1 .\" Copyright (c) 1983, 1990, 1992, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" @(#)netstat.1 8.8 (Berkeley) 4/18/94
31 .Dd September 25, 2020
36 .Nd show network status and statistics
39 .Bl -tag -width "netstat"
43 .Op Fl f Ar protocol_family | Fl p Ar protocol
46 .It Nm Fl i | I Ar interface
49 .Op Fl f Ar address_family
62 .Op Fl f Ar protocol_family | Fl p Ar protocol
65 .It Nm Fl i | I Ar interface Fl s
68 .Op Fl f Ar protocol_family | Fl p Ar protocol
83 .Op Fl f Ar address_family
92 .Op Fl f Ar address_family
96 .Op Fl f Ar address_family
106 command symbolically displays the contents of various network-related
108 There are a number of output formats,
109 depending on the options for the information presented.
110 .Bl -tag -width indent
115 .Op Fl f Ar protocol_family | Fl p Ar protocol
120 Display a list of active sockets
121 (protocol control blocks)
122 for each network protocol.
124 The default display for active sockets shows the local
125 and remote addresses, send and receive queue sizes (in bytes), protocol,
126 and the internal state of the protocol.
127 Address formats are of the form
131 if a socket's address specifies a network but no specific host address.
132 When known, the host and network addresses are displayed symbolically
133 according to the databases
138 If a symbolic name for an address is unknown, or if
141 option is specified, the address is printed numerically, according
142 to the address family.
143 For more information regarding
151 addresses and ports appear as
153 .Bl -tag -width indent
157 in a selection of different human and machine readable formats.
160 for details on command line arguments.
164 .Sx GENERAL OPTIONS .
168 .Sx GENERAL OPTIONS .
170 Show the address of a protocol control block (PCB)
171 associated with a socket; used for debugging.
173 Show the state of all sockets;
174 normally sockets used by server processes are not shown.
176 Show the used TCP stack for each session.
178 Show the congestion control algorithm and diagnostic information of TCP sockets.
180 Show the size of the various listen queues.
181 The first count shows the number of unaccepted connections,
182 the second count shows the amount of unaccepted incomplete connections,
183 and the third count is the maximum number of queued connections.
185 Do not resolve numeric addresses and port numbers to names.
187 .Sx GENERAL OPTIONS .
189 Display the log ID for each socket.
191 Display the flowid and flowtype for each socket.
192 flowid is a 32 bit hardware specific identifier for each flow.
193 flowtype defines which protocol fields are hashed to produce the id.
194 A complete listing is available in
199 Show network addresses as numbers (as with
201 but show ports symbolically.
203 Display diagnostic information from the TCP control block.
204 Fields include the number of packets requiring retransmission,
205 received out-of-order, and those advertising a zero-sized window.
207 Avoid truncating addresses even if this causes some fields to overflow.
209 Display socket buffer and TCP timer statistics for each
216 to output all the information recorded about data
217 stored in the socket buffers.
219 .Bl -column ".Li R-MBUF"
220 .It Li R-MBUF Ta Number of mbufs in the receive queue.
221 .It Li S-MBUF Ta Number of mbufs in the send queue.
222 .It Li R-CLUS Ta Number of clusters, of any type, in the receive
224 .It Li S-CLUS Ta Number of clusters, of any type, in the send queue.
225 .It Li R-HIWA Ta Receive buffer high water mark, in bytes.
226 .It Li S-HIWA Ta Send buffer high water mark, in bytes.
227 .It Li R-LOWA Ta Receive buffer low water mark, in bytes.
228 .It Li S-LOWA Ta Send buffer low water mark, in bytes.
229 .It Li R-BCNT Ta Receive buffer byte count.
230 .It Li S-BCNT Ta Send buffer byte count.
231 .It Li R-BMAX Ta Maximum bytes that can be used in the receive buffer.
232 .It Li S-BMAX Ta Maximum bytes that can be used in the send buffer.
233 .It Li rexmt Ta Time, in seconds, to fire Retransmit Timer, or 0 if not armed.
234 .It Li persist Ta Time, in seconds, to fire Retransmit Persistence, or 0 if not armed.
235 .It Li keep Ta Time, in seconds, to fire Keep Alive, or 0 if not armed.
236 .It Li 2msl Ta Time, in seconds, to fire 2*msl TIME_WAIT Timer, or 0 if not armed.
237 .It Li delack Ta Time, in seconds, to fire Delayed ACK Timer, or 0 if not armed.
238 .It Li rcvtime Ta Time, in seconds, since last packet received.
240 .It Fl f Ar protocol_family
242 .Ar protocol_family .
244 .Sx GENERAL OPTIONS .
249 .Sx GENERAL OPTIONS .
251 Use an alternative core.
253 .Sx GENERAL OPTIONS .
255 Use an alternative kernel image.
257 .Sx GENERAL OPTIONS .
262 .Fl i | I Ar interface
264 .Op Fl f Ar address_family
269 Show the state of all network interfaces or a single
271 which have been auto-configured
272 (interfaces statically configured into a system, but not
273 located at boot time are not shown).
276 after an interface name indicates that the interface is
286 it provides a table of cumulative
287 statistics regarding packets transferred, errors, and collisions.
288 The network addresses of the interface
289 and the maximum transmission unit
292 .Bl -tag -width indent
296 .Sx GENERAL OPTIONS .
300 .Sx GENERAL OPTIONS .
302 Multicast addresses currently in use are shown
303 for each Ethernet interface and for each IP interface address.
304 Multicast addresses are shown on separate lines following the interface
305 address with which they are associated.
307 Show the number of bytes in and out.
309 Show the number of dropped packets.
311 Print all counters in human readable form.
313 Do not resolve numeric addresses and port numbers to names.
315 .Sx GENERAL OPTIONS .
317 Avoid truncating interface names even if this causes some fields to overflow.
318 .Sx GENERAL OPTIONS .
319 .It Fl f Ar protocol_family
321 .Ar protocol_family .
323 .Sx GENERAL OPTIONS .
329 .Op Fl I Ar interface
338 seconds, display the information regarding packet traffic on all
339 configured network interfaces or a single
348 interval argument, it displays a running count of statistics related to
350 An obsolescent version of this option used a numeric parameter
351 with no option, and is currently supported for backward compatibility.
352 By default, this display summarizes information for all interfaces.
353 Information for a specific interface may be displayed with the
356 .Bl -tag -width indent
357 .It Fl I Ar interface
358 Only show information regarding
363 .Sx GENERAL OPTIONS .
367 .Sx GENERAL OPTIONS .
369 Show the number of dropped packets.
371 Use an alternative core.
373 .Sx GENERAL OPTIONS .
375 Use an alternative kernel image.
377 .Sx GENERAL OPTIONS .
388 .Op Fl f Ar protocol_family | Fl p Ar protocol
393 Display system-wide statistics for each network protocol.
394 .Bl -tag -width indent
398 .Sx GENERAL OPTIONS .
402 .Sx GENERAL OPTIONS .
406 is repeated, counters with a value of zero are suppressed.
408 Reset statistic counters after displaying them.
409 .It Fl f Ar protocol_family
411 .Ar protocol_family .
413 .Sx GENERAL OPTIONS .
418 .Sx GENERAL OPTIONS .
420 Use an alternative core.
422 .Sx GENERAL OPTIONS .
424 Use an alternative kernel image
426 .Sx GENERAL OPTIONS .
431 .Fl i | I Ar interface Fl s
433 .Op Fl f Ar protocol_family | Fl p Ar protocol
438 Display per-interface statistics for each network protocol.
439 .Bl -tag -width indent
443 .Sx GENERAL OPTIONS .
447 .Sx GENERAL OPTIONS .
451 is repeated, counters with a value of zero are suppressed.
452 .It Fl f Ar protocol_family
454 .Ar protocol_family .
456 .Sx GENERAL OPTIONS .
461 .Sx GENERAL OPTIONS .
463 Use an alternative core
465 .Sx GENERAL OPTIONS .
467 Use an alternative kernel image
469 .Sx GENERAL OPTIONS .
479 Show statistics recorded by the memory management routines
481 The network manages a private pool of memory buffers.
482 .Bl -tag -width indent
484 Use an alternative core
486 .Sx GENERAL OPTIONS .
488 Use an alternative kernel image
490 .Sx GENERAL OPTIONS .
497 .Op Fl I Ar interface
500 Show statistics about
503 This includes information like
504 how many packets have been matched, dropped and received by the
505 bpf device, also information about current buffer sizes and device
514 option represent the underlying parameters of the bpf peer.
516 represented as a single lower case letter.
517 The mapping between the letters and flags in order of appearance are:
519 .It Li p Ta Set if listening promiscuously
520 .It Li i Ta Dv BIOCIMMEDIATE No has been set on the device
521 .It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being
523 .It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and
524 remotely on the interface.
525 .It Li a Ta Packet reception generates a signal
526 .It Li l Ta Dv BIOCLOCK No status: descriptor has been locked
529 For more information about these flags, please refer to
531 .Bl -tag -width indent
533 Reset statistic counters after displaying them.
541 .Op Fl f Ar address_family
546 Display the contents of routing tables.
550 is invoked with the routing table option
552 it lists the available routes and their status.
553 Each route consists of a destination host or network, and a gateway to use
554 in forwarding packets.
555 The flags field shows a collection of information about the route stored
557 The individual flags are discussed in more detail in the
562 The mapping between letters and flags is:
563 .Bl -column ".Li W" ".Dv RTF_WASCLONED"
564 .It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1"
565 .It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2"
566 .It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3"
567 .It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)"
568 .It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address"
569 .It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)"
570 .It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary"
571 .It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)"
572 .It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation"
573 .It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)"
574 .It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable"
575 .It Li S Ta Dv RTF_STATIC Ta "Manually added"
576 .It Li U Ta Dv RTF_UP Ta "Route usable"
577 .It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address"
580 Direct routes are created for each
581 interface attached to the local host;
582 the gateway field for such entries shows the address of the outgoing interface.
583 The refcnt field gives the
584 current number of active uses of the route.
586 protocols normally hold on to a single route for the duration of
587 a connection while connectionless protocols obtain a route while sending
588 to the same destination.
589 The use field provides a count of the number of packets
590 sent using that route.
591 The interface entry indicates the network interface utilized for the route.
592 .Bl -tag -width indent
596 .Sx GENERAL OPTIONS .
600 .Sx GENERAL OPTIONS .
602 Do not resolve numeric addresses and port numbers to names.
604 .Sx GENERAL OPTIONS .
606 Show the path MTU for each route, and print interface names with a
609 Display the routing table with the number
616 the default routing table is displayed.
618 Display the routing table for a particular
621 Use an alternative core
623 .Sx GENERAL OPTIONS .
625 Use an alternative kernel image
627 .Sx GENERAL OPTIONS .
638 Display routing statistics.
639 .Bl -tag -width indent
643 is repeated, counters with a value of zero are suppressed.
645 Use an alternative core
647 .Sx GENERAL OPTIONS .
649 Use an alternative kernel image
651 .Sx GENERAL OPTIONS .
658 .Op Fl f Ar address_family
663 Display the contents of the multicast virtual interface tables,
664 and multicast forwarding caches.
665 Entries in these tables will appear only when the kernel is
666 actively forwarding multicast sessions.
667 This option is applicable only to the
672 .Bl -tag -width indent
676 .Sx GENERAL OPTIONS .
680 .Sx GENERAL OPTIONS .
682 Avoid truncating addresses even if this causes some fields to overflow.
683 .It Fl f Ar protocol_family
685 .Ar protocol_family .
687 .Sx GENERAL OPTIONS .
689 Use an alternative core
691 .Sx GENERAL OPTIONS .
693 Use an alternative kernel image
695 .Sx GENERAL OPTIONS .
702 .Op Fl f Ar address_family
707 Show multicast routing statistics.
708 .Bl -tag -width indent
712 .Sx GENERAL OPTIONS .
716 .Sx GENERAL OPTIONS .
720 is repeated, counters with a value of zero are suppressed.
721 .It Fl f Ar protocol_family
723 .Ar protocol_family .
725 .Sx GENERAL OPTIONS .
727 Use an alternative core
729 .Sx GENERAL OPTIONS .
731 Use an alternative kernel image
733 .Sx GENERAL OPTIONS .
744 The flags field shows available ISR handlers:
745 .Bl -column ".Li W" ".Dv NETISR_SNP_FLAGS_DRAINEDCPU"
746 .It Li C Ta Dv NETISR_SNP_FLAGS_M2CPUID Ta "Able to map mbuf to cpu id"
747 .It Li D Ta Dv NETISR_SNP_FLAGS_DRAINEDCPU Ta "Has queue drain handler"
748 .It Li F Ta Dv NETISR_SNP_FLAGS_M2FLOW Ta "Able to map mbuf to flow id"
752 Some options have the general meaning:
764 .It Fl f Ar address_family , Fl p Ar protocol
765 Limit display to those records
770 The following address families and protocols are recognized:
772 .Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact
775 .It Cm inet Pq Dv AF_INET
776 .Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp
777 .It Cm inet6 Pq Dv AF_INET6
778 .Cm icmp6 , ip6 , ipsec6 , rip6 , sctp , tcp , udp
779 .It Cm pfkey Pq Dv PF_KEY
781 .It Cm netgraph , ng Pq Dv AF_NETGRAPH
783 .It Cm unix Pq Dv AF_UNIX
784 .It Cm link Pq Dv AF_LINK
787 The program will complain if
789 is unknown or if there is no statistics routine for it.
791 Extract values associated with the name list from the specified core
792 instead of the default
795 Extract the name list from the specified system instead of the default,
796 which is the kernel image the system has booted from.
798 Show network addresses and ports as numbers.
801 attempts to resolve addresses and ports,
802 and display them symbolically.
805 Show packet traffic information (packets, bytes, errors, packet drops, etc) for
806 interface re0 updated every 2 seconds and exit after 5 outputs:
807 .Bd -literal -offset indent
808 $ netstat -w 2 -q 5 -I re0
811 Show statistics for ICMP on any interface:
812 .Bd -literal -offset indent
817 .Bd -literal -offset indent
821 Same as above, but without resolving numeric addresses and port numbers to
823 .Bd -literal -offset indent
833 .Xr xo_parse_args 3 ,
853 IPv6 support was added by WIDE/KAME project.
855 The notion of errors is ill-defined.