NETSTAT - CMD

Overview

NETSTAT (Network Statistics) is a command-line tool provided by Windows operating systems that displays network connections for the Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface statistics. It is commonly used for diagnosing network problems and for gathering information about the network traffic on a server or workstation.

Syntax

netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-q] [-r] [-s] [-t] [-x] [-y] [interval]
  • -a: Displays all connections and listening ports.
  • -b: Shows the executable involved in creating each connection or listening port.
  • -e: Displays Ethernet statistics. This may be combined with the -s option.
  • -f: Displays Fully Qualified Domain Names (FQDN) for foreign addresses.
  • -n: Displays addresses and port numbers in numerical form.
  • -o: Shows the owning process ID associated with each connection.
  • -p protocol: Shows connections for the protocol specified by protocol; for example, TCP, UDP.
  • -q: Displays all connections, listening ports, and bound nonlistening TCP ports. This option is included in options provided by -a.
  • -r: Displays the routing table.
  • -s: Displays per-protocol statistics. By default, statistics are shown for TCP, UDP, ICMP, and IP; the -p option can be used to specify a subset of the default.
  • -t: Displays the current connection offload state.
  • -x: Displays NetworkDirect connections, listeners, and shared endpoints.
  • -y: Displays the TCP connection template for all connections.
  • interval: Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.

Options/Flags

  • -a: Useful for checking whether certain ports are listening and which services or applications are connected to the internet.
  • -b: Essential for finding out which executables are causing unexpected connections. Requires administrative privileges.
  • -e: Provides insight into network load and can be helpful in identifying network bottlenecks.
  • -n: Improves readability of the output when resolving host-names is not necessary and helps in scripting scenarios.
  • -o: Crucial for administrators when identifying processes that are causing unwanted network traffic or investigating port conflicts.
  • -p: Useful when analyzing traffic specific to a protocol, aiding in troubleshooting protocol-specific issues.

Examples

  • To display all connections and listening ports: 
    netstat -a
  • To display all connections, listening ports, and associated processes: 
    netstat -a -o
  • To view Ethernet statistics: 
    netstat -e
  • To show detailed statistics every 5 seconds: 
    netstat -e -s -p tcp 5

Common Issues

  • Excessive Information: Without specific flags, netstat can return more information than necessary, overwhelming the user. Utilizing flags like -n, -p, or -b can filter the output.
  • Permission Errors: Using the -b option requires administrative privileges. Running it without sufficient permissions results in an error. To resolve, run the command prompt as an administrator.

Integration

NETSTAT can be combined with other tools like findstr to refine output. For instance, to find if any process is listening on TCP port 443, one can use:

netstat -aon | findstr :443

For regular monitoring, one might write a batch script that logs this data to a file for later analysis.

  • PING: Tests connectivity to remote hosts.
  • TRACERT: Traces route packets take to a target host.
  • IPCONFIG: Shows all current TCP/IP network configuration values.

For more detailed information, you can refer to the Microsoft documentation on NETSTAT.