Annotation of src/usr.bin/netstat/netstat.1, Revision 1.88
1.88 ! jmc 1: .\" $OpenBSD: netstat.1,v 1.87 2020/06/12 06:22:32 remi Exp $
1.1 deraadt 2: .\" $NetBSD: netstat.1,v 1.11 1995/10/03 21:42:43 thorpej Exp $
3: .\"
4: .\" Copyright (c) 1983, 1990, 1992, 1993
5: .\" The Regents of the University of California. All rights reserved.
6: .\"
7: .\" Redistribution and use in source and binary forms, with or without
8: .\" modification, are permitted provided that the following conditions
9: .\" are met:
10: .\" 1. Redistributions of source code must retain the above copyright
11: .\" notice, this list of conditions and the following disclaimer.
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in the
14: .\" documentation and/or other materials provided with the distribution.
1.29 millert 15: .\" 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 16: .\" may be used to endorse or promote products derived from this software
17: .\" without specific prior written permission.
18: .\"
19: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29: .\" SUCH DAMAGE.
30: .\"
31: .\" from: @(#)netstat.1 8.8 (Berkeley) 4/18/94
32: .\"
1.88 ! jmc 33: .Dd $Mdocdate: June 12 2020 $
1.1 deraadt 34: .Dt NETSTAT 1
1.16 aaron 35: .Os
1.1 deraadt 36: .Sh NAME
37: .Nm netstat
38: .Nd show network status
39: .Sh SYNOPSIS
1.85 jmc 40: .Nm
1.81 benno 41: .Op Fl AaBln
1.1 deraadt 42: .Op Fl M Ar core
43: .Op Fl N Ar system
1.59 blambert 44: .Op Fl p Ar protocol
1.83 kn 45: .Op Fl T Ar rtable
1.85 jmc 46: .Nm
1.88 ! jmc 47: .Fl W Ar interface
! 48: .Nm
! 49: .Fl m
! 50: .Nm
! 51: .Fl I Ar interface | Fl i
! 52: .Op Fl bdehnqt
! 53: .Nm
! 54: .Fl w Ar wait
! 55: .Op Fl bdehnqt
1.57 tedu 56: .Op Fl c Ar count
1.1 deraadt 57: .Op Fl I Ar interface
1.88 ! jmc 58: .Nm
! 59: .Fl s
! 60: .Op Fl gru
! 61: .Op Fl f Ar address_family
! 62: .Op Fl p Ar protocol
! 63: .Nm
! 64: .Fl g
! 65: .Op Fl lnu
! 66: .Op Fl f Ar address_family
! 67: .Nm
! 68: .Fl R
! 69: .Nm
! 70: .Fl r
! 71: .Op Fl AFu
! 72: .Op Fl f Ar address_family
1.1 deraadt 73: .Op Fl M Ar core
74: .Op Fl N Ar system
1.88 ! jmc 75: .Op Fl p Ar protocol
! 76: .Op Fl T Ar rtable
1.85 jmc 77: .Nm
1.88 ! jmc 78: .Fl P Ar pcbaddr
1.61 bluhm 79: .Op Fl v
1.45 jaredy 80: .Op Fl M Ar core
81: .Op Fl N Ar system
1.1 deraadt 82: .Sh DESCRIPTION
83: The
1.21 aaron 84: .Nm
1.88 ! jmc 85: command shows various aspects of network status.
! 86: The default display shows information about
! 87: all active network connections and sockets.
1.21 aaron 88: .Pp
1.1 deraadt 89: The first form of the command displays a list of active sockets for
90: each protocol.
1.88 ! jmc 91: The second form displays per-interface statistics for
! 92: the specified wireless (802.11) device.
! 93: The third form displays statistics related to memory use.
! 94: The fourth form displays per-interface statistics.
! 95: The fifth form continuously displays the information regarding packet
1.1 deraadt 96: traffic on the configured network interfaces.
1.88 ! jmc 97: The sixth form displays per-protocol statistics.
! 98: The seventh form shows information related to multicast routing.
! 99: The eighth form displays information about routing domains.
! 100: The ninth form displays information about routing tables.
! 101: The final form displays internals of the protocol control block (PCB)
1.61 bluhm 102: and the socket structure.
1.88 ! jmc 103: The forms are shown in order of precedence:
! 104: for example, if
! 105: .Fl rg
! 106: is specified,
! 107: then
! 108: .Fl r
! 109: is ignored in favour of
! 110: .Fl g .
1.1 deraadt 111: .Pp
1.12 aaron 112: The options are as follows:
1.22 aaron 113: .Bl -tag -width Ds
1.1 deraadt 114: .It Fl A
1.76 jmc 115: Show the address of any protocol control blocks associated with sockets;
116: useful for debugging e.g. with the
1.45 jaredy 117: .Fl P
118: flag.
1.75 claudio 119: When used with the
1.76 jmc 120: .Fl r
121: flag it shows the internal addresses of the routing table.
122: Only the super-user can see these addresses;
123: unprivileged users will see them as 0x0.
1.1 deraadt 124: .It Fl a
125: With the default display,
126: show the state of all sockets; normally sockets used by
127: server processes are not shown.
1.63 jsing 128: .It Fl B
129: With the default display,
130: show buffer sizes for TCP sockets.
131: This includes the send window size, receive window size and congestion
132: window size.
1.24 camield 133: .It Fl b
1.34 jmc 134: With the interface display (options
135: .Fl I
136: or
1.24 camield 137: .Fl i ) ,
138: show bytes in and out, instead of packet statistics.
1.57 tedu 139: .It Fl c Ar count
140: Display
141: .Ar count
142: updates, then exit.
143: This option has no effect unless
144: .Fl w
145: is specified as well.
1.1 deraadt 146: .It Fl d
1.34 jmc 147: With either the interface display (options
148: .Fl I
149: or
150: .Fl i )
151: or an interval (option
152: .Fl w ) ,
1.84 dlg 153: show only the number of dropped packets.
154: .It Fl e
155: With either the interface display (options
156: .Fl I
157: or
158: .Fl i )
159: or an interval (option
160: .Fl w ) ,
161: show only the number of errors on the interface.
1.48 pyr 162: .It Fl F
163: When showing routes, only show routes whose gateway are in the
164: same address family as the destination.
1.16 aaron 165: .It Fl f Ar address_family
1.1 deraadt 166: Limit statistics or address control block reports to those
167: of the specified
1.12 aaron 168: .Ar address_family .
1.21 aaron 169: .Pp
170: The following address families are recognized:
1.65 jmc 171: .Bl -column "Address Family" "AF_APPLETA" "Description" -offset indent
1.21 aaron 172: .It Sy "Address Family" Ta Sy "Constant" Ta Sy "Description"
1.32 jmc 173: .It "inet" Ta Dv "AF_INET" Ta "IP Version 4"
174: .It "inet6" Ta Dv "AF_INET6" Ta "IP Version 6"
1.82 guenther 175: .It "local" Ta Dv "AF_UNIX" Ta "Alias for unix"
1.55 mk 176: .It "mpls" Ta Dv "AF_MPLS" Ta "MPLS"
1.32 jmc 177: .It "unix" Ta Dv "AF_UNIX" Ta "Local to Host (i.e., pipes)"
1.21 aaron 178: .El
1.68 tedu 179: .It Fl h
180: Use unit suffixes to reduce the number of digits shown with the
181: .Fl b
182: and
183: .Fl w
184: options.
1.1 deraadt 185: .It Fl g
186: Show information related to multicast (group address) routing.
1.34 jmc 187: By default, show the IP multicast virtual-interface and routing tables.
1.1 deraadt 188: If the
189: .Fl s
190: option is also present, show multicast routing statistics.
1.16 aaron 191: .It Fl I Ar interface
1.21 aaron 192: Show information about the specified
193: .Ar interface ;
1.1 deraadt 194: used with a
195: .Ar wait
196: interval as described below.
1.21 aaron 197: .Pp
1.19 itojun 198: If the
199: .Fl f Ar address_family
200: option (with the
201: .Fl s
1.30 jmc 202: option) is present, show per-interface
203: statistics on the given interface for the specified
204: .Ar address_family .
1.1 deraadt 205: .It Fl i
206: Show the state of interfaces which have been auto-configured
1.21 aaron 207: (interfaces statically configured into a system but not
208: located at boot-time are not shown).
209: .Pp
1.19 itojun 210: If the
211: .Fl f Ar address_family
212: option (with the
213: .Fl s
1.30 jmc 214: option) is present, show per-interface statistics on all interfaces
1.21 aaron 215: for the specified
1.30 jmc 216: .Ar address_family .
1.31 jmc 217: .It Fl l
1.81 benno 218: With the default display,
219: show only listening sockets.
1.31 jmc 220: With the
221: .Fl g
222: option, display wider fields for the IPv6 multicast routing table
223: .Qq Origin
224: and
225: .Qq Group
226: columns.
1.17 deraadt 227: .It Fl M Ar core
1.1 deraadt 228: Extract values associated with the name list from the specified core
1.27 miod 229: instead of the running kernel.
1.1 deraadt 230: .It Fl m
231: Show statistics recorded by the memory management routines
232: (the network manages a private pool of memory buffers).
1.17 deraadt 233: .It Fl N Ar system
1.27 miod 234: Extract the name list from the specified system instead of the running kernel.
1.1 deraadt 235: .It Fl n
236: Show network addresses as numbers (normally
1.21 aaron 237: .Nm
1.1 deraadt 238: interprets addresses and attempts to display them
239: symbolically).
240: This option may be used with any of the display formats.
1.45 jaredy 241: .It Fl P Ar pcbaddr
1.75 claudio 242: Display the contents of the protocol control block (PCB)
1.61 bluhm 243: located at the kernel virtual address
1.45 jaredy 244: .Ar pcbaddr .
245: PCB addresses can be obtained using the
246: .Fl A
247: flag.
1.61 bluhm 248: When used with the
249: .Fl v
250: option, also print socket, domain and protocol specific structures.
1.76 jmc 251: Only the super-user can use the
252: .Fl P
253: option.
1.80 jca 254: .Pp
255: The
256: .Fl P
257: option requires the ability to open
258: .Pa /dev/kmem
259: which may be restricted based upon the value of the
260: .Ar kern.allowkmem
261: .Xr sysctl 8 .
1.16 aaron 262: .It Fl p Ar protocol
1.35 markus 263: Restrict the output to
1.12 aaron 264: .Ar protocol ,
1.21 aaron 265: which is either a well-known name for a protocol or an alias for it.
266: Some protocol names and aliases are listed in the file
1.1 deraadt 267: .Pa /etc/protocols .
268: The program will complain if
269: .Ar protocol
1.35 markus 270: is unknown.
271: If the
272: .Fl s
273: option is specified, the per-protocol statistics are displayed.
274: Otherwise the states of the matching sockets are shown.
1.26 brian 275: .It Fl q
276: Only show interfaces that have seen packets (or bytes if
277: .Fl b
1.34 jmc 278: is specified).
1.87 remi 279: .It Fl R
280: List all rdomains with associated interfaces and routing tables.
1.1 deraadt 281: .It Fl r
282: Show the routing tables.
1.86 jmc 283: The output is explained in more detail below.
1.21 aaron 284: If the
1.1 deraadt 285: .Fl s
1.21 aaron 286: option is also specified, show routing statistics instead.
1.60 sobrado 287: When used with the
288: .Fl v
289: option, also print routing labels.
1.26 brian 290: .It Fl s
291: Show per-protocol statistics.
292: If this option is repeated, counters with a value of zero are suppressed.
1.83 kn 293: .It Fl T Ar rtable
1.67 mikeb 294: Select an alternate routing table to query.
295: The default is to use the current routing table.
1.31 jmc 296: .It Fl t
297: With the
298: .Fl i
299: option, display the current value of the watchdog timer function.
300: .It Fl u
301: Limit statistics or address control block reports to the
302: .Dv AF_UNIX
303: address family.
1.10 peter 304: .It Fl v
1.60 sobrado 305: Show extra (verbose) detail for the routing tables
306: .Pq Fl r ,
307: or avoid truncation of long addresses.
1.61 bluhm 308: When used with the
309: .Fl P
310: option, also print socket, domain and protocol specific structures.
1.42 reyk 311: .It Fl W Ar interface
312: (IEEE 802.11 devices only)
313: Show per-interface IEEE 802.11 wireless statistics.
1.1 deraadt 314: .It Fl w Ar wait
315: Show network interface statistics at intervals of
316: .Ar wait
317: seconds.
318: .El
1.21 aaron 319: .Pp
320: Address formats are of the form
321: .Dq host.port
322: or
323: .Dq network.port
1.1 deraadt 324: if a socket's address specifies a network but no specific host address.
1.72 schwarze 325: When known, the host addresses are displayed symbolically
326: according to the
327: .Xr hosts 5
328: database.
1.21 aaron 329: If a symbolic name for an address is unknown, or if the
1.1 deraadt 330: .Fl n
331: option is specified, the address is printed numerically, according
332: to the address family.
1.21 aaron 333: .Pp
334: For more information regarding the Internet
335: .Dq dot format ,
1.1 deraadt 336: refer to
1.71 jmc 337: .Xr inet_ntop 3 .
1.34 jmc 338: Unspecified or
1.21 aaron 339: .Dq wildcard
340: addresses and ports appear as a single
1.34 jmc 341: .Sq * .
1.6 deraadt 342: If a local port number is registered as being in use for RPC by
1.12 aaron 343: .Xr portmap 8 ,
1.11 aaron 344: its RPC service name or RPC service number will be printed in
1.21 aaron 345: .Dq []
346: immediately after the port number.
1.1 deraadt 347: .Pp
348: The interface display provides a table of cumulative
349: statistics regarding packets transferred, errors, and collisions.
350: The network addresses of the interface
1.21 aaron 351: and the maximum transmission unit (MTU) are also displayed.
1.1 deraadt 352: .Pp
1.21 aaron 353: The routing table display indicates the available routes and their status.
354: Each route consists of a destination host or network and
355: a gateway to use in forwarding packets.
356: If the destination is a
357: network in numeric format, the netmask (in /24 style format) is appended.
358: The flags field shows a collection of information about
359: the route stored as binary choices.
360: The individual flags are discussed in more detail in the
1.1 deraadt 361: .Xr route 8
362: and
363: .Xr route 4
364: manual pages.
1.21 aaron 365: .Pp
1.1 deraadt 366: The mapping between letters and flags is:
1.66 jmc 367: .Bl -column "1" "RTF_BLACKHOLE" "Protocol specific routing flag #1."
368: .It 1 Ta RTF_PROTO1 Ta "Protocol specific routing flag #1."
369: .It 2 Ta RTF_PROTO2 Ta "Protocol specific routing flag #2."
370: .It 3 Ta RTF_PROTO3 Ta "Protocol specific routing flag #3."
371: .It B Ta RTF_BLACKHOLE Ta "Just discard pkts (during updates)."
1.70 mpi 372: .It b Ta RTF_BROADCAST Ta "Correspond to a local broadcast address."
1.66 jmc 373: .It C Ta RTF_CLONING Ta "Generate new routes on use."
374: .It c Ta RTF_CLONED Ta "Cloned routes (generated from RTF_CLONING)."
375: .It D Ta RTF_DYNAMIC Ta "Created dynamically (by redirect)."
1.79 bluhm 376: .It d Ta RTF_DONE Ta "Completed (for routing messages only)."
1.66 jmc 377: .It G Ta RTF_GATEWAY Ta "Destination requires forwarding by intermediary."
378: .It H Ta RTF_HOST Ta "Host entry (net otherwise)."
1.79 bluhm 379: .It h Ta RTF_CACHED Ta "Referenced by gateway route."
1.66 jmc 380: .It L Ta RTF_LLINFO Ta "Valid protocol to link address translation."
1.70 mpi 381: .It l Ta RTF_LOCAL Ta "Correspond to a local address."
1.66 jmc 382: .It M Ta RTF_MODIFIED Ta "Modified dynamically (by redirect)."
1.78 mpi 383: .It m Ta RTF_MULTICAST Ta "Correspond to a multicast address."
1.79 bluhm 384: .It n Ta RTF_CONNECTED Ta "Interface route."
1.66 jmc 385: .It P Ta RTF_MPATH Ta "Multipath route."
386: .It R Ta RTF_REJECT Ta "Host or net unreachable."
387: .It S Ta RTF_STATIC Ta "Manually added."
388: .It T Ta RTF_MPLS Ta "MPLS route."
389: .It U Ta RTF_UP Ta "Route usable."
1.1 deraadt 390: .El
391: .Pp
1.21 aaron 392: Direct routes are created for each interface attached to the local host;
1.1 deraadt 393: the gateway field for such entries shows the address of the outgoing interface.
1.21 aaron 394: The refcnt field gives the current number of active uses of the route.
395: Connection oriented protocols normally hold on to a single route for the
396: duration of a connection while connectionless protocols obtain a route while
397: sending to the same destination.
398: The use field provides a count of the number of packets sent using that route.
399: The MTU entry shows the MTU associated with that route.
400: This MTU value is used as the basis for the TCP maximum segment size (MSS).
1.34 jmc 401: The
402: .Sq L
403: flag appended to the MTU value indicates that the value is
404: locked, and that path MTU discovery is turned off for that route.
1.21 aaron 405: A
1.1 deraadt 406: .Sq -
1.12 aaron 407: indicates that the MTU for this route has not been set, and a default
1.21 aaron 408: TCP maximum segment size will be used.
409: The interface entry indicates the network interface utilized for the route.
1.1 deraadt 410: .Pp
411: When
1.21 aaron 412: .Nm
1.1 deraadt 413: is invoked with the
414: .Fl w
415: option and a
416: .Ar wait
417: interval argument, it displays a running count of statistics related to
418: network interfaces.
419: An obsolescent version of this option used a numeric parameter
420: with no option, and is currently supported for backward compatibility.
421: This display consists of a column for the primary interface (the first
422: interface found during autoconfiguration) and a column summarizing
423: information for all interfaces.
424: The primary interface may be replaced with another interface with the
425: .Fl I
426: option.
427: The first line of each screen of information contains a summary since the
1.21 aaron 428: system was last rebooted.
429: Subsequent lines of output show values accumulated over the preceding interval.
1.1 deraadt 430: .Sh SEE ALSO
1.47 jmc 431: .Xr fstat 1 ,
1.1 deraadt 432: .Xr nfsstat 1 ,
433: .Xr ps 1 ,
1.47 jmc 434: .Xr systat 1 ,
1.53 jmc 435: .Xr tcpbench 1 ,
1.47 jmc 436: .Xr top 1 ,
1.71 jmc 437: .Xr inet_ntop 3 ,
1.21 aaron 438: .Xr netintro 4 ,
1.34 jmc 439: .Xr route 4 ,
1.1 deraadt 440: .Xr hosts 5 ,
441: .Xr protocols 5 ,
442: .Xr services 5 ,
1.15 alex 443: .Xr iostat 8 ,
1.34 jmc 444: .Xr portmap 8 ,
1.47 jmc 445: .Xr pstat 8 ,
1.34 jmc 446: .Xr route 8 ,
1.40 jmc 447: .Xr tcpdrop 8 ,
1.1 deraadt 448: .Xr trpt 8 ,
449: .Xr vmstat 8
450: .Sh HISTORY
451: The
1.21 aaron 452: .Nm
1.1 deraadt 453: command appeared in
454: .Bx 4.2 .
1.62 schwarze 455: IPv6 support was added by the WIDE/KAME project.
1.1 deraadt 456: .Sh BUGS
457: The notion of errors is ill-defined.