X-Git-Url: https://git.saurik.com/apple/network_cmds.git/blobdiff_plain/8052502f69480852fa9ccecf3788125a3d1c6aaf..7ba0088d6898d7fd2873f736f1f556673a8be855:/netstat.tproj/netstat.1 diff --git a/netstat.tproj/netstat.1 b/netstat.tproj/netstat.1 index fc0d303..de44198 100644 --- a/netstat.tproj/netstat.1 +++ b/netstat.tproj/netstat.1 @@ -30,218 +30,313 @@ .\" SUCH DAMAGE. .\" .\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 +.\" $FreeBSD: src/usr.bin/netstat/netstat.1,v 1.22.2.7 2001/08/10 09:07:09 ru Exp $ .\" -.Dd April 18, 1994 +.Dd June 15, 2001 .Dt NETSTAT 1 -.Os BSD 4.2 +.Os Darwin .Sh NAME .Nm netstat .Nd show network status .Sh SYNOPSIS -.Nm netstat -.Op Fl Aan -.Op Fl f Ar address_family +.Nm +.Op Fl AaLlnW +.Op Fl f Ar address_family | Fl p Ar protocol .Op Fl M Ar core .Op Fl N Ar system -.Nm netstat -.Op Fl dghimnrs +.Nm +.Op Fl gilns .Op Fl f Ar address_family .Op Fl M Ar core .Op Fl N Ar system -.Nm netstat -.Op Fl dn -.Op Fl I Ar interface +.Nm +.Fl i | I Ar interface +.Op Fl w Ar wait +.Op Fl abdgt .Op Fl M Ar core .Op Fl N Ar system -.Op Fl w Ar wait -.Nm netstat -.Op Fl p Ar protocol +.Nm +.Fl s Op Fl s +.Op Fl f Ar address_family | Fl p Ar protocol +.Op Fl M Ar core +.Op Fl N Ar system +.Nm +.Fl i | I Ar interface Fl s +.Op Fl f Ar address_family | Fl p Ar protocol +.Op Fl M Ar core +.Op Fl N Ar system +.Nm +.Fl m .Op Fl M Ar core .Op Fl N Ar system +.Nm +.Fl r +.Op Fl Aaln +.Op Fl f Ar address_family +.Op Fl M Ar core +.Op Fl N Ar system +.Nm +.Fl rs +.Op Fl s +.Op Fl M Ar core +.Op Fl N Ar system +.\"----------------------------------------------------------------------------------------- .Sh DESCRIPTION +.\"----------------------------------------------------------------------------------------- The -.Nm netstat -command symbolically displays the contents of various network-related -data structures. -There are a number of output formats, -depending on the options for the information presented. -The first form of the command displays a list of active sockets for -each protocol. -The second form presents the contents of one of the other network -data structures according to the option selected. -Using the third form, with a +.Nm +command symbolically displays the contents of various network-related data structures. +There are a number of output formats, depending on the options for the information presented. +The first form of the command displays a list of active sockets for each protocol. +The second form presents the contents of one of the other network data structures according +to the option selected. Using the third form, with a .Ar wait interval specified, -.Nm netstat -will continuously display the information regarding packet -traffic on the configured network interfaces. -The fourth form displays statistics about the named protocol. +.Nm +will continuously display the information regarding packet traffic on the configured network +interfaces. The fourth form displays statistics for the specified protocol or address family. +The fifth form displays per-interface statistics for the specified protocol or address family. +The sixth form displays +.Xr mbuf 9 +statistics. The seventh form displays routing table for the specified address family. The +eighth form displays routing statistics. .Pp The options have the following meaning: .Bl -tag -width flag .It Fl A -With the default display, -show the address of any protocol control blocks associated with sockets; used -for debugging. +With the default display, show the address of any protocol control blocks associated with +sockets; used for debugging. .It Fl a -With the default display, -show the state of all sockets; normally sockets used by -server processes are not shown. +With the default display, show the state of all sockets; normally sockets used by server +processes are not shown. With the routing table display (option +.Fl r , +as described below), show protocol-cloned routes (routes generated by a +.Dv RTF_PRCLONING +parent route); normally these routes are not shown. +.It Fl b +With the interface display (option +.Fl i , +as described below), show the number of bytes in and out. .It Fl d With either interface display (option .Fl i -or an interval, as described below), -show the number of dropped packets. -.It Fl f Ar address_family -Limit statistics or address control block reports to those -of the specified +or an interval, as described below), show the number of dropped packets. +.It Fl f Ar address_family +Limit statistics or address control block reports to those of the specified .Ar address family . -The following address families -are recognized: +The following address families are recognized: .Ar inet , for .Dv AF_INET , -.Ar ns , -for -.Dv AF_NS , -.Ar iso , +.Ar inet6 , for -.Dv AF_ISO , +.Dv AF_INET6 and .Ar unix , for .Dv AF_UNIX . .It Fl g -Show information related to multicast (group address) routing. -By default, show the IP Multicast virtual-interface and routing tables. -If the +Show information related to multicast (group address) routing. By default, show the +IP Multicast virtual-interface and routing tables. If the .Fl s option is also present, show multicast routing statistics. -.It Fl h -Show the state of the -.Tn IMP -host table (obsolete). -.It Fl I Ar interface -Show information about the specified interface; -used with a +.It Fl I Ar interface +Show information about the specified interface; used with a .Ar wait interval as described below. -.It Fl i -Show the state of interfaces which have been auto-configured -(interfaces statically configured into a system, but not -located at boot time are not shown). If the +.Fl s +option is present, show per-interface protocol statistics on the +.Ar interface +for the specified +.Ar address_family +or +.Ar protocol , +or for all protocol families. +.It Fl i +Show the state of interfaces which have been auto-configured (interfaces statically +configured into a system, but not located at boot time are not shown). If the .Fl a -options is also present, multicast addresses currently in use are shown -for each Ethernet interface and for each IP interface address. -Multicast addresses are shown on separate lines following the interface -address with which they are associated. +options is also present, multicast addresses currently in use are shown for each +Ethernet interface and for each IP interface address. Multicast addresses are shown +on separate lines following the interface address with which they are associated. +If the +.Fl s +option is present, show per-interface statistics on all interfaces for the specified +.Ar address_family +or +.Ar protocol , +or for all protocol families. +.It Fl L +Show the size of the various listen queues. The first count shows the number of +unaccepted connections. The second count shows the amount of unaccepted incomplete +connections. The third count is the maximum number of queued connections. +.It Fl l +Print full IPv6 address. .It Fl M -Extract values associated with the name list from the specified core -instead of the default +Extract values associated with the name list from the specified core instead of the +default .Pa /dev/kmem . .It Fl m -Show statistics recorded by the memory management routines -(the network manages a private pool of memory buffers). +Show statistics recorded by the memory management routines (the network manages a +private pool of memory buffers). .It Fl N Extract the name list from the specified system instead of the default -.Pa /vmunix . +.Pa /kernel . .It Fl n Show network addresses as numbers (normally -.Nm netstat -interprets addresses and attempts to display them -symbolically). -This option may be used with any of the display formats. -.It Fl p Ar protocol +.Nm +interprets addresses and attempts to display them symbolically). This option may be +used with any of the display formats. +.It Fl p Ar protocol Show statistics about -.Ar protocol , -which is either a well-known name for a protocol or an alias for it. Some -protocol names and aliases are listed in the file +.Ar protocol , +which is either a well-known name for a protocol or an alias for it. Some protocol +names and aliases are listed in the file .Pa /etc/protocols . -A null response typically means that there are no interesting numbers to -report. -The program will complain if +The special protocol name +.Dq bdg +is used to show bridging statistics. A null response typically means that there are +no interesting numbers to report. The program will complain if .Ar protocol is unknown or if there is no statistics routine for it. -.It Fl s -Show per-protocol statistics. -If this option is repeated, counters with a value of zero are suppressed. .It Fl r -Show the routing tables. -When +Show the routing tables. Use with +.Fl a +to show protocol-cloned routes. When .Fl s -is also present, show routing statistics instead. +is also present, show routing statistics instead. When +.Fl l +is also present, +.Nm +assumes more columns are there and the maximum transmission unit +.Pq Dq mtu +are also displayed. +.It Fl s +Show per-protocol statistics. If this option is repeated, counters with a value of +zero are suppressed. +.It Fl W +In certain displays, avoid truncating addresses even if this causes some fields to +overflow. .It Fl w Ar wait Show network interface statistics at intervals of .Ar wait seconds. .El .Pp -The default display, for active sockets, shows the local -and remote addresses, send and receive queue sizes (in bytes), protocol, -and the internal state of the protocol. -Address formats are of the form ``host.port'' or ``network.port'' +.\"------------------------------------------------------------------------------- +.Sh OUTPUT +.\"------------------------------------------------------------------------------- +The default display, for active sockets, shows the local and remote addresses, +send and receive queue sizes (in bytes), protocol, and the internal state of +the protocol. Address formats are of the form +.Dq host.port +or +.Dq network.port if a socket's address specifies a network but no specific host address. -When known the host and network addresses are displayed symbolically -according to the data bases +If known, the host and network addresses are displayed symbolically +according to the databases .Pa /etc/hosts and .Pa /etc/networks , -respectively. If a symbolic name for an address is unknown, or if -the +respectively. If a symbolic name for an address is unknown, or if the .Fl n -option is specified, the address is printed numerically, according -to the address family. -For more information regarding -the Internet ``dot format,'' +option is specified, the address is printed numerically, according to the +address family. For more information regarding the Internet +.Dq dot format , refer to .Xr inet 3 ) . Unspecified, -or ``wildcard'', addresses and ports appear as ``*''. +or +.Dq wildcard , +addresses and ports appear as +.Dq * . +.Pp +Internet domain socket states: +.Bl -column X LISTEN +CLOSED: The socket is not in use. +.Pp +LISTEN: The socket is listening for incoming connections. Unconnected +listening sockets like these are only displayed when using the -a option. +.Pp +SYN_SENT: The socket is actively trying to establish a connection to a +remote peer. .Pp -The interface display provides a table of cumulative -statistics regarding packets transferred, errors, and collisions. -The network addresses of the interface -and the maximum transmission unit (``mtu'') are also displayed. +SYN_RCVD: The socket has passively received a connection request from a +remote peer. .Pp -The routing table display indicates the available routes and -their status. Each route consists of a destination host or network -and a gateway to use in forwarding packets. The flags field shows -a collection of information about the route stored as -binary choices. The individual flags are discussed in more -detail in the +ESTABLISHED: The socket has an established connection between a local +application and a remote peer. +.Pp +CLOSE_WAIT: The socket connection has been closed by the remote peer, +and the system is waiting for the local application to close its half of +the connection. +.Pp +LAST_ACK: The socket connection has been closed by the remote peer, the +local application has closed its half of the connection, and the system +is waiting for the remote peer to acknowledge the close. +.Pp +FIN_WAIT_1: The socket connection has been closed by the local +application, the remote peer has not yet acknowledged the close, and the +system is waiting for it to close its half of the connection. +.Pp +FIN_WAIT_2: The socket connection has been closed by the local +application, the remote peer has acknowledged the close, and the system +is waiting for it to close its half of the connection. +.Pp +CLOSING: The socket connection has been closed by the local application +and the remote peer simultaneously, and the remote peer has not yet +acknowledged the close attempt of the local application. +.Pp +TIME_WAIT: The socket connection has been closed by the local +application, the remote peer has closed its half of the connection, and +the system is waiting to be sure that the remote peer received the last +acknowledgement. +.El +.Pp +The interface display provides a table of cumulative statistics regarding +packets transferred, errors, and collisions. The network addresses of the +interface and the maximum transmission unit +.Pq Dq mtu +are also displayed. +.Pp +The routing table display indicates the available routes and their status. +Each route consists of a destination host or network and a gateway to use +in forwarding packets. The flags field shows a collection of information +about the route stored as binary choices. The individual flags are discussed +in more detail in the .Xr route 8 and .Xr route 4 -manual pages. -The mapping between letters and flags is: +manual pages. The mapping between letters and flags is: .Bl -column XXXX RTF_BLACKHOLE -1 RTF_PROTO2 Protocol specific routing flag #1 -2 RTF_PROTO1 Protocol specific routing flag #2 -B RTF_BLACKHOLE Just discard pkts (during updates) -C RTF_CLONING Generate new routes on use -D RTF_DYNAMIC Created dynamically (by redirect) +1 RTF_PROTO1 Protocol specific routing flag #1 +2 RTF_PROTO2 Protocol specific routing flag #2 +3 RTF_PROTO3 Protocol specific routing flag #3 +B RTF_BLACKHOLE Just discard packets (during updates) +b RTF_BROADCAST The route represents a broadcast address +C RTF_CLONING Generate new routes on use +c RTF_PRCLONING Protocol-specified generate new routes on use +D RTF_DYNAMIC Created dynamically (by redirect) G RTF_GATEWAY Destination requires forwarding by intermediary -H RTF_HOST Host entry (net otherwise) -L RTF_LLINFO Valid protocol to link address translation. -M RTF_MODIFIED Modified dynamically (by redirect) -R RTF_REJECT Host or net unreachable -S RTF_STATIC Manually added -U RTF_UP Route usable +H RTF_HOST Host entry (net otherwise) +L RTF_LLINFO Valid protocol to link address translation +M RTF_MODIFIED Modified dynamically (by redirect) +R RTF_REJECT Host or net unreachable +S RTF_STATIC Manually added +U RTF_UP Route usable +W RTF_WASCLONED Route was generated as a result of cloning X RTF_XRESOLVE External daemon translates proto to link address .El .Pp -Direct routes are created for each -interface attached to the local host; -the gateway field for such entries shows the address of the outgoing interface. -The refcnt field gives the -current number of active uses of the route. Connection oriented -protocols normally hold on to a single route for the duration of -a connection while connectionless protocols obtain a route while sending -to the same destination. -The use field provides a count of the number of packets -sent using that route. The interface entry indicates the network -interface utilized for the route. +Direct routes are created for each interface attached to the local host; +the gateway field for such entries shows the address of the outgoing +interface. The refcnt field gives the current number of active uses of +the route. Connection oriented protocols normally hold on to a single +route for the duration of a connection while connectionless protocols +obtain a route while sending to the same destination. The use field +provides a count of the number of packets sent using that route. The +interface entry indicates the network interface utilized for the route. .Pp When .Nm netstat @@ -250,40 +345,39 @@ is invoked with the option and a .Ar wait interval argument, it displays a running count of statistics related to -network interfaces. -An obsolescent version of this option used a numeric parameter -with no option, and is currently supported for backward compatibility. -This display consists of a column for the primary interface (the first -interface found during autoconfiguration) and a column summarizing -information for all interfaces. -The primary interface may be replaced with another interface with the +network interfaces. An obsolete version of this option used a numeric +parameter with no option, and is currently supported for backward +compatibility. By default, this display summarizes information for all +interfaces. Information for a specific interface may be displayed with the .Fl I option. -The first line of each screen of information contains a summary since the -system was last rebooted. Subsequent lines of output show values -accumulated over the preceding interval. .Sh SEE ALSO -.Xr iostat 1 , +.Xr fstat 1 , .Xr nfsstat 1 , .Xr ps 1 , -.Xr vmstat 1 , +.Xr sockstat 1 , +.Xr inet 4 , +.Xr unix 4 , .Xr hosts 5 , .Xr networks 5 , .Xr protocols 5 , .Xr services 5 , +.Xr iostat 8 , .Xr trpt 8 , -.Xr trsp 8 +.Xr vmstat 8 .Sh HISTORY The .Nm netstat command appeared in .Bx 4.2 . -.\" .Sh FILES -.\" .Bl -tag -width /dev/kmem -compact -.\" .It Pa /vmunix -.\" default kernel namelist -.\" .It Pa /dev/kmem -.\" default memory file -.\" .El +.Pp +IPv6 support was added by WIDE/KAME project. +.Sh FILES +.Bl -tag -width /dev/kmem -compact +.It Pa /kernel +default kernel namelist +.It Pa /dev/kmem +default memory file +.El .Sh BUGS The notion of errors is ill-defined.