How to use the command netstat (with examples)
- Windows
- December 25, 2023
Netstat is a command-line network utility tool that displays active TCP connections, ports on which the computer is listening, network adapter statistics, the IP routing table, as well as IPv4 statistics and IPv6 statistics. It provides valuable information about network connections and network performance.
Use case 1: Display active TCP connections
Code:
netstat
Motivation: Sometimes, it’s useful to see all the active TCP connections on a computer. This can help in troubleshooting network issues or identifying any suspicious connections.
Explanation: Running the netstat command without any arguments will display a list of active TCP connections on the computer.
Example output:
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.10:8080 104.20.15.248:443 ESTABLISHED
TCP 192.168.1.10:3389 143.204.97.62:35404 ESTABLISHED
...
Use case 2: Display all active TCP connections and the TCP and UDP ports on which the computer is listening
Code:
netstat -a
Motivation: By adding the -a argument, we can get additional information about the listening ports on the computer. This can be useful for checking if a specific port is already in use or verifying that services are running properly.
Explanation: The -a option displays all active TCP connections and also shows the TCP and UDP ports on which the computer is listening.
Example output:
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.10:8080 104.20.15.248:443 ESTABLISHED
TCP 192.168.1.10:3389 143.204.97.62:35404 ESTABLISHED
...
Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
UDP 0.0.0.0:53 *:*
UDP 0.0.0.0:500 *:*
...
Use case 3: Display network adapter statistics
Code:
netstat -e
Motivation: Monitoring network adapter statistics can provide insights into network performance, identifying any potential bottlenecks or abnormal activity.
Explanation: The -e option displays network adapter statistics, including the number of bytes and packets sent and received.
Example output:
Interface Statistics
Received Sent
Bytes
Ethernet 243180 186553
...
Unicast packets
Ethernet 251 323
...
Use case 4: Display active TCP connections and express addresses and port numbers numerically
Code:
netstat -n
Motivation: Displaying IP addresses and port numbers numerically can be helpful when troubleshooting network connectivity issues or analyzing network traffic.
Explanation: The -n option causes netstat to display active TCP connections, addresses, and port numbers in numerical form instead of resolving them to hostnames and services.
Example output:
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.10:8080 104.20.15.248:443 ESTABLISHED
TCP 192.168.1.10:3389 143.204.97.62:35404 ESTABLISHED
...
Use case 5: Display active TCP connections and include the process ID (PID) for each connection
Code:
netstat -o
Motivation: Identifying the process ID associated with a TCP connection can be useful for troubleshooting or monitoring purposes. It allows us to identify which process or application is responsible for a particular network activity.
Explanation: The -o option adds the Process ID (PID) column to the output, showing the process ID associated with each active TCP connection.
Example output:
Active Connections
Proto Local Address Foreign Address State PID
TCP 192.168.1.10:8080 104.20.15.248:443 ESTABLISHED 1234
TCP 192.168.1.10:3389 143.204.97.62:35404 ESTABLISHED 5678
...
Use case 6: Display the contents of the IP routing table
Code:
netstat -r
Motivation: Analyzing the IP routing table can help in understanding how network traffic is being routed and troubleshoot any routing issues.
Explanation: The -r option displays the IP routing table, which lists the routes for IP packets on the computer.
Example output:
IPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
IPv6 Route Table
Active Routes:
If Metric Network Destination Gateway
...
Use case 7: Display statistics by protocol
Code:
netstat -s
Motivation: Viewing statistics by protocol can provide detailed information about the performance and usage of different network protocols on the computer.
Explanation: The -s option displays statistics by protocol, including TCP, UDP, ICMP, and other network protocols.
Example output:
IPv4 Statistics
Packets Received = 14000
Received Header Errors = 23
...
Packets Sent = 8800
Output Requests = 1890
...
ICMPv4 Statistics
...
Use case 8: Display a list of currently open ports and related IP addresses
Code:
netstat -an
Motivation: Sometimes it’s useful to see a list of all open ports on a computer and the associated IP addresses. This can help in identifying any open network services or potential security vulnerabilities.
Explanation: The -an option displays a list of active TCP and UDP connections and also shows the IP address and port number for each connection.
Example output:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
UDP 0.0.0.0:53 *:*
UDP 0.0.0.0:500 *:*
...
Conclusion:
Netstat is a powerful command-line tool for monitoring and troubleshooting network connections and performance. With its various options, it provides detailed information about active TCP connections, listening ports, network adapter statistics, IP routing table contents, protocol statistics, and more. Understanding how to use the different options of netstat can greatly aid in network troubleshooting and analysis.
