The
command symbolically displays the contents of various network-related
data structures.
There are a number of output formats,
depending on the options for the information presented.
Display a list of active sockets
(protocol control blocks)
for each network protocol,
for a particular
protocol_family
or for a single
protocol
If
-A
is also present,
show the address of a protocol control block (PCB)
associated with a socket; used for debugging.
If
-a
is also present,
show the state of all sockets;
normally sockets used by server processes are not shown.
If
-L
is also present,
show the size of the various listen queues.
The first count shows the number of unaccepted connections,
the second count shows the amount of unaccepted incomplete connections,
and the third count is the maximum number of queued connections.
If
-S
is also present,
show network addresses as numbers (as with
-n
but show ports symbolically.
-words
-i | I interface
[-abdhntW
]
[-f address_family
]
[-M core
]
[-N system
]
Show the state of all network interfaces or a single
interface
which have been auto-configured
(interfaces statically configured into a system, but not
located at boot time are not shown).
An asterisk
(``*
''
)
after an interface name indicates that the interface is
``down''
If
-a
is also present, multicast addresses currently in use are shown
for each Ethernet interface and for each IP interface address.
Multicast addresses are shown on separate lines following the interface
address with which they are associated.
If
-b
is also present, show the number of bytes in and out.
If
-d
is also present, show the number of dropped packets.
If
-h
is also present, print all counters in human readable form.
If
-t
is also present, show the contents of watchdog timers.
If
-W
is also present, print interface names using a wider field size.
At intervals of
wait
seconds,
display the information regarding packet
traffic on all configured network interfaces
or a single
interface
If
-d
is also present, show the number of dropped packets.
Display system-wide statistics for each network protocol,
for a particular
protocol_family
or for a single
protocol
If
-s
is repeated, counters with a value of zero are suppressed.
If
-z
is also present, reset statistic counters after displaying them.
-words
-i | I interface -s
[-f protocol_family | -p protocol
]
[-M core
]
[-N system
]
Display per-interface statistics for each network protocol,
for a particular
protocol_family
or for a single
protocol
-words
-m
[-M core
]
[-N system
]
Show statistics recorded by the memory management routines
(mbuf(9)
)
The network manages a private pool of memory buffers.
-words
-B
[-I interface
]
Show statistics about
bpf(4)
peers.
This includes information like
how many packets have been matched, dropped and received by the
bpf device, also information about current buffer sizes and device
states.
Display the contents of all routing tables,
or a routing table for a particular
address_family
If
-A
is also present,
show the contents of the internal Patricia tree
structures; used for debugging.
If
-a
is also present,
show protocol-cloned routes
(routes generated by an
RTF_PRCLONING
parent route);
normally these routes are not shown.
When
-W
is also present,
show the path MTU
for each route,
and print interface
names with a wider
field size.
-words
-rs
[-s
]
[-M core
]
[-N system
]
Display routing statistics.
If
-s
is repeated, counters with a value of zero are suppressed.
Show information related to multicast (group address) routing.
By default, show the IP Multicast virtual-interface and routing tables,
and multicast group memberships.
The program will complain if
protocol
is unknown or if there is no statistics routine for it.
-M
Extract values associated with the name list from the specified core
instead of the default
/dev/kmem
-N
Extract the name list from the specified system instead of the default,
which is the kernel image the system has booted from.
-n
Show network addresses and ports as numbers.
Normally
attempts to resolve addresses and ports,
and display them symbolically.
-W
In certain displays, avoid truncating addresses even if this causes
some fields to overflow.
The default display, for active sockets, shows the local
and remote addresses, send and receive queue sizes (in bytes), protocol,
and the internal state of the protocol.
Address formats are of the form
``host.port''
or
``network.port''
if a socket's address specifies a network but no specific host address.
When known, the host and network addresses are displayed symbolically
according to the databases
hosts(5)
and
networks(5),
respectively.
If a symbolic name for an address is unknown, or if
the
-n
option is specified, the address is printed numerically, according
to the address family.
For more information regarding
the Internet IPv4
``dot format''
refer to
inet(3).
Unspecified,
or
``wildcard''
addresses and ports appear as
``*
''
The interface display provides a table of cumulative
statistics regarding packets transferred, errors, and collisions.
The network addresses of the interface
and the maximum transmission unit
(``mtu''
)
are also displayed.
The routing table display indicates the available routes and their status.
Each route consists of a destination host or network, and a gateway to use
in forwarding packets.
The flags field shows a collection of information about the route stored
as binary choices.
The individual flags are discussed in more detail in the
route(8)
and
route(4)
manual pages.
The mapping between letters and flags is:
1 Ta RTF_PROTO1 Ta Protocol specific routing flag #1
2 Ta RTF_PROTO2 Ta Protocol specific routing flag #2
3 Ta RTF_PROTO3 Ta Protocol specific routing flag #3
B Ta RTF_BLACKHOLE Ta Just discard pkts (during updates)
b Ta RTF_BROADCAST Ta The route represents a broadcast address
C Ta RTF_CLONING Ta Generate new routes on use
c Ta RTF_PRCLONING Ta Protocol-specified generate new routes on use
D Ta RTF_DYNAMIC Ta Created dynamically (by redirect)
G Ta RTF_GATEWAY Ta Destination requires forwarding by intermediary
H Ta RTF_HOST Ta Host entry (net otherwise)
L Ta RTF_LLINFO Ta Valid protocol to link address translation
M Ta RTF_MODIFIED Ta Modified dynamically (by redirect)
R Ta RTF_REJECT Ta Host or net unreachable
S Ta RTF_STATIC Ta Manually added
U Ta RTF_UP Ta Route usable
W Ta RTF_WASCLONED Ta Route was generated as a result of cloning
X Ta RTF_XRESOLVE Ta External daemon translates proto to link address
Direct routes are created for each
interface attached to the local host;
the gateway field for such entries shows the address of the outgoing interface.
The refcnt field gives the
current number of active uses of the route.
Connection oriented
protocols normally hold on to a single route for the duration of
a connection while connectionless protocols obtain a route while sending
to the same destination.
The use field provides a count of the number of packets
sent using that route.
The interface entry indicates the network interface utilized for the route.
When
is invoked with the
-w
option and a
wait
interval argument, it displays a running count of statistics related to
network interfaces.
An obsolescent version of this option used a numeric parameter
with no option, and is currently supported for backward compatibility.
By default, this display summarizes information for all interfaces.
Information for a specific interface may be displayed with the
-I
option.
The
bpf(4)
flags displayed when
is invoked with the
-B
option represent the underlying parameters of the bpf peer.
Each flag is
represented as a single lower case letter.
The mapping between the letters and flags in order of appearance are:
p Ta Set if listening promiscuously
i Ta BIOCIMMEDIATE has been set on the device
f Ta BIOCGHDRCMPLT status: source link addresses are being
filled automatically
s Ta BIOCGSEESENT status: see packets originating locally and
remotely on the interface.
a Ta Packet reception generates a signal
l Ta BIOCLOCK status: descriptor has been locked
For more information about these flags, please refer to
bpf(4).
