,
121: show buffer sizes for TCP sockets.
122: This includes the send window size, receive window size and congestion
123: window size.
1.24 camield 124: .It Fl b
1.34 jmc 125: With the interface display (options
126: .Fl I
127: or
1.24 camield 128: .Fl i ) ,
129: show bytes in and out, instead of packet statistics.
1.57 tedu 130: .It Fl c Ar count
131: Display
132: .Ar count
133: updates, then exit.
134: This option has no effect unless
135: .Fl w
136: is specified as well.
1.1 deraadt 137: .It Fl d
1.34 jmc 138: With either the interface display (options
139: .Fl I
140: or
141: .Fl i )
142: or an interval (option
143: .Fl w ) ,
1.84 dlg 144: show only the number of dropped packets.
145: .It Fl e
146: With either the interface display (options
147: .Fl I
148: or
149: .Fl i )
150: or an interval (option
151: .Fl w ) ,
152: show only the number of errors on the interface.
1.48 pyr 153: .It Fl F
154: When showing routes, only show routes whose gateway are in the
155: same address family as the destination.
1.16 aaron 156: .It Fl f Ar address_family
1.1 deraadt 157: Limit statistics or address control block reports to those
158: of the specified
1.12 aaron 159: .Ar address_family .
1.21 aaron 160: .Pp
161: The following address families are recognized:
1.65 jmc 162: .Bl -column "Address Family" "AF_APPLETA" "Description" -offset indent
1.21 aaron 163: .It Sy "Address Family" Ta Sy "Constant" Ta Sy "Description"
1.32 jmc 164: .It "inet" Ta Dv "AF_INET" Ta "IP Version 4"
165: .It "inet6" Ta Dv "AF_INET6" Ta "IP Version 6"
1.82 guenther 166: .It "local" Ta Dv "AF_UNIX" Ta "Alias for unix"
1.55 mk 167: .It "mpls" Ta Dv "AF_MPLS" Ta "MPLS"
1.32 jmc 168: .It "unix" Ta Dv "AF_UNIX" Ta "Local to Host (i.e., pipes)"
1.21 aaron 169: .El
1.68 tedu 170: .It Fl h
171: Use unit suffixes to reduce the number of digits shown with the
172: .Fl b
173: and
174: .Fl w
175: options.
1.1 deraadt 176: .It Fl g
177: Show information related to multicast (group address) routing.
1.34 jmc 178: By default, show the IP multicast virtual-interface and routing tables.
1.1 deraadt 179: If the
180: .Fl s
181: option is also present, show multicast routing statistics.
1.16 aaron 182: .It Fl I Ar interface
1.21 aaron 183: Show information about the specified
184: .Ar interface ;
1.1 deraadt 185: used with a
186: .Ar wait
187: interval as described below.
1.21 aaron 188: .Pp
1.19 itojun 189: If the
190: .Fl f Ar address_family
191: option (with the
192: .Fl s
1.30 jmc 193: option) is present, show per-interface
194: statistics on the given interface for the specified
195: .Ar address_family .
1.1 deraadt 196: .It Fl i
197: Show the state of interfaces which have been auto-configured
1.21 aaron 198: (interfaces statically configured into a system but not
199: located at boot-time are not shown).
200: .Pp
1.19 itojun 201: If the
202: .Fl f Ar address_family
203: option (with the
204: .Fl s
1.30 jmc 205: option) is present, show per-interface statistics on all interfaces
1.21 aaron 206: for the specified
1.30 jmc 207: .Ar address_family .
1.31 jmc 208: .It Fl l
1.81 benno 209: With the default display,
210: show only listening sockets.
1.31 jmc 211: With the
212: .Fl g
213: option, display wider fields for the IPv6 multicast routing table
214: .Qq Origin
215: and
216: .Qq Group
217: columns.
1.17 deraadt 218: .It Fl M Ar core
1.1 deraadt 219: Extract values associated with the name list from the specified core
1.27 miod 220: instead of the running kernel.
1.1 deraadt 221: .It Fl m
222: Show statistics recorded by the memory management routines
223: (the network manages a private pool of memory buffers).
1.17 deraadt 224: .It Fl N Ar system
1.27 miod 225: Extract the name list from the specified system instead of the running kernel.
1.1 deraadt 226: .It Fl n
227: Show network addresses as numbers (normally
1.21 aaron 228: .Nm
1.1 deraadt 229: interprets addresses and attempts to display them
230: symbolically).
231: This option may be used with any of the display formats.
1.45 jaredy 232: .It Fl P Ar pcbaddr
1.75 claudio 233: Display the contents of the protocol control block (PCB)
1.61 bluhm 234: located at the kernel virtual address
1.45 jaredy 235: .Ar pcbaddr .
236: PCB addresses can be obtained using the
237: .Fl A
238: flag.
1.61 bluhm 239: When used with the
240: .Fl v
241: option, also print socket, domain and protocol specific structures.
1.76 jmc 242: Only the super-user can use the
243: .Fl P
244: option.
1.80 jca 245: .Pp
246: The
247: .Fl P
248: option requires the ability to open
249: .Pa /dev/kmem
250: which may be restricted based upon the value of the
251: .Ar kern.allowkmem
252: .Xr sysctl 8 .
1.16 aaron 253: .It Fl p Ar protocol
1.35 markus 254: Restrict the output to
1.12 aaron 255: .Ar protocol ,
1.21 aaron 256: which is either a well-known name for a protocol or an alias for it.
257: Some protocol names and aliases are listed in the file
1.1 deraadt 258: .Pa /etc/protocols .
259: The program will complain if
260: .Ar protocol
1.35 markus 261: is unknown.
262: If the
263: .Fl s
264: option is specified, the per-protocol statistics are displayed.
265: Otherwise the states of the matching sockets are shown.
1.26 brian 266: .It Fl q
267: Only show interfaces that have seen packets (or bytes if
268: .Fl b
1.34 jmc 269: is specified).
1.1 deraadt 270: .It Fl r
271: Show the routing tables.
1.86 ! jmc 272: The output is explained in more detail below.
1.21 aaron 273: If the
1.1 deraadt 274: .Fl s
1.21 aaron 275: option is also specified, show routing statistics instead.
1.60 sobrado 276: When used with the
277: .Fl v
278: option, also print routing labels.
1.26 brian 279: .It Fl s
280: Show per-protocol statistics.
281: If this option is repeated, counters with a value of zero are suppressed.
1.83 kn 282: .It Fl T Ar rtable
1.67 mikeb 283: Select an alternate routing table to query.
284: The default is to use the current routing table.
1.31 jmc 285: .It Fl t
286: With the
287: .Fl i
288: option, display the current value of the watchdog timer function.
289: .It Fl u
290: Limit statistics or address control block reports to the
291: .Dv AF_UNIX
292: address family.
1.10 peter 293: .It Fl v
1.60 sobrado 294: Show extra (verbose) detail for the routing tables
295: .Pq Fl r ,
296: or avoid truncation of long addresses.
1.61 bluhm 297: When used with the
298: .Fl P
299: option, also print socket, domain and protocol specific structures.
1.42 reyk 300: .It Fl W Ar interface
301: (IEEE 802.11 devices only)
302: Show per-interface IEEE 802.11 wireless statistics.
1.1 deraadt 303: .It Fl w Ar wait
304: Show network interface statistics at intervals of
305: .Ar wait
306: seconds.
307: .El
308: .Pp
309: The default display, for active sockets, shows the local
310: and remote addresses, send and receive queue sizes (in bytes), protocol,
311: and the internal state of the protocol.
1.21 aaron 312: .Pp
313: Address formats are of the form
314: .Dq host.port
315: or
316: .Dq network.port
1.1 deraadt 317: if a socket's address specifies a network but no specific host address.
1.72 schwarze 318: When known, the host addresses are displayed symbolically
319: according to the
320: .Xr hosts 5
321: database.
1.21 aaron 322: If a symbolic name for an address is unknown, or if the
1.1 deraadt 323: .Fl n
324: option is specified, the address is printed numerically, according
325: to the address family.
1.21 aaron 326: .Pp
327: For more information regarding the Internet
328: .Dq dot format ,
1.1 deraadt 329: refer to
1.71 jmc 330: .Xr inet_ntop 3 .
1.34 jmc 331: Unspecified or
1.21 aaron 332: .Dq wildcard
333: addresses and ports appear as a single
1.34 jmc 334: .Sq * .
1.6 deraadt 335: If a local port number is registered as being in use for RPC by
1.12 aaron 336: .Xr portmap 8 ,
1.11 aaron 337: its RPC service name or RPC service number will be printed in
1.21 aaron 338: .Dq []
339: immediately after the port number.
1.1 deraadt 340: .Pp
341: The interface display provides a table of cumulative
342: statistics regarding packets transferred, errors, and collisions.
343: The network addresses of the interface
1.21 aaron 344: and the maximum transmission unit (MTU) are also displayed.
1.1 deraadt 345: .Pp
1.21 aaron 346: The routing table display indicates the available routes and their status.
347: Each route consists of a destination host or network and
348: a gateway to use in forwarding packets.
349: If the destination is a
350: network in numeric format, the netmask (in /24 style format) is appended.
351: The flags field shows a collection of information about
352: the route stored as binary choices.
353: The individual flags are discussed in more detail in the
1.1 deraadt 354: .Xr route 8
355: and
356: .Xr route 4
357: manual pages.
1.21 aaron 358: .Pp
1.1 deraadt 359: The mapping between letters and flags is:
1.66 jmc 360: .Bl -column "1" "RTF_BLACKHOLE" "Protocol specific routing flag #1."
361: .It 1 Ta RTF_PROTO1 Ta "Protocol specific routing flag #1."
362: .It 2 Ta RTF_PROTO2 Ta "Protocol specific routing flag #2."
363: .It 3 Ta RTF_PROTO3 Ta "Protocol specific routing flag #3."
364: .It B Ta RTF_BLACKHOLE Ta "Just discard pkts (during updates)."
1.70 mpi 365: .It b Ta RTF_BROADCAST Ta "Correspond to a local broadcast address."
1.66 jmc 366: .It C Ta RTF_CLONING Ta "Generate new routes on use."
367: .It c Ta RTF_CLONED Ta "Cloned routes (generated from RTF_CLONING)."
368: .It D Ta RTF_DYNAMIC Ta "Created dynamically (by redirect)."
1.79 bluhm 369: .It d Ta RTF_DONE Ta "Completed (for routing messages only)."
1.66 jmc 370: .It G Ta RTF_GATEWAY Ta "Destination requires forwarding by intermediary."
371: .It H Ta RTF_HOST Ta "Host entry (net otherwise)."
1.79 bluhm 372: .It h Ta RTF_CACHED Ta "Referenced by gateway route."
1.66 jmc 373: .It L Ta RTF_LLINFO Ta "Valid protocol to link address translation."
1.70 mpi 374: .It l Ta RTF_LOCAL Ta "Correspond to a local address."
1.66 jmc 375: .It M Ta RTF_MODIFIED Ta "Modified dynamically (by redirect)."
1.78 mpi 376: .It m Ta RTF_MULTICAST Ta "Correspond to a multicast address."
1.79 bluhm 377: .It n Ta RTF_CONNECTED Ta "Interface route."
1.66 jmc 378: .It P Ta RTF_MPATH Ta "Multipath route."
379: .It R Ta RTF_REJECT Ta "Host or net unreachable."
380: .It S Ta RTF_STATIC Ta "Manually added."
381: .It T Ta RTF_MPLS Ta "MPLS route."
382: .It U Ta RTF_UP Ta "Route usable."
1.1 deraadt 383: .El
384: .Pp
1.21 aaron 385: Direct routes are created for each interface attached to the local host;
1.1 deraadt 386: the gateway field for such entries shows the address of the outgoing interface.
1.21 aaron 387: The refcnt field gives the current number of active uses of the route.
388: Connection oriented protocols normally hold on to a single route for the
389: duration of a connection while connectionless protocols obtain a route while
390: sending to the same destination.
391: The use field provides a count of the number of packets sent using that route.
392: The MTU entry shows the MTU associated with that route.
393: This MTU value is used as the basis for the TCP maximum segment size (MSS).
1.34 jmc 394: The
395: .Sq L
396: flag appended to the MTU value indicates that the value is
397: locked, and that path MTU discovery is turned off for that route.
1.21 aaron 398: A
1.1 deraadt 399: .Sq -
1.12 aaron 400: indicates that the MTU for this route has not been set, and a default
1.21 aaron 401: TCP maximum segment size will be used.
402: The interface entry indicates the network interface utilized for the route.
1.1 deraadt 403: .Pp
404: When
1.21 aaron 405: .Nm
1.1 deraadt 406: is invoked with the
407: .Fl w
408: option and a
409: .Ar wait
410: interval argument, it displays a running count of statistics related to
411: network interfaces.
412: An obsolescent version of this option used a numeric parameter
413: with no option, and is currently supported for backward compatibility.
414: This display consists of a column for the primary interface (the first
415: interface found during autoconfiguration) and a column summarizing
416: information for all interfaces.
417: The primary interface may be replaced with another interface with the
418: .Fl I
419: option.
420: The first line of each screen of information contains a summary since the
1.21 aaron 421: system was last rebooted.
422: Subsequent lines of output show values accumulated over the preceding interval.
1.1 deraadt 423: .Sh SEE ALSO
1.47 jmc 424: .Xr fstat 1 ,
1.1 deraadt 425: .Xr nfsstat 1 ,
426: .Xr ps 1 ,
1.47 jmc 427: .Xr systat 1 ,
1.53 jmc 428: .Xr tcpbench 1 ,
1.47 jmc 429: .Xr top 1 ,
1.71 jmc 430: .Xr inet_ntop 3 ,
1.21 aaron 431: .Xr netintro 4 ,
1.34 jmc 432: .Xr route 4 ,
1.1 deraadt 433: .Xr hosts 5 ,
434: .Xr protocols 5 ,
435: .Xr services 5 ,
1.15 alex 436: .Xr iostat 8 ,
1.34 jmc 437: .Xr portmap 8 ,
1.47 jmc 438: .Xr pstat 8 ,
1.34 jmc 439: .Xr route 8 ,
1.40 jmc 440: .Xr tcpdrop 8 ,
1.1 deraadt 441: .Xr trpt 8 ,
442: .Xr vmstat 8
443: .Sh HISTORY
444: The
1.21 aaron 445: .Nm
1.1 deraadt 446: command appeared in
447: .Bx 4.2 .
1.62 schwarze 448: IPv6 support was added by the WIDE/KAME project.
1.1 deraadt 449: .Sh BUGS
450: The notion of errors is ill-defined.