]> git.saurik.com Git - apple/network_cmds.git/blame - netstat.tproj/netstat.1
network_cmds-596.100.2.tar.gz
[apple/network_cmds.git] / netstat.tproj / netstat.1
CommitLineData
89c4ed63 1.\" Copyright (c) 2015 Apple Inc. All rights reserved.
7af5ce03
A
2.\"
3.\" @APPLE_OSREFERENCE_LICENSE_HEADER_START@
4.\"
5.\" This file contains Original Code and/or Modifications of Original Code
6.\" as defined in and that are subject to the Apple Public Source License
7.\" Version 2.0 (the 'License'). You may not use this file except in
8.\" compliance with the License. The rights granted to you under the License
9.\" may not be used to create, or enable the creation or redistribution of,
10.\" unlawful or unlicensed copies of an Apple operating system, or to
11.\" circumvent, violate, or enable the circumvention or violation of, any
12.\" terms of an Apple operating system software license agreement.
13.\"
14.\" Please obtain a copy of the License at
15.\" http://www.opensource.apple.com/apsl/ and read it before using this file.
16.\"
17.\" The Original Code and all software distributed under the License are
18.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
19.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
20.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
21.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
22.\" Please see the License for the specific language governing rights and
23.\" limitations under the License.
24.\"
25.\" @APPLE_OSREFERENCE_LICENSE_HEADER_END@
26.\"
b7080c8e
A
27.\" Copyright (c) 1983, 1990, 1992, 1993
28.\" The Regents of the University of California. All rights reserved.
29.\"
30.\" Redistribution and use in source and binary forms, with or without
31.\" modification, are permitted provided that the following conditions
32.\" are met:
33.\" 1. Redistributions of source code must retain the above copyright
34.\" notice, this list of conditions and the following disclaimer.
35.\" 2. Redistributions in binary form must reproduce the above copyright
36.\" notice, this list of conditions and the following disclaimer in the
37.\" documentation and/or other materials provided with the distribution.
38.\" 3. All advertising materials mentioning features or use of this software
39.\" must display the following acknowledgement:
40.\" This product includes software developed by the University of
41.\" California, Berkeley and its contributors.
42.\" 4. Neither the name of the University nor the names of its contributors
43.\" may be used to endorse or promote products derived from this software
44.\" without specific prior written permission.
45.\"
46.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
47.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
49.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
50.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
51.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
52.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
56.\" SUCH DAMAGE.
57.\"
58.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94
7ba0088d 59.\" $FreeBSD: src/usr.bin/netstat/netstat.1,v 1.22.2.7 2001/08/10 09:07:09 ru Exp $
b7080c8e 60.\"
7ba0088d 61.Dd June 15, 2001
b7080c8e 62.Dt NETSTAT 1
7ba0088d 63.Os Darwin
b7080c8e
A
64.Sh NAME
65.Nm netstat
66.Nd show network status
67.Sh SYNOPSIS
7ba0088d
A
68.Nm
69.Op Fl AaLlnW
70.Op Fl f Ar address_family | Fl p Ar protocol
7ba0088d
A
71.Nm
72.Op Fl gilns
fdfd5971 73.Op Fl v
b7080c8e 74.Op Fl f Ar address_family
fdfd5971 75.Op Fl I Ar interface
7ba0088d
A
76.Nm
77.Fl i | I Ar interface
78.Op Fl w Ar wait
7af5ce03 79.Op Fl c Ar queue
89c4ed63 80.Op Fl abdgqRtS
7ba0088d
A
81.Nm
82.Fl s Op Fl s
83.Op Fl f Ar address_family | Fl p Ar protocol
b8dff150 84.Op Fl w Ar wait
7ba0088d
A
85.Nm
86.Fl i | I Ar interface Fl s
87.Op Fl f Ar address_family | Fl p Ar protocol
7ba0088d
A
88.Nm
89.Fl m
b8dff150 90.Op Fl m
7ba0088d
A
91.Nm
92.Fl r
93.Op Fl Aaln
94.Op Fl f Ar address_family
7ba0088d
A
95.Nm
96.Fl rs
97.Op Fl s
7ba0088d 98.\"-----------------------------------------------------------------------------------------
b7080c8e 99.Sh DESCRIPTION
7ba0088d 100.\"-----------------------------------------------------------------------------------------
b7080c8e 101The
7ba0088d
A
102.Nm
103command symbolically displays the contents of various network-related data structures.
104There are a number of output formats, depending on the options for the information presented.
105The first form of the command displays a list of active sockets for each protocol.
106The second form presents the contents of one of the other network data structures according
107to the option selected. Using the third form, with a
b7080c8e
A
108.Ar wait
109interval specified,
7ba0088d
A
110.Nm
111will continuously display the information regarding packet traffic on the configured network
b8dff150
A
112interfaces. The fourth form displays statistics for the specified protocol or address family. If a
113.Ar wait
114interval is specified, the protocol information over the last interval seconds will be displayed.
7ba0088d
A
115The fifth form displays per-interface statistics for the specified protocol or address family.
116The sixth form displays
117.Xr mbuf 9
118statistics. The seventh form displays routing table for the specified address family. The
119eighth form displays routing statistics.
b7080c8e
A
120.Pp
121The options have the following meaning:
122.Bl -tag -width flag
123.It Fl A
7ba0088d 124With the default display, show the address of any protocol control blocks associated with
7af5ce03 125sockets and the flow hash; used for debugging.
b7080c8e 126.It Fl a
7ba0088d
A
127With the default display, show the state of all sockets; normally sockets used by server
128processes are not shown. With the routing table display (option
129.Fl r ,
130as described below), show protocol-cloned routes (routes generated by a
131.Dv RTF_PRCLONING
132parent route); normally these routes are not shown.
133.It Fl b
134With the interface display (option
135.Fl i ,
136as described below), show the number of bytes in and out.
7af5ce03
A
137.It Fl c Ar queue
138With the queue statistics (option
139.Fl q ,
140as described below), show only those for the specified
141.Ar queue .
b7080c8e
A
142.It Fl d
143With either interface display (option
144.Fl i
7ba0088d
A
145or an interval, as described below), show the number of dropped packets.
146.It Fl f Ar address_family
147Limit statistics or address control block reports to those of the specified
b7080c8e 148.Ar address family .
7ba0088d 149The following address families are recognized:
b7080c8e
A
150.Ar inet ,
151for
152.Dv AF_INET ,
7ba0088d 153.Ar inet6 ,
b7080c8e 154for
7ba0088d 155.Dv AF_INET6
b7080c8e
A
156and
157.Ar unix ,
158for
159.Dv AF_UNIX .
160.It Fl g
fdfd5971 161Show information related to multicast (group address) membership. If the
b7080c8e 162.Fl s
fdfd5971
A
163option is also present, show extended interface group management statistics. If the
164.Fl v
165option is specified, show link-layer memberships; they are suppressed by default.
166Source lists for each group will also be printed. Specifiying
167.Fl v
168twice will print the control plane timers for each interface and the source list counters
169for each group. If the
170.Fl i
171is specified, only that interface will be shown. If the
172.Fl f
173is specified, only information for the address family will be displayed.
7ba0088d
A
174.It Fl I Ar interface
175Show information about the specified interface; used with a
b7080c8e
A
176.Ar wait
177interval as described below.
b7080c8e 178If the
7ba0088d
A
179.Fl s
180option is present, show per-interface protocol statistics on the
181.Ar interface
182for the specified
183.Ar address_family
184or
185.Ar protocol ,
186or for all protocol families.
187.It Fl i
188Show the state of interfaces which have been auto-configured (interfaces statically
189configured into a system, but not located at boot time are not shown). If the
b7080c8e 190.Fl a
7ba0088d
A
191options is also present, multicast addresses currently in use are shown for each
192Ethernet interface and for each IP interface address. Multicast addresses are shown
193on separate lines following the interface address with which they are associated.
194If the
195.Fl s
196option is present, show per-interface statistics on all interfaces for the specified
197.Ar address_family
198or
199.Ar protocol ,
200or for all protocol families.
201.It Fl L
202Show the size of the various listen queues. The first count shows the number of
203unaccepted connections. The second count shows the amount of unaccepted incomplete
204connections. The third count is the maximum number of queued connections.
205.It Fl l
206Print full IPv6 address.
b7080c8e 207.It Fl m
b8dff150
A
208Show statistics recorded by the memory management routines (the network stack manages a private pool of memory buffers). More detailed information about the buffers, which includes their cache related statistics, can be obtained by using
209.Fl mm
210or
211.Fl m
212.Fl m
213option.
b7080c8e
A
214.It Fl n
215Show network addresses as numbers (normally
7ba0088d
A
216.Nm
217interprets addresses and attempts to display them symbolically). This option may be
218used with any of the display formats.
219.It Fl p Ar protocol
b7080c8e 220Show statistics about
7ba0088d
A
221.Ar protocol ,
222which is either a well-known name for a protocol or an alias for it. Some protocol
223names and aliases are listed in the file
b7080c8e 224.Pa /etc/protocols .
7ba0088d
A
225The special protocol name
226.Dq bdg
227is used to show bridging statistics. A null response typically means that there are
228no interesting numbers to report. The program will complain if
b7080c8e
A
229.Ar protocol
230is unknown or if there is no statistics routine for it.
7af5ce03
A
231.It Fl q
232Show network interface send queue statistics. By default all queues are displayed, unless
233specified with
234.Fl c .
235This option requires specifying an interface with
236.Fl I
237option. More detailed information about the queues, which includes their queueing algorithm related statistics, can be obtained by using
238.Fl qq
239or
240.Fl q
241.Fl q
242option.
b7080c8e 243.It Fl r
7ba0088d
A
244Show the routing tables. Use with
245.Fl a
246to show protocol-cloned routes. When
b7080c8e 247.Fl s
7ba0088d
A
248is also present, show routing statistics instead. When
249.Fl l
250is also present,
251.Nm
213b8c4f
A
252assumes more columns are there and the maximum transmission unit.
253More detailed information about the route metrics are displayed with
254.Fl ll
255for TCP round trip times
256.Fl lll
257for all metrics.
258Use the
259.Fl z
260flags to display only entries with non-zero RTT values.
7ba0088d
A
261.Pq Dq mtu
262are also displayed.
fdfd5971
A
263.It Fl R
264Show reachability information. Use with
265.Fl i
266to show link-layer reachability information for a given interface.
7ba0088d
A
267.It Fl s
268Show per-protocol statistics. If this option is repeated, counters with a value of
213b8c4f 269zero are suppressed. For security reasons, root privileges are required to read TCP statistics and in the absence of such privileges all TCP counters will be reported as zero.
89c4ed63
A
270.It Fl S
271Show interface link status and interface state information about the specified interface. This option requires specifying an interface with
272.Fl I
273option.
fdfd5971
A
274.It Fl v
275Increase verbosity level.
7ba0088d
A
276.It Fl W
277In certain displays, avoid truncating addresses even if this causes some fields to
278overflow.
b7080c8e 279.It Fl w Ar wait
b8dff150 280Show network interface or protocol statistics at intervals of
b7080c8e
A
281.Ar wait
282seconds.
7af5ce03
A
283.It Fl x
284Show extended link-layer reachability information in addition to that shown by
285the
286.Fl R
287flag.
b7080c8e
A
288.El
289.Pp
7ba0088d
A
290.\"-------------------------------------------------------------------------------
291.Sh OUTPUT
292.\"-------------------------------------------------------------------------------
293The default display, for active sockets, shows the local and remote addresses,
294send and receive queue sizes (in bytes), protocol, and the internal state of
295the protocol. Address formats are of the form
296.Dq host.port
297or
298.Dq network.port
b7080c8e 299if a socket's address specifies a network but no specific host address.
7ba0088d
A
300If known, the host and network addresses are displayed symbolically
301according to the databases
b7080c8e
A
302.Pa /etc/hosts
303and
304.Pa /etc/networks ,
7ba0088d 305respectively. If a symbolic name for an address is unknown, or if the
b7080c8e 306.Fl n
7ba0088d
A
307option is specified, the address is printed numerically, according to the
308address family. For more information regarding the Internet
309.Dq dot format ,
b7080c8e
A
310refer to
311.Xr inet 3 ) .
312Unspecified,
7ba0088d
A
313or
314.Dq wildcard ,
315addresses and ports appear as
316.Dq * .
317.Pp
318Internet domain socket states:
319.Bl -column X LISTEN
320CLOSED: The socket is not in use.
321.Pp
322LISTEN: The socket is listening for incoming connections. Unconnected
323listening sockets like these are only displayed when using the -a option.
324.Pp
325SYN_SENT: The socket is actively trying to establish a connection to a
326remote peer.
b7080c8e 327.Pp
7ba0088d
A
328SYN_RCVD: The socket has passively received a connection request from a
329remote peer.
b7080c8e 330.Pp
7ba0088d
A
331ESTABLISHED: The socket has an established connection between a local
332application and a remote peer.
333.Pp
334CLOSE_WAIT: The socket connection has been closed by the remote peer,
335and the system is waiting for the local application to close its half of
336the connection.
337.Pp
338LAST_ACK: The socket connection has been closed by the remote peer, the
339local application has closed its half of the connection, and the system
340is waiting for the remote peer to acknowledge the close.
341.Pp
342FIN_WAIT_1: The socket connection has been closed by the local
343application, the remote peer has not yet acknowledged the close, and the
344system is waiting for it to close its half of the connection.
345.Pp
346FIN_WAIT_2: The socket connection has been closed by the local
347application, the remote peer has acknowledged the close, and the system
348is waiting for it to close its half of the connection.
349.Pp
350CLOSING: The socket connection has been closed by the local application
351and the remote peer simultaneously, and the remote peer has not yet
352acknowledged the close attempt of the local application.
353.Pp
354TIME_WAIT: The socket connection has been closed by the local
355application, the remote peer has closed its half of the connection, and
356the system is waiting to be sure that the remote peer received the last
357acknowledgement.
358.El
359.Pp
360The interface display provides a table of cumulative statistics regarding
361packets transferred, errors, and collisions. The network addresses of the
362interface and the maximum transmission unit
363.Pq Dq mtu
364are also displayed.
365.Pp
366The routing table display indicates the available routes and their status.
367Each route consists of a destination host or network and a gateway to use
368in forwarding packets. The flags field shows a collection of information
369about the route stored as binary choices. The individual flags are discussed
370in more detail in the
b7080c8e
A
371.Xr route 8
372and
373.Xr route 4
7ba0088d 374manual pages. The mapping between letters and flags is:
b7080c8e 375.Bl -column XXXX RTF_BLACKHOLE
7ba0088d
A
3761 RTF_PROTO1 Protocol specific routing flag #1
3772 RTF_PROTO2 Protocol specific routing flag #2
3783 RTF_PROTO3 Protocol specific routing flag #3
379B RTF_BLACKHOLE Just discard packets (during updates)
380b RTF_BROADCAST The route represents a broadcast address
381C RTF_CLONING Generate new routes on use
382c RTF_PRCLONING Protocol-specified generate new routes on use
383D RTF_DYNAMIC Created dynamically (by redirect)
b7080c8e 384G RTF_GATEWAY Destination requires forwarding by intermediary
7ba0088d 385H RTF_HOST Host entry (net otherwise)
9c859447 386I RTF_IFSCOPE Route is associated with an interface scope
7f5b2e89 387i RTF_IFREF Route is holding a reference to the interface
7ba0088d
A
388L RTF_LLINFO Valid protocol to link address translation
389M RTF_MODIFIED Modified dynamically (by redirect)
9c859447 390m RTF_MULTICAST The route represents a multicast address
7ba0088d 391R RTF_REJECT Host or net unreachable
7af5ce03 392r RTF_ROUTER Host is a default router
7ba0088d
A
393S RTF_STATIC Manually added
394U RTF_UP Route usable
395W RTF_WASCLONED Route was generated as a result of cloning
b7080c8e 396X RTF_XRESOLVE External daemon translates proto to link address
7af5ce03 397Y RTF_PROXY Proxying; cloned routes will not be scoped
b7080c8e
A
398.El
399.Pp
7ba0088d
A
400Direct routes are created for each interface attached to the local host;
401the gateway field for such entries shows the address of the outgoing
402interface. The refcnt field gives the current number of active uses of
403the route. Connection oriented protocols normally hold on to a single
404route for the duration of a connection while connectionless protocols
405obtain a route while sending to the same destination. The use field
406provides a count of the number of packets sent using that route. The
407interface entry indicates the network interface utilized for the route.
9c859447 408A route which is marked with the RTF_IFSCOPE flag is instantiated for
7af5ce03
A
409the corresponding interface. A cloning route which is marked with the
410RTF_PROXY flag will not generate new routes that are associated
411with its interface scope.
b7080c8e
A
412.Pp
413When
414.Nm netstat
415is invoked with the
416.Fl w
417option and a
418.Ar wait
419interval argument, it displays a running count of statistics related to
b8dff150 420network interfaces or protocols. An obsolete version of this option used a numeric
7ba0088d
A
421parameter with no option, and is currently supported for backward
422compatibility. By default, this display summarizes information for all
423interfaces. Information for a specific interface may be displayed with the
b7080c8e
A
424.Fl I
425option.
b7080c8e 426.Sh SEE ALSO
b7080c8e
A
427.Xr nfsstat 1 ,
428.Xr ps 1 ,
7ba0088d
A
429.Xr inet 4 ,
430.Xr unix 4 ,
b7080c8e
A
431.Xr hosts 5 ,
432.Xr networks 5 ,
433.Xr protocols 5 ,
9c859447 434.Xr route 8 ,
b7080c8e 435.Xr services 5 ,
7ba0088d 436.Xr iostat 8 ,
b7080c8e
A
437.Sh HISTORY
438The
439.Nm netstat
440command appeared in
441.Bx 4.2 .
7ba0088d
A
442.Pp
443IPv6 support was added by WIDE/KAME project.
b7080c8e
A
444.Sh BUGS
445The notion of errors is ill-defined.