mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-24 00:21:07 +01:00
120dc21b86
Fix several small errors introduced by r260524. Suggested by: glebius MFC after: 2 weeks
558 lines
14 KiB
Groff
558 lines
14 KiB
Groff
.\" Copyright (c) 1983, 1990, 1992, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd January 11, 2014
|
|
.Dt NETSTAT 1
|
|
.Os
|
|
.Sh NAME
|
|
.Nm netstat
|
|
.Nd show network status
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
command symbolically displays the contents of various network-related
|
|
data structures.
|
|
There are a number of output formats,
|
|
depending on the options for the information presented.
|
|
.Bl -tag -width indent
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Op Fl 46AaLnSTWx
|
|
.Op Fl f Ar protocol_family | Fl p Ar protocol
|
|
.Op Fl M Ar core
|
|
.Op Fl N Ar system
|
|
.Ek
|
|
.Xc
|
|
Display a list of active sockets
|
|
(protocol control blocks)
|
|
for each network protocol,
|
|
for a particular
|
|
.Ar protocol_family ,
|
|
or for a single
|
|
.Ar protocol .
|
|
If
|
|
.Fl A
|
|
is also present,
|
|
show the address of a protocol control block (PCB)
|
|
associated with a socket; used for debugging.
|
|
If
|
|
.Fl a
|
|
is also present,
|
|
show the state of all sockets;
|
|
normally sockets used by server processes are not shown.
|
|
If
|
|
.Fl L
|
|
is also present,
|
|
show the size of the various listen queues.
|
|
The first count shows the number of unaccepted connections,
|
|
the second count shows the amount of unaccepted incomplete connections,
|
|
and the third count is the maximum number of queued connections.
|
|
If
|
|
.Fl S
|
|
is also present,
|
|
show network addresses as numbers (as with
|
|
.Fl n )
|
|
but show ports symbolically.
|
|
If
|
|
.Fl x
|
|
is present, display socket buffer and tcp timer statistics for each internet socket.
|
|
When
|
|
.Fl T
|
|
is present, display information from the TCP control block, including
|
|
retransmits, out-of-order packets received, and zero-sized windows advertised.
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl i | I Ar interface
|
|
.Op Fl 46abdhnW
|
|
.Op Fl f Ar address_family
|
|
.Ek
|
|
.Xc
|
|
Show the state of all network interfaces or a single
|
|
.Ar interface
|
|
which have been auto-configured
|
|
(interfaces statically configured into a system, but not
|
|
located at boot time are not shown).
|
|
An asterisk
|
|
.Pq Dq Li *
|
|
after an interface name indicates that the interface is
|
|
.Dq down .
|
|
If
|
|
.Fl a
|
|
is also present, multicast addresses currently in use are shown
|
|
for each Ethernet interface and for each IP interface address.
|
|
Multicast addresses are shown on separate lines following the interface
|
|
address with which they are associated.
|
|
If
|
|
.Fl b
|
|
is also present, show the number of bytes in and out.
|
|
If
|
|
.Fl d
|
|
is also present, show the number of dropped packets.
|
|
If
|
|
.Fl h
|
|
is also present, print all counters in human readable form.
|
|
If
|
|
.Fl W
|
|
is also present, print interface names using a wider field size.
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl w Ar wait
|
|
.Op Fl I Ar interface
|
|
.Op Fl d
|
|
.Op Fl M Ar core
|
|
.Op Fl N Ar system
|
|
.Op Fl q Ar howmany
|
|
.Ek
|
|
.Xc
|
|
At intervals of
|
|
.Ar wait
|
|
seconds,
|
|
display the information regarding packet
|
|
traffic on all configured network interfaces
|
|
or a single
|
|
.Ar interface .
|
|
If
|
|
.Fl q
|
|
is also present, exit after
|
|
.Ar howmany
|
|
outputs.
|
|
If
|
|
.Fl d
|
|
is also present, show the number of dropped packets.
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl s Op Fl s
|
|
.Op Fl 46z
|
|
.Op Fl f Ar protocol_family | Fl p Ar protocol
|
|
.Op Fl M Ar core
|
|
.Op Fl N Ar system
|
|
.Ek
|
|
.Xc
|
|
Display system-wide statistics for each network protocol,
|
|
for a particular
|
|
.Ar protocol_family ,
|
|
or for a single
|
|
.Ar protocol .
|
|
If
|
|
.Fl s
|
|
is repeated, counters with a value of zero are suppressed.
|
|
If
|
|
.Fl z
|
|
is also present, reset statistic counters after displaying them.
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl i | I Ar interface Fl s
|
|
.Op Fl 46
|
|
.Op Fl f Ar protocol_family | Fl p Ar protocol
|
|
.Op Fl M Ar core
|
|
.Op Fl N Ar system
|
|
.Ek
|
|
.Xc
|
|
Display per-interface statistics for each network protocol,
|
|
for a particular
|
|
.Ar protocol_family ,
|
|
or for a single
|
|
.Ar protocol .
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl m
|
|
.Op Fl M Ar core
|
|
.Op Fl N Ar system
|
|
.Ek
|
|
.Xc
|
|
Show statistics recorded by the memory management routines
|
|
.Pq Xr mbuf 9 .
|
|
The network manages a private pool of memory buffers.
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl B
|
|
.Op Fl z
|
|
.Op Fl I Ar interface
|
|
.Ek
|
|
.Xc
|
|
Show statistics about
|
|
.Xr bpf 4
|
|
peers.
|
|
This includes information like
|
|
how many packets have been matched, dropped and received by the
|
|
bpf device, also information about current buffer sizes and device
|
|
states.
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl r
|
|
.Op Fl 46AanW
|
|
.Op Fl F Ar fibnum
|
|
.Op Fl f Ar address_family
|
|
.Op Fl M Ar core
|
|
.Op Fl N Ar system
|
|
.Ek
|
|
.Xc
|
|
Display the contents of routing tables.
|
|
When
|
|
.Fl f
|
|
is specified, a routing table for a particular
|
|
.Ar address_family
|
|
is displayed.
|
|
When
|
|
.Fl F
|
|
is specified, a routing table with the number
|
|
.Ar fibnum
|
|
is displayed.
|
|
If the specified
|
|
.Ar fibnum
|
|
is -1 or
|
|
.Fl F
|
|
is not specified,
|
|
the default routing table is displayed.
|
|
If
|
|
.Fl A
|
|
is also present,
|
|
show the contents of the internal Patricia tree
|
|
structures; used for debugging.
|
|
If
|
|
.Fl a
|
|
is also present,
|
|
show protocol-cloned routes
|
|
(routes generated by an
|
|
.Dv RTF_PRCLONING
|
|
parent route);
|
|
normally these routes are not shown.
|
|
When
|
|
.Fl W
|
|
is also present,
|
|
show the path MTU
|
|
for each route,
|
|
and print interface
|
|
names with a wider
|
|
field size.
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl rs
|
|
.Op Fl s
|
|
.Op Fl M Ar core
|
|
.Op Fl N Ar system
|
|
.Ek
|
|
.Xc
|
|
Display routing statistics.
|
|
If
|
|
.Fl s
|
|
is repeated, counters with a value of zero are suppressed.
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl g
|
|
.Op Fl 46W
|
|
.Op Fl f Ar address_family
|
|
.Op Fl M Ar core
|
|
.Op Fl N Ar system
|
|
.Ek
|
|
.Xc
|
|
Display the contents of the multicast virtual interface tables,
|
|
and multicast forwarding caches.
|
|
Entries in these tables will appear only when the kernel is
|
|
actively forwarding multicast sessions.
|
|
This option is applicable only to the
|
|
.Cm inet
|
|
and
|
|
.Cm inet6
|
|
address families.
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl gs
|
|
.Op Fl 46s
|
|
.Op Fl f Ar address_family
|
|
.Op Fl M Ar core
|
|
.Op Fl N Ar system
|
|
.Ek
|
|
.Xc
|
|
Show multicast routing statistics.
|
|
If
|
|
.Fl s
|
|
is repeated, counters with a value of zero are suppressed.
|
|
.It Xo
|
|
.Bk -words
|
|
.Nm
|
|
.Fl Q
|
|
.Ek
|
|
.Xc
|
|
Show
|
|
.Xr netisr 9
|
|
statistics.
|
|
The flags field shows available ISR handlers:
|
|
.Bl -column ".Li W" ".Dv NETISR_SNP_FLAGS_DRAINEDCPU"
|
|
.It Li C Ta Dv NETISR_SNP_FLAGS_M2CPUID Ta "Able to map mbuf to cpu id"
|
|
.It Li D Ta Dv NETISR_SNP_FLAGS_DRAINEDCPU Ta "Has queue drain handler"
|
|
.It Li F Ta Dv NETISR_SNP_FLAGS_M2FLOW Ta "Able to map mbuf to flow id"
|
|
.El
|
|
.El
|
|
.Pp
|
|
Some options have the general meaning:
|
|
.Bl -tag -width flag
|
|
.It Fl 4
|
|
Is shorthand for
|
|
.Fl f
|
|
.Ar inet
|
|
.It Fl 6
|
|
Is shorthand for
|
|
.Fl f
|
|
.Ar inet6
|
|
.It Fl f Ar address_family , Fl p Ar protocol
|
|
Limit display to those records
|
|
of the specified
|
|
.Ar address_family
|
|
or a single
|
|
.Ar protocol .
|
|
The following address families and protocols are recognized:
|
|
.Pp
|
|
.Bl -tag -width ".Cm netgraph , ng Pq Dv AF_NETGRAPH" -compact
|
|
.It Em Family
|
|
.Em Protocols
|
|
.It Cm inet Pq Dv AF_INET
|
|
.Cm divert , icmp , igmp , ip , ipsec , pim, sctp , tcp , udp
|
|
.It Cm inet6 Pq Dv AF_INET6
|
|
.Cm icmp6 , ip6 , ipsec6 , rip6 , tcp , udp
|
|
.It Cm pfkey Pq Dv PF_KEY
|
|
.Cm pfkey
|
|
.It Cm atalk Pq Dv AF_APPLETALK
|
|
.Cm ddp
|
|
.It Cm netgraph , ng Pq Dv AF_NETGRAPH
|
|
.Cm ctrl , data
|
|
.It Cm ipx Pq Dv AF_IPX
|
|
.Cm ipx , spx
|
|
.\".It Cm ns Pq Dv AF_NS
|
|
.\".Cm idp , ns_err , spp
|
|
.\".It Cm iso Pq Dv AF_ISO
|
|
.\".Cm clnp , cltp , esis , tp
|
|
.It Cm unix Pq Dv AF_UNIX
|
|
.It Cm link Pq Dv AF_LINK
|
|
.El
|
|
.Pp
|
|
The program will complain if
|
|
.Ar protocol
|
|
is unknown or if there is no statistics routine for it.
|
|
.It Fl M
|
|
Extract values associated with the name list from the specified core
|
|
instead of the default
|
|
.Pa /dev/kmem .
|
|
.It Fl N
|
|
Extract the name list from the specified system instead of the default,
|
|
which is the kernel image the system has booted from.
|
|
.It Fl n
|
|
Show network addresses and ports as numbers.
|
|
Normally
|
|
.Nm
|
|
attempts to resolve addresses and ports,
|
|
and display them symbolically.
|
|
.It Fl W
|
|
In certain displays, avoid truncating addresses even if this causes
|
|
some fields to overflow.
|
|
.El
|
|
.Pp
|
|
The default display, for active sockets, shows the local
|
|
and remote addresses, send and receive queue sizes (in bytes), protocol,
|
|
and the internal state of the protocol.
|
|
Address formats are of the form
|
|
.Dq host.port
|
|
or
|
|
.Dq network.port
|
|
if a socket's address specifies a network but no specific host address.
|
|
When known, the host and network addresses are displayed symbolically
|
|
according to the databases
|
|
.Xr hosts 5
|
|
and
|
|
.Xr networks 5 ,
|
|
respectively.
|
|
If a symbolic name for an address is unknown, or if
|
|
the
|
|
.Fl n
|
|
option is specified, the address is printed numerically, according
|
|
to the address family.
|
|
For more information regarding
|
|
the Internet IPv4
|
|
.Dq dot format ,
|
|
refer to
|
|
.Xr inet 3 .
|
|
Unspecified,
|
|
or
|
|
.Dq wildcard ,
|
|
addresses and ports appear as
|
|
.Dq Li * .
|
|
.Pp
|
|
The interface display provides a table of cumulative
|
|
statistics regarding packets transferred, errors, and collisions.
|
|
The network addresses of the interface
|
|
and the maximum transmission unit
|
|
.Pq Dq mtu
|
|
are also displayed.
|
|
.Pp
|
|
The routing table display indicates the available routes and their status.
|
|
Each route consists of a destination host or network, and a gateway to use
|
|
in forwarding packets.
|
|
The flags field shows a collection of information about the route stored
|
|
as binary choices.
|
|
The individual flags are discussed in more detail in the
|
|
.Xr route 8
|
|
and
|
|
.Xr route 4
|
|
manual pages.
|
|
The mapping between letters and flags is:
|
|
.Bl -column ".Li W" ".Dv RTF_WASCLONED"
|
|
.It Li 1 Ta Dv RTF_PROTO1 Ta "Protocol specific routing flag #1"
|
|
.It Li 2 Ta Dv RTF_PROTO2 Ta "Protocol specific routing flag #2"
|
|
.It Li 3 Ta Dv RTF_PROTO3 Ta "Protocol specific routing flag #3"
|
|
.It Li B Ta Dv RTF_BLACKHOLE Ta "Just discard pkts (during updates)"
|
|
.It Li b Ta Dv RTF_BROADCAST Ta "The route represents a broadcast address"
|
|
.It Li C Ta Dv RTF_CLONING Ta "Generate new routes on use"
|
|
.It Li c Ta Dv RTF_PRCLONING Ta "Protocol-specified generate new routes on use"
|
|
.It Li D Ta Dv RTF_DYNAMIC Ta "Created dynamically (by redirect)"
|
|
.It Li G Ta Dv RTF_GATEWAY Ta "Destination requires forwarding by intermediary"
|
|
.It Li H Ta Dv RTF_HOST Ta "Host entry (net otherwise)"
|
|
.It Li L Ta Dv RTF_LLINFO Ta "Valid protocol to link address translation"
|
|
.It Li M Ta Dv RTF_MODIFIED Ta "Modified dynamically (by redirect)"
|
|
.It Li R Ta Dv RTF_REJECT Ta "Host or net unreachable"
|
|
.It Li S Ta Dv RTF_STATIC Ta "Manually added"
|
|
.It Li U Ta Dv RTF_UP Ta "Route usable"
|
|
.It Li W Ta Dv RTF_WASCLONED Ta "Route was generated as a result of cloning"
|
|
.It Li X Ta Dv RTF_XRESOLVE Ta "External daemon translates proto to link address"
|
|
.El
|
|
.Pp
|
|
Direct routes are created for each
|
|
interface attached to the local host;
|
|
the gateway field for such entries shows the address of the outgoing interface.
|
|
The refcnt field gives the
|
|
current number of active uses of the route.
|
|
Connection oriented
|
|
protocols normally hold on to a single route for the duration of
|
|
a connection while connectionless protocols obtain a route while sending
|
|
to the same destination.
|
|
The use field provides a count of the number of packets
|
|
sent using that route.
|
|
The interface entry indicates the network interface utilized for the route.
|
|
.Pp
|
|
When
|
|
.Nm
|
|
is invoked with the
|
|
.Fl w
|
|
option and a
|
|
.Ar wait
|
|
interval argument, it displays a running count of statistics related to
|
|
network interfaces.
|
|
An obsolescent version of this option used a numeric parameter
|
|
with no option, and is currently supported for backward compatibility.
|
|
By default, this display summarizes information for all interfaces.
|
|
Information for a specific interface may be displayed with the
|
|
.Fl I
|
|
option.
|
|
.Pp
|
|
The
|
|
.Xr bpf 4
|
|
flags displayed when
|
|
.Nm
|
|
is invoked with the
|
|
.Fl B
|
|
option represent the underlying parameters of the bpf peer.
|
|
Each flag is
|
|
represented as a single lower case letter.
|
|
The mapping between the letters and flags in order of appearance are:
|
|
.Bl -column ".Li i"
|
|
.It Li p Ta Set if listening promiscuously
|
|
.It Li i Ta Dv BIOCIMMEDIATE No has been set on the device
|
|
.It Li f Ta Dv BIOCGHDRCMPLT No status: source link addresses are being
|
|
filled automatically
|
|
.It Li s Ta Dv BIOCGSEESENT No status: see packets originating locally and
|
|
remotely on the interface.
|
|
.It Li a Ta Packet reception generates a signal
|
|
.It Li l Ta Dv BIOCLOCK No status: descriptor has been locked
|
|
.El
|
|
.Pp
|
|
For more information about these flags, please refer to
|
|
.Xr bpf 4 .
|
|
.Pp
|
|
The
|
|
.Fl x
|
|
flag causes
|
|
.Nm
|
|
to output all the information recorded about data
|
|
stored in the socket buffers.
|
|
The fields are:
|
|
.Bl -column ".Li R-MBUF"
|
|
.It Li R-MBUF Ta Number of mbufs in the receive queue.
|
|
.It Li S-MBUF Ta Number of mbufs in the send queue.
|
|
.It Li R-CLUS Ta Number of clusters, of any type, in the receive
|
|
queue.
|
|
.It Li S-CLUS Ta Number of clusters, of any type, in the send queue.
|
|
.It Li R-HIWA Ta Receive buffer high water mark, in bytes.
|
|
.It Li S-HIWA Ta Send buffer high water mark, in bytes.
|
|
.It Li R-LOWA Ta Receive buffer low water mark, in bytes.
|
|
.It Li S-LOWA Ta Send buffer low water mark, in bytes.
|
|
.It Li R-BCNT Ta Receive buffer byte count.
|
|
.It Li S-BCNT Ta Send buffer byte count.
|
|
.It Li R-BMAX Ta Maximum bytes that can be used in the receive buffer.
|
|
.It Li S-BMAX Ta Maximum bytes that can be used in the send buffer.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr fstat 1 ,
|
|
.Xr nfsstat 1 ,
|
|
.Xr procstat 1 ,
|
|
.Xr ps 1 ,
|
|
.Xr sockstat 1 ,
|
|
.Xr bpf 4 ,
|
|
.Xr inet 4 ,
|
|
.Xr route 4 ,
|
|
.Xr unix 4 ,
|
|
.Xr hosts 5 ,
|
|
.Xr networks 5 ,
|
|
.Xr protocols 5 ,
|
|
.Xr services 5 ,
|
|
.Xr iostat 8 ,
|
|
.Xr route 8 ,
|
|
.Xr trpt 8 ,
|
|
.Xr vmstat 8 ,
|
|
.Xr mbuf 9
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
command appeared in
|
|
.Bx 4.2 .
|
|
.Pp
|
|
IPv6 support was added by WIDE/KAME project.
|
|
.Sh BUGS
|
|
The notion of errors is ill-defined.
|