diff options
Diffstat (limited to 'network_cmds/netstat.tproj/netstat.1')
-rw-r--r-- | network_cmds/netstat.tproj/netstat.1 | 445 |
1 files changed, 445 insertions, 0 deletions
diff --git a/network_cmds/netstat.tproj/netstat.1 b/network_cmds/netstat.tproj/netstat.1 new file mode 100644 index 0000000..61ab843 --- /dev/null +++ b/network_cmds/netstat.tproj/netstat.1 @@ -0,0 +1,445 @@ +.\" Copyright (c) 2015 Apple Inc. All rights reserved. +.\" +.\" @APPLE_OSREFERENCE_LICENSE_HEADER_START@ +.\" +.\" This file contains Original Code and/or Modifications of Original Code +.\" as defined in and that are subject to the Apple Public Source License +.\" Version 2.0 (the 'License'). You may not use this file except in +.\" compliance with the License. The rights granted to you under the License +.\" may not be used to create, or enable the creation or redistribution of, +.\" unlawful or unlicensed copies of an Apple operating system, or to +.\" circumvent, violate, or enable the circumvention or violation of, any +.\" terms of an Apple operating system software license agreement. +.\" +.\" Please obtain a copy of the License at +.\" http://www.opensource.apple.com/apsl/ and read it before using this file. +.\" +.\" The Original Code and all software distributed under the License are +.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER +.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, +.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, +.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. +.\" Please see the License for the specific language governing rights and +.\" limitations under the License. +.\" +.\" @APPLE_OSREFERENCE_LICENSE_HEADER_END@ +.\" +.\" Copyright (c) 1983, 1990, 1992, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)netstat.1 8.8 (Berkeley) 4/18/94 +.\" $FreeBSD: src/usr.bin/netstat/netstat.1,v 1.22.2.7 2001/08/10 09:07:09 ru Exp $ +.\" +.Dd June 15, 2001 +.Dt NETSTAT 1 +.Os Darwin +.Sh NAME +.Nm netstat +.Nd show network status +.Sh SYNOPSIS +.Nm +.Op Fl AaLlnW +.Op Fl f Ar address_family | Fl p Ar protocol +.Nm +.Op Fl gilns +.Op Fl v +.Op Fl f Ar address_family +.Op Fl I Ar interface +.Nm +.Fl i | I Ar interface +.Op Fl w Ar wait +.Op Fl c Ar queue +.Op Fl abdgqRtS +.Nm +.Fl s Op Fl s +.Op Fl f Ar address_family | Fl p Ar protocol +.Op Fl w Ar wait +.Nm +.Fl i | I Ar interface Fl s +.Op Fl f Ar address_family | Fl p Ar protocol +.Nm +.Fl m +.Op Fl m +.Nm +.Fl r +.Op Fl Aaln +.Op Fl f Ar address_family +.Nm +.Fl rs +.Op Fl s +.\"----------------------------------------------------------------------------------------- +.Sh DESCRIPTION +.\"----------------------------------------------------------------------------------------- +The +.Nm +command symbolically displays the contents of various network-related data structures. +There are a number of output formats, depending on the options for the information presented. +The first form of the command displays a list of active sockets for each protocol. +The second form presents the contents of one of the other network data structures according +to the option selected. Using the third form, with a +.Ar wait +interval specified, +.Nm +will continuously display the information regarding packet traffic on the configured network +interfaces. The fourth form displays statistics for the specified protocol or address family. If a +.Ar wait +interval is specified, the protocol information over the last interval seconds will be displayed. +The fifth form displays per-interface statistics for the specified protocol or address family. +The sixth form displays +.Xr mbuf 9 +statistics. The seventh form displays routing table for the specified address family. The +eighth form displays routing statistics. +.Pp +The options have the following meaning: +.Bl -tag -width flag +.It Fl A +With the default display, show the address of any protocol control blocks associated with +sockets and the flow hash; used for debugging. +.It Fl a +With the default display, show the state of all sockets; normally sockets used by server +processes are not shown. With the routing table display (option +.Fl r , +as described below), show protocol-cloned routes (routes generated by a +.Dv RTF_PRCLONING +parent route); normally these routes are not shown. +.It Fl b +With the interface display (option +.Fl i , +as described below), show the number of bytes in and out. +.It Fl c Ar queue +With the queue statistics (option +.Fl q , +as described below), show only those for the specified +.Ar queue . +.It Fl d +With either interface display (option +.Fl i +or an interval, as described below), show the number of dropped packets. +.It Fl f Ar address_family +Limit statistics or address control block reports to those of the specified +.Ar address family . +The following address families are recognized: +.Ar inet , +for +.Dv AF_INET , +.Ar inet6 , +for +.Dv AF_INET6 +and +.Ar unix , +for +.Dv AF_UNIX . +.It Fl g +Show information related to multicast (group address) membership. If the +.Fl s +option is also present, show extended interface group management statistics. If the +.Fl v +option is specified, show link-layer memberships; they are suppressed by default. +Source lists for each group will also be printed. Specifiying +.Fl v +twice will print the control plane timers for each interface and the source list counters +for each group. If the +.Fl i +is specified, only that interface will be shown. If the +.Fl f +is specified, only information for the address family will be displayed. +.It Fl I Ar interface +Show information about the specified interface; used with a +.Ar wait +interval as described below. +If the +.Fl s +option is present, show per-interface protocol statistics on the +.Ar interface +for the specified +.Ar address_family +or +.Ar protocol , +or for all protocol families. +.It Fl i +Show the state of interfaces which have been auto-configured (interfaces statically +configured into a system, but not located at boot time are not shown). If the +.Fl a +options is also present, multicast addresses currently in use are shown for each +Ethernet interface and for each IP interface address. Multicast addresses are shown +on separate lines following the interface address with which they are associated. +If the +.Fl s +option is present, show per-interface statistics on all interfaces for the specified +.Ar address_family +or +.Ar protocol , +or for all protocol families. +.It Fl L +Show the size of the various listen queues. The first count shows the number of +unaccepted connections. The second count shows the amount of unaccepted incomplete +connections. The third count is the maximum number of queued connections. +.It Fl l +Print full IPv6 address. +.It Fl m +Show statistics recorded by the memory management routines (the network stack manages a private pool of memory buffers). More detailed information about the buffers, which includes their cache related statistics, can be obtained by using +.Fl mm +or +.Fl m +.Fl m +option. +.It Fl n +Show network addresses as numbers (normally +.Nm +interprets addresses and attempts to display them symbolically). This option may be +used with any of the display formats. +.It Fl p Ar protocol +Show statistics about +.Ar protocol , +which is either a well-known name for a protocol or an alias for it. Some protocol +names and aliases are listed in the file +.Pa /etc/protocols . +The special protocol name +.Dq bdg +is used to show bridging statistics. A null response typically means that there are +no interesting numbers to report. The program will complain if +.Ar protocol +is unknown or if there is no statistics routine for it. +.It Fl q +Show network interface send queue statistics. By default all queues are displayed, unless +specified with +.Fl c . +This option requires specifying an interface with +.Fl I +option. More detailed information about the queues, which includes their queueing algorithm related statistics, can be obtained by using +.Fl qq +or +.Fl q +.Fl q +option. +.It Fl r +Show the routing tables. Use with +.Fl a +to show protocol-cloned routes. When +.Fl s +is also present, show routing statistics instead. When +.Fl l +is also present, +.Nm +assumes more columns are there and the maximum transmission unit. +More detailed information about the route metrics are displayed with +.Fl ll +for TCP round trip times +.Fl lll +for all metrics. +Use the +.Fl z +flags to display only entries with non-zero RTT values. +.Pq Dq mtu +are also displayed. +.It Fl R +Show reachability information. Use with +.Fl i +to show link-layer reachability information for a given interface. +.It Fl s +Show per-protocol statistics. If this option is repeated, counters with a value of +zero are suppressed. For security reasons, root privileges are required to read TCP statistics and in the absence of such privileges all TCP counters will be reported as zero. +.It Fl S +Show interface link status and interface state information about the specified interface. This option requires specifying an interface with +.Fl I +option. +.It Fl v +Increase verbosity level. +.It Fl W +In certain displays, avoid truncating addresses even if this causes some fields to +overflow. +.It Fl w Ar wait +Show network interface or protocol statistics at intervals of +.Ar wait +seconds. +.It Fl x +Show extended link-layer reachability information in addition to that shown by +the +.Fl R +flag. +.El +.Pp +.\"------------------------------------------------------------------------------- +.Sh OUTPUT +.\"------------------------------------------------------------------------------- +The default display, for active sockets, shows the local and remote addresses, +send and receive queue sizes (in bytes), protocol, and the internal state of +the protocol. Address formats are of the form +.Dq host.port +or +.Dq network.port +if a socket's address specifies a network but no specific host address. +If known, the host and network addresses are displayed symbolically +according to the databases +.Pa /etc/hosts +and +.Pa /etc/networks , +respectively. If a symbolic name for an address is unknown, or if the +.Fl n +option is specified, the address is printed numerically, according to the +address family. For more information regarding the Internet +.Dq dot format , +refer to +.Xr inet 3 ) . +Unspecified, +or +.Dq wildcard , +addresses and ports appear as +.Dq * . +.Pp +Internet domain socket states: +.Bl -column X LISTEN +CLOSED: The socket is not in use. +.Pp +LISTEN: The socket is listening for incoming connections. Unconnected +listening sockets like these are only displayed when using the -a option. +.Pp +SYN_SENT: The socket is actively trying to establish a connection to a +remote peer. +.Pp +SYN_RCVD: The socket has passively received a connection request from a +remote peer. +.Pp +ESTABLISHED: The socket has an established connection between a local +application and a remote peer. +.Pp +CLOSE_WAIT: The socket connection has been closed by the remote peer, +and the system is waiting for the local application to close its half of +the connection. +.Pp +LAST_ACK: The socket connection has been closed by the remote peer, the +local application has closed its half of the connection, and the system +is waiting for the remote peer to acknowledge the close. +.Pp +FIN_WAIT_1: The socket connection has been closed by the local +application, the remote peer has not yet acknowledged the close, and the +system is waiting for it to close its half of the connection. +.Pp +FIN_WAIT_2: The socket connection has been closed by the local +application, the remote peer has acknowledged the close, and the system +is waiting for it to close its half of the connection. +.Pp +CLOSING: The socket connection has been closed by the local application +and the remote peer simultaneously, and the remote peer has not yet +acknowledged the close attempt of the local application. +.Pp +TIME_WAIT: The socket connection has been closed by the local +application, the remote peer has closed its half of the connection, and +the system is waiting to be sure that the remote peer received the last +acknowledgement. +.El +.Pp +The interface display provides a table of cumulative statistics regarding +packets transferred, errors, and collisions. The network addresses of the +interface and the maximum transmission unit +.Pq Dq mtu +are also displayed. +.Pp +The routing table display indicates the available routes and their status. +Each route consists of a destination host or network and a gateway to use +in forwarding packets. The flags field shows a collection of information +about the route stored as binary choices. The individual flags are discussed +in more detail in the +.Xr route 8 +and +.Xr route 4 +manual pages. The mapping between letters and flags is: +.Bl -column XXXX RTF_BLACKHOLE +1 RTF_PROTO1 Protocol specific routing flag #1 +2 RTF_PROTO2 Protocol specific routing flag #2 +3 RTF_PROTO3 Protocol specific routing flag #3 +B RTF_BLACKHOLE Just discard packets (during updates) +b RTF_BROADCAST The route represents a broadcast address +C RTF_CLONING Generate new routes on use +c RTF_PRCLONING Protocol-specified generate new routes on use +D RTF_DYNAMIC Created dynamically (by redirect) +G RTF_GATEWAY Destination requires forwarding by intermediary +H RTF_HOST Host entry (net otherwise) +I RTF_IFSCOPE Route is associated with an interface scope +i RTF_IFREF Route is holding a reference to the interface +L RTF_LLINFO Valid protocol to link address translation +M RTF_MODIFIED Modified dynamically (by redirect) +m RTF_MULTICAST The route represents a multicast address +R RTF_REJECT Host or net unreachable +r RTF_ROUTER Host is a default router +S RTF_STATIC Manually added +U RTF_UP Route usable +W RTF_WASCLONED Route was generated as a result of cloning +X RTF_XRESOLVE External daemon translates proto to link address +Y RTF_PROXY Proxying; cloned routes will not be scoped +.El +.Pp +Direct routes are created for each interface attached to the local host; +the gateway field for such entries shows the address of the outgoing +interface. The refcnt field gives the current number of active uses of +the route. Connection oriented protocols normally hold on to a single +route for the duration of a connection while connectionless protocols +obtain a route while sending to the same destination. The use field +provides a count of the number of packets sent using that route. The +interface entry indicates the network interface utilized for the route. +A route which is marked with the RTF_IFSCOPE flag is instantiated for +the corresponding interface. A cloning route which is marked with the +RTF_PROXY flag will not generate new routes that are associated +with its interface scope. +.Pp +When +.Nm netstat +is invoked with the +.Fl w +option and a +.Ar wait +interval argument, it displays a running count of statistics related to +network interfaces or protocols. An obsolete version of this option used a numeric +parameter with no option, and is currently supported for backward +compatibility. By default, this display summarizes information for all +interfaces. Information for a specific interface may be displayed with the +.Fl I +option. +.Sh SEE ALSO +.Xr nfsstat 1 , +.Xr ps 1 , +.Xr inet 4 , +.Xr unix 4 , +.Xr hosts 5 , +.Xr networks 5 , +.Xr protocols 5 , +.Xr route 8 , +.Xr services 5 , +.Xr iostat 8 , +.Sh HISTORY +The +.Nm netstat +command appeared in +.Bx 4.2 . +.Pp +IPv6 support was added by WIDE/KAME project. +.Sh BUGS +The notion of errors is ill-defined. |