Home IT Knowledge Base Windows Server 2003 netstat windows command
 16 people online.

Share & Bookmark

Add to: Digg Add to: Del.icoi.us Add to: StumbleUpon Add to: Furl Add to: Yahoo Add to: Technorati
by: Camp26.Com

Related Articles

New Knowledge Base Articles

  

Most Popular Knowledge Base Articles
netstat windows command

By Andrew Leaning, on 31-12-2008 04:06

Views : 5310    

Netstat is a Windows command-line tool (a similiar command exists in Linux, this document however refers only to the Windows version) that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics. Specifically, it shows who is connected to the computer used and the systems it is connected to; errors with the ethernet interface

Netstat Arguments/Parameters

Netstat is launched from the command prompt. Arguments to the command being:

-a : Displays all active TCP connections including TCP and UDP ports on which the computer is listening.

-b : Displays the binary (executable) program's name involved in creating each connection or listening port.

-e : Displays ethernet statistics, such as the number of bytes and packets sent and received. This parameter can be combined with -s.

-n : Displays active TCP connections, however, addresses and port numbers are expressed numerically and no attempt is made to determine names.

-o : Displays active TCP connections including the process ID for each connection. The Windows Task Manager can be used to find application matching the PID.

-p Windows: Protocol : Shows connections for the protocol specified by Protocol. -r : Displays the contents of the IP routing table. (This is equivalent to the route print command under Windows.)

-s : Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP protocols. If the IPv6 protocol for Windows XP is installed, statistics are shown for the TCP over IPv6, UDP over IPv6, ICMPv6, and IPv6 protocols. The -p parameter can be used to specify a set of protocols.

-v : When used in conjunction with -b it will display the sequence of components involved in creating the connection or listening port for all executables.

Interval : Real time display of selected information; shows the selected information every Interval seconds. Press CTRL+C to stop the redisplay. If this parameter is omitted, netstat prints the selected information only once.

 

The command will only work if the TCP/IP protocol is installed and will show the following TCP states as per RFC 793:

CLOSE_WAIT - waiting for connection termination request from the local user.
CLOSED (this is a fictional state and is used to show when a connection no longer exists)
ESTABLISHED - a TCP session is established and data can be transferred.
FIN_WAIT_1 - waiting confirmation of a previously sent termination request.
FIN_WAIT_2 - waiting for a connection termination request from the remote host.
LAST_ACK - waiting confirmation of a previously sent termination request.
LISTEN - the computer is accepting connections and is waiting for a remote connection.
SYN_RECEIVED - connection requests have been received in both directions and the computer is now waiting for a connection request confirmation to complete the session establishment.
SYN_SEND - waiting for a matching connection request in response to an outgoing connection request.
TIMED_WAIT - forced delay to ensure the remote host has received acknowledgement for a termination request.

Netstat Example

To see who is connected to the computer being used and the systems it is connected to enter netstat -a 

C:\>netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    test1:http               test1.TESTDOM.LOCAL:0      LISTENING
  TCP    test1:1028             test1.TESTDOM.LOCAL:0      LISTENING
  TCP    test1:1884             localhost:1885         ESTABLISHED
  TCP    test1:1885             localhost:1884         ESTABLISHED
  TCP    test1:1886             localhost:1887         ESTABLISHED
  TCP    test1:1887             localhost:1886         ESTABLISHED
  TCP    test1:5152             test1.TESTDOM.LOCAL:0      LISTENING
  TCP    test1:5152             localhost:1888         CLOSE_WAIT
  TCP    test1:netbios-ssn    test1.TESTDOM.LOCAL:0      LISTENING
  TCP    test1:2022             diggriver.com:http     TIME_WAIT
  TCP    test1:2023             diggriver.com:http     ESTABLISHED
  TCP    test1:2024             diggriver.com:http     TIME_WAIT
  TCP    test1:2025             diggriver.com:http     TIME_WAIT
  TCP    test1:2026             diggriver.com:http     TIME_WAIT

This shows the PC being used - test1 is connected to itself '(test1' and localhost); and the digg website (diggriver). In this example, a webserver is running on the local computer hence the first line showing the computer listening for connections on the HTTP port. 

 
To check if there are problems with the Ethernet interface on the computer, the '-e' argument would be used.  
C:\>netstat -e
Interface Statistics
                               Received            Sent
Bytes                       11172896         3850599
Unicast packets              30536           29730
Non-unicast packets         3670            1679
Discards                               0               0
Errors                                   0               1
Unknown protocols                 0

 

Last update: 02-01-2009 13:50
Comments Print Email a friend Related articles
PDF 
Next >