.\" SUCH DAMAGE.
.\"
.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94
+.\" $FreeBSD: src/usr.bin/netstat/netstat.1,v 1.22.2.7 2001/08/10 09:07:09 ru Exp $
.\"
-.Dd April 18, 1994
+.Dd June 15, 2001
.Dt NETSTAT 1
-.Os BSD 4.2
+.Os Darwin
.Sh NAME
.Nm netstat
.Nd show network status
.Sh SYNOPSIS
-.Nm netstat
-.Op Fl Aan
-.Op Fl f Ar address_family
+.Nm
+.Op Fl AaLlnW
+.Op Fl f Ar address_family | Fl p Ar protocol
.Op Fl M Ar core
.Op Fl N Ar system
-.Nm netstat
-.Op Fl dghimnrs
+.Nm
+.Op Fl gilns
.Op Fl f Ar address_family
.Op Fl M Ar core
.Op Fl N Ar system
-.Nm netstat
-.Op Fl dn
-.Op Fl I Ar interface
+.Nm
+.Fl i | I Ar interface
+.Op Fl w Ar wait
+.Op Fl abdgt
.Op Fl M Ar core
.Op Fl N Ar system
-.Op Fl w Ar wait
-.Nm netstat
-.Op Fl p Ar protocol
+.Nm
+.Fl s Op Fl s
+.Op Fl f Ar address_family | Fl p Ar protocol
+.Op Fl M Ar core
+.Op Fl N Ar system
+.Nm
+.Fl i | I Ar interface Fl s
+.Op Fl f Ar address_family | Fl p Ar protocol
+.Op Fl M Ar core
+.Op Fl N Ar system
+.Nm
+.Fl m
.Op Fl M Ar core
.Op Fl N Ar system
+.Nm
+.Fl r
+.Op Fl Aaln
+.Op Fl f Ar address_family
+.Op Fl M Ar core
+.Op Fl N Ar system
+.Nm
+.Fl rs
+.Op Fl s
+.Op Fl M Ar core
+.Op Fl N Ar system
+.\"-----------------------------------------------------------------------------------------
.Sh DESCRIPTION
+.\"-----------------------------------------------------------------------------------------
The
-.Nm netstat
-command symbolically displays the contents of various network-related
-data structures.
-There are a number of output formats,
-depending on the options for the information presented.
-The first form of the command displays a list of active sockets for
-each protocol.
-The second form presents the contents of one of the other network
-data structures according to the option selected.
-Using the third form, with a
+.Nm
+command symbolically displays the contents of various network-related data structures.
+There are a number of output formats, depending on the options for the information presented.
+The first form of the command displays a list of active sockets for each protocol.
+The second form presents the contents of one of the other network data structures according
+to the option selected. Using the third form, with a
.Ar wait
interval specified,
-.Nm netstat
-will continuously display the information regarding packet
-traffic on the configured network interfaces.
-The fourth form displays statistics about the named protocol.
+.Nm
+will continuously display the information regarding packet traffic on the configured network
+interfaces. The fourth form displays statistics for the specified protocol or address family.
+The fifth form displays per-interface statistics for the specified protocol or address family.
+The sixth form displays
+.Xr mbuf 9
+statistics. The seventh form displays routing table for the specified address family. The
+eighth form displays routing statistics.
.Pp
The options have the following meaning:
.Bl -tag -width flag
.It Fl A
-With the default display,
-show the address of any protocol control blocks associated with sockets; used
-for debugging.
+With the default display, show the address of any protocol control blocks associated with
+sockets; used for debugging.
.It Fl a
-With the default display,
-show the state of all sockets; normally sockets used by
-server processes are not shown.
+With the default display, show the state of all sockets; normally sockets used by server
+processes are not shown. With the routing table display (option
+.Fl r ,
+as described below), show protocol-cloned routes (routes generated by a
+.Dv RTF_PRCLONING
+parent route); normally these routes are not shown.
+.It Fl b
+With the interface display (option
+.Fl i ,
+as described below), show the number of bytes in and out.
.It Fl d
With either interface display (option
.Fl i
-or an interval, as described below),
-show the number of dropped packets.
-.It Fl f Ar address_family
-Limit statistics or address control block reports to those
-of the specified
+or an interval, as described below), show the number of dropped packets.
+.It Fl f Ar address_family
+Limit statistics or address control block reports to those of the specified
.Ar address family .
-The following address families
-are recognized:
+The following address families are recognized:
.Ar inet ,
for
.Dv AF_INET ,
-.Ar ns ,
-for
-.Dv AF_NS ,
-.Ar iso ,
+.Ar inet6 ,
for
-.Dv AF_ISO ,
+.Dv AF_INET6
and
.Ar unix ,
for
.Dv AF_UNIX .
.It Fl g
-Show information related to multicast (group address) routing.
-By default, show the IP Multicast virtual-interface and routing tables.
-If the
+Show information related to multicast (group address) routing. By default, show the
+IP Multicast virtual-interface and routing tables. If the
.Fl s
option is also present, show multicast routing statistics.
-.It Fl h
-Show the state of the
-.Tn IMP
-host table (obsolete).
-.It Fl I Ar interface
-Show information about the specified interface;
-used with a
+.It Fl I Ar interface
+Show information about the specified interface; used with a
.Ar wait
interval as described below.
-.It Fl i
-Show the state of interfaces which have been auto-configured
-(interfaces statically configured into a system, but not
-located at boot time are not shown).
If the
+.Fl s
+option is present, show per-interface protocol statistics on the
+.Ar interface
+for the specified
+.Ar address_family
+or
+.Ar protocol ,
+or for all protocol families.
+.It Fl i
+Show the state of interfaces which have been auto-configured (interfaces statically
+configured into a system, but not located at boot time are not shown). If the
.Fl a
-options is also present, multicast addresses currently in use are shown
-for each Ethernet interface and for each IP interface address.
-Multicast addresses are shown on separate lines following the interface
-address with which they are associated.
+options is also present, multicast addresses currently in use are shown for each
+Ethernet interface and for each IP interface address. Multicast addresses are shown
+on separate lines following the interface address with which they are associated.
+If the
+.Fl s
+option is present, show per-interface statistics on all interfaces for the specified
+.Ar address_family
+or
+.Ar protocol ,
+or for all protocol families.
+.It Fl L
+Show the size of the various listen queues. The first count shows the number of
+unaccepted connections. The second count shows the amount of unaccepted incomplete
+connections. The third count is the maximum number of queued connections.
+.It Fl l
+Print full IPv6 address.
.It Fl M
-Extract values associated with the name list from the specified core
-instead of the default
+Extract values associated with the name list from the specified core instead of the
+default
.Pa /dev/kmem .
.It Fl m
-Show statistics recorded by the memory management routines
-(the network manages a private pool of memory buffers).
+Show statistics recorded by the memory management routines (the network manages a
+private pool of memory buffers).
.It Fl N
Extract the name list from the specified system instead of the default
-.Pa /vmunix .
+.Pa /kernel .
.It Fl n
Show network addresses as numbers (normally
-.Nm netstat
-interprets addresses and attempts to display them
-symbolically).
-This option may be used with any of the display formats.
-.It Fl p Ar protocol
+.Nm
+interprets addresses and attempts to display them symbolically). This option may be
+used with any of the display formats.
+.It Fl p Ar protocol
Show statistics about
-.Ar protocol ,
-which is either a well-known name for a protocol or an alias for it. Some
-protocol names and aliases are listed in the file
+.Ar protocol ,
+which is either a well-known name for a protocol or an alias for it. Some protocol
+names and aliases are listed in the file
.Pa /etc/protocols .
-A null response typically means that there are no interesting numbers to
-report.
-The program will complain if
+The special protocol name
+.Dq bdg
+is used to show bridging statistics. A null response typically means that there are
+no interesting numbers to report. The program will complain if
.Ar protocol
is unknown or if there is no statistics routine for it.
-.It Fl s
-Show per-protocol statistics.
-If this option is repeated, counters with a value of zero are suppressed.
.It Fl r
-Show the routing tables.
-When
+Show the routing tables. Use with
+.Fl a
+to show protocol-cloned routes. When
.Fl s
-is also present, show routing statistics instead.
+is also present, show routing statistics instead. When
+.Fl l
+is also present,
+.Nm
+assumes more columns are there and the maximum transmission unit
+.Pq Dq mtu
+are also displayed.
+.It Fl s
+Show per-protocol statistics. If this option is repeated, counters with a value of
+zero are suppressed.
+.It Fl W
+In certain displays, avoid truncating addresses even if this causes some fields to
+overflow.
.It Fl w Ar wait
Show network interface statistics at intervals of
.Ar wait
seconds.
.El
.Pp
-The default display, for active sockets, shows the local
-and remote addresses, send and receive queue sizes (in bytes), protocol,
-and the internal state of the protocol.
-Address formats are of the form ``host.port'' or ``network.port''
+.\"-------------------------------------------------------------------------------
+.Sh OUTPUT
+.\"-------------------------------------------------------------------------------
+The default display, for active sockets, shows the local and remote addresses,
+send and receive queue sizes (in bytes), protocol, and the internal state of
+the protocol. Address formats are of the form
+.Dq host.port
+or
+.Dq network.port
if a socket's address specifies a network but no specific host address.
-When known the host and network addresses are displayed symbolically
-according to the data bases
+If known, the host and network addresses are displayed symbolically
+according to the databases
.Pa /etc/hosts
and
.Pa /etc/networks ,
-respectively. If a symbolic name for an address is unknown, or if
-the
+respectively. If a symbolic name for an address is unknown, or if the
.Fl n
-option is specified, the address is printed numerically, according
-to the address family.
-For more information regarding
-the Internet ``dot format,''
+option is specified, the address is printed numerically, according to the
+address family. For more information regarding the Internet
+.Dq dot format ,
refer to
.Xr inet 3 ) .
Unspecified,
-or ``wildcard'', addresses and ports appear as ``*''.
+or
+.Dq wildcard ,
+addresses and ports appear as
+.Dq * .
+.Pp
+Internet domain socket states:
+.Bl -column X LISTEN
+CLOSED: The socket is not in use.
+.Pp
+LISTEN: The socket is listening for incoming connections. Unconnected
+listening sockets like these are only displayed when using the -a option.
+.Pp
+SYN_SENT: The socket is actively trying to establish a connection to a
+remote peer.
.Pp
-The interface display provides a table of cumulative
-statistics regarding packets transferred, errors, and collisions.
-The network addresses of the interface
-and the maximum transmission unit (``mtu'') are also displayed.
+SYN_RCVD: The socket has passively received a connection request from a
+remote peer.
.Pp
-The routing table display indicates the available routes and
-their status. Each route consists of a destination host or network
-and a gateway to use in forwarding packets. The flags field shows
-a collection of information about the route stored as
-binary choices. The individual flags are discussed in more
-detail in the
+ESTABLISHED: The socket has an established connection between a local
+application and a remote peer.
+.Pp
+CLOSE_WAIT: The socket connection has been closed by the remote peer,
+and the system is waiting for the local application to close its half of
+the connection.
+.Pp
+LAST_ACK: The socket connection has been closed by the remote peer, the
+local application has closed its half of the connection, and the system
+is waiting for the remote peer to acknowledge the close.
+.Pp
+FIN_WAIT_1: The socket connection has been closed by the local
+application, the remote peer has not yet acknowledged the close, and the
+system is waiting for it to close its half of the connection.
+.Pp
+FIN_WAIT_2: The socket connection has been closed by the local
+application, the remote peer has acknowledged the close, and the system
+is waiting for it to close its half of the connection.
+.Pp
+CLOSING: The socket connection has been closed by the local application
+and the remote peer simultaneously, and the remote peer has not yet
+acknowledged the close attempt of the local application.
+.Pp
+TIME_WAIT: The socket connection has been closed by the local
+application, the remote peer has closed its half of the connection, and
+the system is waiting to be sure that the remote peer received the last
+acknowledgement.
+.El
+.Pp
+The interface display provides a table of cumulative statistics regarding
+packets transferred, errors, and collisions. The network addresses of the
+interface and the maximum transmission unit
+.Pq Dq mtu
+are also displayed.
+.Pp
+The routing table display indicates the available routes and their status.
+Each route consists of a destination host or network and a gateway to use
+in forwarding packets. The flags field shows a collection of information
+about the route stored as binary choices. The individual flags are discussed
+in more detail in the
.Xr route 8
and
.Xr route 4
-manual pages.
-The mapping between letters and flags is:
+manual pages. The mapping between letters and flags is:
.Bl -column XXXX RTF_BLACKHOLE
-1 RTF_PROTO2 Protocol specific routing flag #1
-2 RTF_PROTO1 Protocol specific routing flag #2
-B RTF_BLACKHOLE Just discard pkts (during updates)
-C RTF_CLONING Generate new routes on use
-D RTF_DYNAMIC Created dynamically (by redirect)
+1 RTF_PROTO1 Protocol specific routing flag #1
+2 RTF_PROTO2 Protocol specific routing flag #2
+3 RTF_PROTO3 Protocol specific routing flag #3
+B RTF_BLACKHOLE Just discard packets (during updates)
+b RTF_BROADCAST The route represents a broadcast address
+C RTF_CLONING Generate new routes on use
+c RTF_PRCLONING Protocol-specified generate new routes on use
+D RTF_DYNAMIC Created dynamically (by redirect)
G RTF_GATEWAY Destination requires forwarding by intermediary
-H RTF_HOST Host entry (net otherwise)
-L RTF_LLINFO Valid protocol to link address translation.
-M RTF_MODIFIED Modified dynamically (by redirect)
-R RTF_REJECT Host or net unreachable
-S RTF_STATIC Manually added
-U RTF_UP Route usable
+H RTF_HOST Host entry (net otherwise)
+L RTF_LLINFO Valid protocol to link address translation
+M RTF_MODIFIED Modified dynamically (by redirect)
+R RTF_REJECT Host or net unreachable
+S RTF_STATIC Manually added
+U RTF_UP Route usable
+W RTF_WASCLONED Route was generated as a result of cloning
X RTF_XRESOLVE External daemon translates proto to link address
.El
.Pp
-Direct routes are created for each
-interface attached to the local host;
-the gateway field for such entries shows the address of the outgoing interface.
-The refcnt field gives the
-current number of active uses of the route. Connection oriented
-protocols normally hold on to a single route for the duration of
-a connection while connectionless protocols obtain a route while sending
-to the same destination.
-The use field provides a count of the number of packets
-sent using that route. The interface entry indicates the network
-interface utilized for the route.
+Direct routes are created for each interface attached to the local host;
+the gateway field for such entries shows the address of the outgoing
+interface. The refcnt field gives the current number of active uses of
+the route. Connection oriented protocols normally hold on to a single
+route for the duration of a connection while connectionless protocols
+obtain a route while sending to the same destination. The use field
+provides a count of the number of packets sent using that route. The
+interface entry indicates the network interface utilized for the route.
.Pp
When
.Nm netstat
option and a
.Ar wait
interval argument, it displays a running count of statistics related to
-network interfaces.
-An obsolescent version of this option used a numeric parameter
-with no option, and is currently supported for backward compatibility.
-This display consists of a column for the primary interface (the first
-interface found during autoconfiguration) and a column summarizing
-information for all interfaces.
-The primary interface may be replaced with another interface with the
+network interfaces. An obsolete version of this option used a numeric
+parameter with no option, and is currently supported for backward
+compatibility. By default, this display summarizes information for all
+interfaces. Information for a specific interface may be displayed with the
.Fl I
option.
-The first line of each screen of information contains a summary since the
-system was last rebooted. Subsequent lines of output show values
-accumulated over the preceding interval.
.Sh SEE ALSO
-.Xr iostat 1 ,
+.Xr fstat 1 ,
.Xr nfsstat 1 ,
.Xr ps 1 ,
-.Xr vmstat 1 ,
+.Xr sockstat 1 ,
+.Xr inet 4 ,
+.Xr unix 4 ,
.Xr hosts 5 ,
.Xr networks 5 ,
.Xr protocols 5 ,
.Xr services 5 ,
+.Xr iostat 8 ,
.Xr trpt 8 ,
-.Xr trsp 8
+.Xr vmstat 8
.Sh HISTORY
The
.Nm netstat
command appeared in
.Bx 4.2 .
-.\" .Sh FILES
-.\" .Bl -tag -width /dev/kmem -compact
-.\" .It Pa /vmunix
-.\" default kernel namelist
-.\" .It Pa /dev/kmem
-.\" default memory file
-.\" .El
+.Pp
+IPv6 support was added by WIDE/KAME project.
+.Sh FILES
+.Bl -tag -width /dev/kmem -compact
+.It Pa /kernel
+default kernel namelist
+.It Pa /dev/kmem
+default memory file
+.El
.Sh BUGS
The notion of errors is ill-defined.
projects / apple / network_cmds.git / blobdiff