FreeBSD manual
download PDF document: netstat.1.pdf
NETSTAT(1) FreeBSD General Commands Manual NETSTAT(1)
NAME
netstat - show network status and statistics
SYNOPSIS
netstat [-j jail] [--libxo] [-46AaCLnPRSTWx]
[-f protocol_family | -p protocol]
netstat -i | -I interface
[-j jail] [--libxo] [-46abdhnW] [-f address_family] [-M core]
[-N system]
netstat -w wait
[-j jail] [--libxo] [-I interface] [-46d] [-M core] [-N system]
[-q howmany]
netstat -s
[-j jail] [--libxo] [-46sz] [-f protocol_family | -p protocol]
[-M core] [-N system]
netstat -i | -I interface -s
[-j jail] [--libxo] [-46s] [-f protocol_family | -p protocol]
[-M core] [-N system]
netstat -m
[-j jail] [--libxo] [-M core] [-N system]
netstat -B
[-j jail] [--libxo] [-z] [-I interface]
netstat -r
[-j jail] [--libxo] [-46nW] [-F fibnum] [-f address_family]
netstat -rs
[-j jail] [--libxo] [-s] [-M core] [-N system]
netstat -g
[-j jail] [--libxo] [-46W] [-f address_family]
netstat -gs
[-j jail] [--libxo] [-46s] [-f address_family] [-M core]
[-N system]
netstat -Q
[-j jail] [--libxo]
DESCRIPTION
The netstat command shows the contents of various network-related data
structures. The arguments passed determine which of the below output
formats the command uses.
netstat [-46AaCLnRSTWx] [-f protocol_family | -p protocol] [-j jail]
Display a list of active sockets (protocol control blocks) for
each network protocol.
The default display for active sockets shows the local and remote
addresses, send and receive queue sizes (in bytes), protocol, and
the internal state of the protocol. Address formats are of the
information regarding the Internet IPv4 "dot format", refer to
inet(3). Unspecified, or "wildcard", addresses and ports appear
as "*".
--libxo
Generate output via libxo(3) in a selection of different
human and machine readable formats. See xo_parse_args(3)
for details on command line arguments.
-4 Show IPv4 only. See GENERAL OPTIONS.
-6 Show IPv6 only. See GENERAL OPTIONS.
-A Show the address of a protocol control block (PCB)
associated with a socket; used for debugging.
-a Show the state of all sockets; normally sockets used by
server processes are not shown.
-c Show the used TCP stack for each session.
-C Show the congestion control algorithm and diagnostic
information of TCP sockets.
-L Show the size of the various listen queues. The first
count shows the number of unaccepted connections, the
second count shows the amount of unaccepted incomplete
connections, and the third count is the maximum number of
queued connections.
-n Do not resolve numeric addresses and port numbers to
names. See GENERAL OPTIONS.
-P Display the log ID for each socket.
-R Display the flowid and flowtype for each socket. flowid
is a 32 bit hardware specific identifier for each flow.
flowtype defines which protocol fields are hashed to
produce the id. A complete listing is available in
sys/mbuf.h under M_HASHTYPE_*.
-S Show network addresses as numbers (as with -n) but show
ports symbolically.
-T Display diagnostic information from the TCP control
block. Fields include the number of packets requiring
retransmission, received out-of-order, and those
advertising a zero-sized window.
-W Avoid truncating addresses even if this causes some
fields to overflow.
-x Display socket buffer and TCP timer statistics for each
internet socket.
The -x flag causes netstat to output all the information
recorded about data stored in the socket buffers. The
fields are:
receive buffer.
S-BMAX Maximum bytes that can be used in the send
buffer.
rexmt Time, in seconds, to fire Retransmit Timer,
or 0 if not armed.
persist Time, in seconds, to fire Retransmit
Persistence, or 0 if not armed.
keep Time, in seconds, to fire Keep Alive, or 0
if not armed.
2msl Time, in seconds, to fire 2*msl TIME_WAIT
Timer, or 0 if not armed.
delack Time, in seconds, to fire Delayed ACK
Timer, or 0 if not armed.
rcvtime Time, in seconds, since last packet
received.
-f protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
-p protocol
Filter by protocol. See GENERAL OPTIONS.
-j jail
Run inside a jail. See GENERAL OPTIONS.
netstat -i | -I interface [-46abdhnW] [-f address_family] [-M core]
[-N system] [-j jail]
Show the state of all network interfaces or a single interface
which have been auto-configured (interfaces statically configured
into a system, but not located at boot time are not shown). An
asterisk ("*") after an interface name indicates that the
interface is "down".
When netstat is invoked with -i (all interfaces) or -I interface,
it provides a table of cumulative statistics regarding packets
transferred, errors, and collisions. The network addresses of
the interface and the maximum transmission unit ("mtu") are also
displayed. If both -i and -I are specified, -I overrides any
instances of -i.
-4 Show IPv4 only. See GENERAL OPTIONS.
-6 Show IPv6 only. See GENERAL OPTIONS.
-a Multicast addresses currently in use are shown for each
Ethernet interface and for each IP interface address.
Multicast addresses are shown on separate lines following
the interface address with which they are associated.
-b Show the number of bytes in and out.
-d Show the number of dropped output packets.
-h Print all counters in human readable form.
-n Do not resolve numeric addresses and port numbers to
names. See GENERAL OPTIONS.
-W Avoid truncating addresses even if this causes some
-j jail
Run inside a jail. See GENERAL OPTIONS.
netstat -w wait [-I interface] [-46d] [-M core] [-N system] [-q howmany]
[-j jail]
At intervals of wait seconds, display the information regarding
packet traffic on all configured network interfaces or a single
interface.
When netstat is invoked with the -w option and a wait interval
argument, it displays a running count of statistics related to
network interfaces. An obsolescent version of this option used a
numeric parameter with no option, and is currently supported for
backward compatibility. By default, this display summarizes
information for all interfaces. Information for a specific
interface may be displayed with the -I interface option.
-I interface
Only show information regarding interface
-4 Show IPv4 only. See GENERAL OPTIONS.
-6 Show IPv6 only. See GENERAL OPTIONS.
-d Show the number of dropped output packets.
-M Use an alternative core. See GENERAL OPTIONS.
-N Use an alternative kernel image. See GENERAL OPTIONS.
-q Exit after howmany outputs.
-j jail
Run inside a jail. See GENERAL OPTIONS.
netstat -s [-46sz] [-f protocol_family | -p protocol] [-M core]
[-N system] [-j jail]
Display system-wide statistics for each network protocol.
-4 Show IPv4 only. See GENERAL OPTIONS.
-6 Show IPv6 only. See GENERAL OPTIONS.
-s If -s is repeated, counters with a value of zero are
suppressed.
-z Reset statistic counters after displaying them.
-f protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
-p protocol
Filter by protocol. See GENERAL OPTIONS.
-M Use an alternative core. See GENERAL OPTIONS.
-N Use an alternative kernel image See GENERAL OPTIONS.
-j jail
-4 Show IPv4 only See GENERAL OPTIONS.
-6 Show IPv6 only See GENERAL OPTIONS.
-s If -s is repeated, counters with a value of zero are
suppressed.
-f protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
-p protocol
Filter by protocol. See GENERAL OPTIONS.
-M Use an alternative core See GENERAL OPTIONS.
-N Use an alternative kernel image See GENERAL OPTIONS.
-j jail
Run inside a jail. See GENERAL OPTIONS.
netstat -m [-M core] [-N system] [-j jail]
Show statistics recorded by the memory management routines
(mbuf(9)). The network manages a private pool of memory buffers.
-M Use an alternative core See GENERAL OPTIONS.
-N Use an alternative kernel image See GENERAL OPTIONS.
-j jail
Run inside a jail. See GENERAL OPTIONS.
netstat -B [-z] [-I interface] [-j jail]
Show statistics about bpf(4) peers. This includes information
like how many packets have been matched, dropped and received by
the bpf device, also information about current buffer sizes and
device states.
The bpf(4) flags displayed when netstat is invoked with the -B
option represent the underlying parameters of the bpf peer. Each
flag is represented as a single lower case letter. The mapping
between the letters and flags in order of appearance are:
p Set if listening promiscuously
i BIOCIMMEDIATE has been set on the device
f BIOCGHDRCMPLT status: source link addresses are being
filled automatically
s BIOCGSEESENT status: see packets originating locally and
remotely on the interface.
a Packet reception generates a signal
l BIOCLOCK status: descriptor has been locked
For more information about these flags, please refer to bpf(4).
-z Reset statistic counters after displaying them.
-j jail
Run inside a jail. See GENERAL OPTIONS.
netstat -r [-46AnW] [-F fibnum] [-f address_family] [-M core] [-N system]
information about the route stored as binary choices. The
individual flags are discussed in more detail in the route(8) and
route(4) manual pages. The mapping between letters and flags is:
1 RTF_PROTO1 Protocol specific routing flag #1
2 RTF_PROTO2 Protocol specific routing flag #2
3 RTF_PROTO3 Protocol specific routing flag #3
B RTF_BLACKHOLE Just discard pkts (during updates)
b RTF_BROADCAST The route represents a broadcast
address
D RTF_DYNAMIC Created dynamically (by redirect)
G RTF_GATEWAY Destination requires forwarding by
intermediary
H RTF_HOST Host entry (net otherwise)
L RTF_LLINFO Valid protocol to link address
translation
M RTF_MODIFIED Modified dynamically (by redirect)
R RTF_REJECT Host or net unreachable
S RTF_STATIC Manually added
U RTF_UP Route usable
X RTF_XRESOLVE External daemon translates proto to
link address
Direct routes are created for each interface attached to the
local host; the gateway field for such entries shows the address
of the outgoing interface. The refcnt field gives the current
number of active uses of the route. Connection oriented
protocols normally hold on to a single route for the duration of
a connection while connectionless protocols obtain a route while
sending to the same destination. The use field provides a count
of the number of packets sent using that route. The interface
entry indicates the network interface utilized for the route.
-4 Show IPv4 only. See GENERAL OPTIONS.
-6 Show IPv6 only. See GENERAL OPTIONS.
-n Do not resolve numeric addresses and port numbers to
names. See GENERAL OPTIONS.
-W Show the path MTU for each route, and print interface
names with a wider field size.
-F Display the routing table with the number fibnum. If the
specified fibnum is -1 or -F is not specified, the
default routing table is displayed.
-f Display the routing table for a particular
address_family.
-M Use an alternative core See GENERAL OPTIONS.
-N Use an alternative kernel image See GENERAL OPTIONS.
-j jail
Run inside a jail. See GENERAL OPTIONS.
netstat -rs [-s] [-M core] [-N system] [-j jail]
Display routing statistics.
-j jail
Run inside a jail. See GENERAL OPTIONS.
netstat -g [-46W] [-f address_family] [-M core] [-N system] [-j jail]
Display the contents of the multicast virtual interface tables,
and multicast forwarding caches. Entries in these tables will
appear only when the kernel is actively forwarding multicast
sessions. This option is applicable only to the inet and inet6
address families.
-4 Show IPv4 only See GENERAL OPTIONS.
-6 Show IPv6 only See GENERAL OPTIONS.
-W Avoid truncating addresses even if this causes some
fields to overflow.
-f protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
-M Use an alternative core See GENERAL OPTIONS.
-N Use an alternative kernel image See GENERAL OPTIONS.
-j jail
Run inside a jail. See GENERAL OPTIONS.
netstat -gs [-46s] [-f address_family] [-M core] [-N system] [-j jail]
Show multicast routing statistics.
-4 Show IPv4 only See GENERAL OPTIONS.
-6 Show IPv6 only See GENERAL OPTIONS.
-s If -s is repeated, counters with a value of zero are
suppressed.
-f protocol_family
Filter by protocol_family. See GENERAL OPTIONS.
-M Use an alternative core See GENERAL OPTIONS.
-N Use an alternative kernel image See GENERAL OPTIONS.
-j jail
Run inside a jail. See GENERAL OPTIONS.
netstat -Q [-j jail]
Show netisr(9) statistics. The flags field shows available ISR
handlers:
C NETISR_SNP_FLAGS_M2CPUID Able to map mbuf to
cpu id
D NETISR_SNP_FLAGS_DRAINEDCPU Has queue drain
handler
F NETISR_SNP_FLAGS_M2FLOW Able to map mbuf to
flow id
-j jail Run inside a jail. See GENERAL OPTIONS.
-f address_family, -p protocol
Limit display to those records of the specified address_family or a
single protocol. The following address families and protocols are
recognized:
Family Protocols
inet (AF_INET) divert, icmp, igmp, ip, ipsec,
pim, sctp, tcp, udp
inet6 (AF_INET6) icmp6, ip6, ipsec6, rip6, sctp,
tcp, udp
pfkey (PF_KEY) pfkey
netgraph, ng (AF_NETGRAPH) ctrl, data
unix (AF_UNIX)
link (AF_LINK)
The program will complain if protocol is unknown or if there is no
statistics routine for it.
-M Extract values associated with the name list from the specified
core instead of the default /dev/kmem.
-N Extract the name list from the specified system instead of the
default, which is the kernel image the system has booted from.
-n Show network addresses and ports as numbers. Normally netstat
attempts to resolve addresses and ports, and display them
symbolically.
-W Wider output; expand address fields, etc, to avoid truncation.
Non-numeric values such as domain names may still be truncated; use
the -n option if necessary to avoid ambiguity.
-j jail
Perform the actions inside the jail. This allows network state to
be accessed even if the netstat binary is not available in the
jail.
EXAMPLES
Show packet traffic information (packets, bytes, errors, packet drops,
etc) for interface re0 updated every 2 seconds and exit after 5 outputs:
$ netstat -w 2 -q 5 -I re0
Show statistics for ICMP on any interface:
$ netstat -s -p icmp
Show routing tables:
$ netstat -r
Same as above, but without resolving numeric addresses and port numbers
to names:
$ netstat -rn
SEE ALSO
fstat(1), nfsstat(1), procstat(1), ps(1), sockstat(1), libxo(3),
IPv6 support was added by WIDE/KAME project.
BUGS
The notion of errors is ill-defined.
FreeBSD 14.2-RELEASE July 29, 2024 FreeBSD 14.2-RELEASE