Annotation of src/usr.bin/netstat/netstat.1, Revision 1.94
1.94 ! claudio 1: .\" $OpenBSD: netstat.1,v 1.93 2022/03/31 17:27:26 naddy Exp $
1.1 deraadt 2: .\" $NetBSD: netstat.1,v 1.11 1995/10/03 21:42:43 thorpej Exp $
3: .\"
4: .\" Copyright (c) 1983, 1990, 1992, 1993
5: .\" The Regents of the University of California. All rights reserved.
6: .\"
7: .\" Redistribution and use in source and binary forms, with or without
8: .\" modification, are permitted provided that the following conditions
9: .\" are met:
10: .\" 1. Redistributions of source code must retain the above copyright
11: .\" notice, this list of conditions and the following disclaimer.
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in the
14: .\" documentation and/or other materials provided with the distribution.
1.29 millert 15: .\" 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 16: .\" may be used to endorse or promote products derived from this software
17: .\" without specific prior written permission.
18: .\"
19: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29: .\" SUCH DAMAGE.
30: .\"
31: .\" from: @(#)netstat.1 8.8 (Berkeley) 4/18/94
32: .\"
1.94 ! claudio 33: .Dd $Mdocdate: March 31 2022 $
1.1 deraadt 34: .Dt NETSTAT 1
1.16 aaron 35: .Os
1.1 deraadt 36: .Sh NAME
37: .Nm netstat
38: .Nd show network status
39: .Sh SYNOPSIS
1.85 jmc 40: .Nm
1.81 benno 41: .Op Fl AaBln
1.1 deraadt 42: .Op Fl M Ar core
43: .Op Fl N Ar system
1.59 blambert 44: .Op Fl p Ar protocol
1.83 kn 45: .Op Fl T Ar rtable
1.85 jmc 46: .Nm
1.88 jmc 47: .Fl W Ar interface
48: .Nm
49: .Fl m
50: .Nm
51: .Fl I Ar interface | Fl i
52: .Op Fl bdehnqt
53: .Nm
54: .Fl w Ar wait
55: .Op Fl bdehnqt
1.57 tedu 56: .Op Fl c Ar count
1.1 deraadt 57: .Op Fl I Ar interface
1.88 jmc 58: .Nm
59: .Fl s
60: .Op Fl gru
61: .Op Fl f Ar address_family
62: .Op Fl p Ar protocol
63: .Nm
64: .Fl g
65: .Op Fl lnu
66: .Op Fl f Ar address_family
67: .Nm
68: .Fl R
69: .Nm
70: .Fl r
71: .Op Fl AFu
72: .Op Fl f Ar address_family
1.1 deraadt 73: .Op Fl M Ar core
74: .Op Fl N Ar system
1.88 jmc 75: .Op Fl p Ar protocol
76: .Op Fl T Ar rtable
1.85 jmc 77: .Nm
1.88 jmc 78: .Fl P Ar pcbaddr
1.61 bluhm 79: .Op Fl v
1.45 jaredy 80: .Op Fl M Ar core
81: .Op Fl N Ar system
1.1 deraadt 82: .Sh DESCRIPTION
83: The
1.21 aaron 84: .Nm
1.88 jmc 85: command shows various aspects of network status.
86: The default display shows information about
87: all active network connections and sockets.
1.21 aaron 88: .Pp
1.1 deraadt 89: The first form of the command displays a list of active sockets for
90: each protocol.
1.88 jmc 91: The second form displays per-interface statistics for
92: the specified wireless (802.11) device.
93: The third form displays statistics related to memory use.
94: The fourth form displays per-interface statistics.
95: The fifth form continuously displays the information regarding packet
1.1 deraadt 96: traffic on the configured network interfaces.
1.88 jmc 97: The sixth form displays per-protocol statistics.
98: The seventh form shows information related to multicast routing.
99: The eighth form displays information about routing domains.
100: The ninth form displays information about routing tables.
101: The final form displays internals of the protocol control block (PCB)
1.61 bluhm 102: and the socket structure.
1.88 jmc 103: The forms are shown in order of precedence:
104: for example, if
105: .Fl rg
106: is specified,
107: then
108: .Fl r
109: is ignored in favour of
110: .Fl g .
1.1 deraadt 111: .Pp
1.12 aaron 112: The options are as follows:
1.22 aaron 113: .Bl -tag -width Ds
1.1 deraadt 114: .It Fl A
1.76 jmc 115: Show the address of any protocol control blocks associated with sockets;
116: useful for debugging e.g. with the
1.45 jaredy 117: .Fl P
118: flag.
1.75 claudio 119: When used with the
1.76 jmc 120: .Fl r
1.93 naddy 121: flag, it shows the internal addresses of the routing table.
1.76 jmc 122: Only the super-user can see these addresses;
123: unprivileged users will see them as 0x0.
1.1 deraadt 124: .It Fl a
125: With the default display,
126: show the state of all sockets; normally sockets used by
127: server processes are not shown.
1.63 jsing 128: .It Fl B
129: With the default display,
130: show buffer sizes for TCP sockets.
131: This includes the send window size, receive window size and congestion
132: window size.
1.24 camield 133: .It Fl b
1.34 jmc 134: With the interface display (options
135: .Fl I
136: or
1.24 camield 137: .Fl i ) ,
138: show bytes in and out, instead of packet statistics.
1.57 tedu 139: .It Fl c Ar count
140: Display
141: .Ar count
142: updates, then exit.
143: This option has no effect unless
144: .Fl w
145: is specified as well.
1.1 deraadt 146: .It Fl d
1.34 jmc 147: With either the interface display (options
148: .Fl I
149: or
150: .Fl i )
151: or an interval (option
152: .Fl w ) ,
1.84 dlg 153: show only the number of dropped packets.
154: .It Fl e
155: With either the interface display (options
156: .Fl I
157: or
158: .Fl i )
159: or an interval (option
160: .Fl w ) ,
161: show only the number of errors on the interface.
1.48 pyr 162: .It Fl F
163: When showing routes, only show routes whose gateway are in the
164: same address family as the destination.
1.16 aaron 165: .It Fl f Ar address_family
1.1 deraadt 166: Limit statistics or address control block reports to those
167: of the specified
1.12 aaron 168: .Ar address_family .
1.21 aaron 169: .Pp
170: The following address families are recognized:
1.92 schwarze 171: .Bl -column "Address Family" AF_INET6 Description -offset indent
172: .It Sy Address Family Ta Sy Constant Ta Sy Description
173: .It Cm inet Ta Dv AF_INET Ta IP Version 4
174: .It Cm inet6 Ta Dv AF_INET6 Ta IP Version 6
175: .It Cm local Ta Dv AF_UNIX Ta Alias for Cm unix
176: .It Cm mpls Ta Dv AF_MPLS Ta MPLS
177: .It Cm unix Ta Dv AF_UNIX Ta Local to Host (i.e., pipes)
1.21 aaron 178: .El
1.68 tedu 179: .It Fl h
180: Use unit suffixes to reduce the number of digits shown with the
181: .Fl b
182: and
183: .Fl w
184: options.
1.1 deraadt 185: .It Fl g
186: Show information related to multicast (group address) routing.
1.34 jmc 187: By default, show the IP multicast virtual-interface and routing tables.
1.1 deraadt 188: If the
189: .Fl s
190: option is also present, show multicast routing statistics.
1.16 aaron 191: .It Fl I Ar interface
1.21 aaron 192: Show information about the specified
193: .Ar interface ;
1.1 deraadt 194: used with a
195: .Ar wait
196: interval as described below.
197: .It Fl i
198: Show the state of interfaces which have been auto-configured
1.21 aaron 199: (interfaces statically configured into a system but not
200: located at boot-time are not shown).
1.31 jmc 201: .It Fl l
1.81 benno 202: With the default display,
203: show only listening sockets.
1.31 jmc 204: With the
205: .Fl g
206: option, display wider fields for the IPv6 multicast routing table
207: .Qq Origin
208: and
209: .Qq Group
210: columns.
1.17 deraadt 211: .It Fl M Ar core
1.1 deraadt 212: Extract values associated with the name list from the specified core
1.27 miod 213: instead of the running kernel.
1.1 deraadt 214: .It Fl m
215: Show statistics recorded by the memory management routines
216: (the network manages a private pool of memory buffers).
1.17 deraadt 217: .It Fl N Ar system
1.27 miod 218: Extract the name list from the specified system instead of the running kernel.
1.1 deraadt 219: .It Fl n
220: Show network addresses as numbers (normally
1.21 aaron 221: .Nm
1.1 deraadt 222: interprets addresses and attempts to display them
223: symbolically).
224: This option may be used with any of the display formats.
1.45 jaredy 225: .It Fl P Ar pcbaddr
1.75 claudio 226: Display the contents of the protocol control block (PCB)
1.61 bluhm 227: located at the kernel virtual address
1.45 jaredy 228: .Ar pcbaddr .
229: PCB addresses can be obtained using the
230: .Fl A
231: flag.
1.61 bluhm 232: When used with the
233: .Fl v
234: option, also print socket, domain and protocol specific structures.
1.76 jmc 235: Only the super-user can use the
236: .Fl P
237: option.
1.80 jca 238: .Pp
239: The
240: .Fl P
241: option requires the ability to open
242: .Pa /dev/kmem
243: which may be restricted based upon the value of the
244: .Ar kern.allowkmem
245: .Xr sysctl 8 .
1.16 aaron 246: .It Fl p Ar protocol
1.35 markus 247: Restrict the output to
1.12 aaron 248: .Ar protocol ,
1.21 aaron 249: which is either a well-known name for a protocol or an alias for it.
250: Some protocol names and aliases are listed in the file
1.1 deraadt 251: .Pa /etc/protocols .
252: The program will complain if
253: .Ar protocol
1.35 markus 254: is unknown.
255: If the
256: .Fl s
257: option is specified, the per-protocol statistics are displayed.
258: Otherwise the states of the matching sockets are shown.
1.26 brian 259: .It Fl q
260: Only show interfaces that have seen packets (or bytes if
261: .Fl b
1.34 jmc 262: is specified).
1.87 remi 263: .It Fl R
264: List all rdomains with associated interfaces and routing tables.
1.1 deraadt 265: .It Fl r
266: Show the routing tables.
1.86 jmc 267: The output is explained in more detail below.
1.21 aaron 268: If the
1.1 deraadt 269: .Fl s
1.21 aaron 270: option is also specified, show routing statistics instead.
1.60 sobrado 271: When used with the
272: .Fl v
273: option, also print routing labels.
1.26 brian 274: .It Fl s
275: Show per-protocol statistics.
276: If this option is repeated, counters with a value of zero are suppressed.
1.83 kn 277: .It Fl T Ar rtable
1.67 mikeb 278: Select an alternate routing table to query.
279: The default is to use the current routing table.
1.31 jmc 280: .It Fl t
281: With the
282: .Fl i
283: option, display the current value of the watchdog timer function.
284: .It Fl u
285: Limit statistics or address control block reports to the
286: .Dv AF_UNIX
287: address family.
1.10 peter 288: .It Fl v
1.60 sobrado 289: Show extra (verbose) detail for the routing tables
290: .Pq Fl r ,
291: or avoid truncation of long addresses.
1.61 bluhm 292: When used with the
293: .Fl P
294: option, also print socket, domain and protocol specific structures.
1.42 reyk 295: .It Fl W Ar interface
296: (IEEE 802.11 devices only)
297: Show per-interface IEEE 802.11 wireless statistics.
1.1 deraadt 298: .It Fl w Ar wait
299: Show network interface statistics at intervals of
300: .Ar wait
301: seconds.
302: .El
1.21 aaron 303: .Pp
304: Address formats are of the form
305: .Dq host.port
306: or
307: .Dq network.port
1.1 deraadt 308: if a socket's address specifies a network but no specific host address.
1.72 schwarze 309: When known, the host addresses are displayed symbolically
310: according to the
311: .Xr hosts 5
312: database.
1.21 aaron 313: If a symbolic name for an address is unknown, or if the
1.1 deraadt 314: .Fl n
315: option is specified, the address is printed numerically, according
316: to the address family.
1.21 aaron 317: .Pp
318: For more information regarding the Internet
319: .Dq dot format ,
1.1 deraadt 320: refer to
1.71 jmc 321: .Xr inet_ntop 3 .
1.34 jmc 322: Unspecified or
1.21 aaron 323: .Dq wildcard
324: addresses and ports appear as a single
1.34 jmc 325: .Sq * .
1.6 deraadt 326: If a local port number is registered as being in use for RPC by
1.12 aaron 327: .Xr portmap 8 ,
1.11 aaron 328: its RPC service name or RPC service number will be printed in
1.21 aaron 329: .Dq []
330: immediately after the port number.
1.1 deraadt 331: .Pp
332: The interface display provides a table of cumulative
333: statistics regarding packets transferred, errors, and collisions.
334: The network addresses of the interface
1.21 aaron 335: and the maximum transmission unit (MTU) are also displayed.
1.1 deraadt 336: .Pp
1.21 aaron 337: The routing table display indicates the available routes and their status.
338: Each route consists of a destination host or network and
339: a gateway to use in forwarding packets.
340: If the destination is a
341: network in numeric format, the netmask (in /24 style format) is appended.
342: The flags field shows a collection of information about
343: the route stored as binary choices.
344: The individual flags are discussed in more detail in the
1.1 deraadt 345: .Xr route 8
346: and
347: .Xr route 4
348: manual pages.
1.21 aaron 349: .Pp
1.1 deraadt 350: The mapping between letters and flags is:
1.66 jmc 351: .Bl -column "1" "RTF_BLACKHOLE" "Protocol specific routing flag #1."
1.91 kn 352: .It 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1."
353: .It 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2."
354: .It 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3."
355: .It B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)."
356: .It b Ta Dv RTF_BROADCAST Ta "Correspond to a local broadcast address."
357: .It C Ta Dv RTF_CLONING Ta "Generate new routes on use."
358: .It c Ta Dv RTF_CLONED Ta "Cloned routes (generated from RTF_CLONING)."
359: .It D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)."
360: .It G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary."
361: .It H Ta Dv RTF_HOST Ta "Host entry (net otherwise)."
362: .It h Ta Dv RTF_CACHED Ta "Referenced by gateway route."
363: .It L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation."
364: .It l Ta Dv RTF_LOCAL Ta "Correspond to a local address."
365: .It M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)."
366: .It m Ta Dv RTF_MULTICAST Ta "Correspond to a multicast address."
367: .It n Ta Dv RTF_CONNECTED Ta "Interface route."
368: .It P Ta Dv RTF_MPATH Ta "Multipath route."
369: .It R Ta Dv RTF_REJECT Ta "Host or net unreachable."
370: .It S Ta Dv RTF_STATIC Ta "Manually added."
371: .It T Ta Dv RTF_MPLS Ta "MPLS route."
372: .It U Ta Dv RTF_UP Ta "Route usable."
1.1 deraadt 373: .El
374: .Pp
1.21 aaron 375: Direct routes are created for each interface attached to the local host;
1.1 deraadt 376: the gateway field for such entries shows the address of the outgoing interface.
1.21 aaron 377: The refcnt field gives the current number of active uses of the route.
378: Connection oriented protocols normally hold on to a single route for the
379: duration of a connection while connectionless protocols obtain a route while
380: sending to the same destination.
381: The use field provides a count of the number of packets sent using that route.
382: The MTU entry shows the MTU associated with that route.
383: This MTU value is used as the basis for the TCP maximum segment size (MSS).
1.34 jmc 384: The
385: .Sq L
386: flag appended to the MTU value indicates that the value is
387: locked, and that path MTU discovery is turned off for that route.
1.21 aaron 388: A
1.1 deraadt 389: .Sq -
1.12 aaron 390: indicates that the MTU for this route has not been set, and a default
1.21 aaron 391: TCP maximum segment size will be used.
392: The interface entry indicates the network interface utilized for the route.
1.1 deraadt 393: .Pp
394: When
1.21 aaron 395: .Nm
1.1 deraadt 396: is invoked with the
397: .Fl w
398: option and a
399: .Ar wait
400: interval argument, it displays a running count of statistics related to
401: network interfaces.
402: An obsolescent version of this option used a numeric parameter
403: with no option, and is currently supported for backward compatibility.
404: This display consists of a column for the primary interface (the first
405: interface found during autoconfiguration) and a column summarizing
406: information for all interfaces.
407: The primary interface may be replaced with another interface with the
408: .Fl I
409: option.
410: The first line of each screen of information contains a summary since the
1.21 aaron 411: system was last rebooted.
412: Subsequent lines of output show values accumulated over the preceding interval.
1.1 deraadt 413: .Sh SEE ALSO
1.47 jmc 414: .Xr fstat 1 ,
1.1 deraadt 415: .Xr nfsstat 1 ,
416: .Xr ps 1 ,
1.47 jmc 417: .Xr systat 1 ,
1.53 jmc 418: .Xr tcpbench 1 ,
1.47 jmc 419: .Xr top 1 ,
1.71 jmc 420: .Xr inet_ntop 3 ,
1.21 aaron 421: .Xr netintro 4 ,
1.34 jmc 422: .Xr route 4 ,
1.1 deraadt 423: .Xr hosts 5 ,
424: .Xr protocols 5 ,
425: .Xr services 5 ,
1.15 alex 426: .Xr iostat 8 ,
1.34 jmc 427: .Xr portmap 8 ,
1.47 jmc 428: .Xr pstat 8 ,
1.34 jmc 429: .Xr route 8 ,
1.40 jmc 430: .Xr tcpdrop 8 ,
1.1 deraadt 431: .Xr trpt 8 ,
432: .Xr vmstat 8
433: .Sh HISTORY
434: The
1.21 aaron 435: .Nm
1.1 deraadt 436: command appeared in
437: .Bx 4.2 .
1.62 schwarze 438: IPv6 support was added by the WIDE/KAME project.
1.1 deraadt 439: .Sh BUGS
440: The notion of errors is ill-defined.
![[BACK]](/icons/back.gif){kind=icon}
Return to netstat.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / netstat