Windows Netstat Command Tutorial with Examples To List Network Ports and Connections

RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/windows-netstat-command-tutorial-examples-list-network-ports-connections/
PINTEREST
PINTEREST
INSTAGRAM

Netstat is used to display active TCP connections and related listening ports in the computer or system. Actually there are more features provided by netstat like display statistics about network stack protocols, IPv4, IPv6, TCP, UDP etc.

Syntax

Display All TCP and UDP Connections with Listening Ports

TCP is most used protocol for transmission of packets between different hosts. In a regular usage for a host there will be a lot of TCP connections in different phases. We can display all these connections with -a option like below.

Display All TCP Connections

Display All TCP Connections

TCP States

As we know TCP protocol provides reliable data transfer between hosts. TCP implements sessions to provide this reliability. From start to end there are different states in a TCP session. Here the sequence and meaning of TCP states.

  • LISTENING means port is listening but do not have any connection with a remote host
  • ESTABLISHED the connection established and communicating with remote host
  • TIME_WAIT the connection is in a wait situations
  • CLOSE_WAIT the connection is closing phase
  • CLOSED the connection is closed
  • SYN_RECEIVED the sync flag received to start connection

Display Ethernet Statistics

Ethernet or MAC generally used for the same meaning. Ethernet is layer 2 protocol used to communication in our LAN with other hosts and mostly with gateway which is used to access other networks or internet. We can list detailed information about ethernet protocol. We will use -e option to list ethernet statistics.

LEARN MORE  Introduction To Nmap Network Scanning

Display Numeric Presentation of Ports and Hostname

Host and ports generally have numeric and text presentations. netstat command by default try to resolve the host name and port name into text format. If we need to get host and port numeric information like IP address and port number we can use -n option.

Display Numeric Presentation of Ports and Hostname

Display Numeric Presentation of Ports and Hostname

Display Connection or Ports Process ID

All ports and connections are opened and managed by processes in operating system. For example Apache is web server and uses TCP 80 for listening http requests. We can  list processes id of given connection or port with -o option.

Display Connection or Ports Process ID

Display Connection or Ports Process ID

Display Connection or Ports Process Name

Like previous example we can list established connection or listening port process name with -b option. But this option requires Administrator privileges.

Display Connection or Ports Process Name

Display Connection or Ports Process Name

We can see from output that chrome.exe. established a connection with remote host over https protocol.

Display Fully Qualified Domain Name

Normally netstat command list host names in a simple manner and with a fast way. It can skip some domain names too. We can for netstat to print fully qualified domain names with -f option.

Display Fully Qualified Domain Name

Display Fully Qualified Domain Name

Display Only TCP Protocol

netstat command provide extensive filtering options according to protocols. We can provide filter option with  -p and protocol name. In this example we will filter and show only TCP protocol.

LEARN MORE  What is IP Address (Internet Protocol Address)?

Display Only TCP Protocol

Display Only TCP Protocol

Display Only UDP Protocol

We can also filter and show only UDP protocol ports with -p udp option. Here we provided -a to list UDP too.

Display Only UDP Protocol

Display Only UDP Protocol

Display Only IPv4

We can use -p ip option to filter and show only IPv4 connections.

Display Only IPv6

We can use -p ipv6 option to filter and show only IPv6 connections.

Display Statistics

netstat command provides a lot of statistical information about the network stack. These statistics provides detailed metrics about protocols. We can list these statistical information with -s option.

Display Statistics

Display Statistics

Display Only TCP Protocol Statistics

We can only list TCP protocol related statistics with -s -p tcp option.

Display Only TCP Protocol Statistics

Display Only TCP Protocol Statistics

As we can see from output there are following information

  • Active Opens
  • Passive Opens
  • Failed Connection Attempts
  • Reset Connections

Display Only ICMP Protocol Statistics

We can list only ICMP related statistics with -s -p icmp option.

Display Only ICMP Protocol Statistics

Display Only ICMP Protocol Statistics

Display Routing Table

Routing is used to set IP packets first hop according to their destination. Our system route information can be liste with -r option.

Display Routing Table

Display Routing Table

As we can see the default route is printed in the first line which IP address is 192.168.122.1 .

LEARN MORE  Linux iostat Command Tutorial With Examples

Display Interactively

If we need to list given options output interactively to monitor the metrics we can use interactive mode. Interactive mode is enabled by providing interval value to print output. This feature do not needs any option we will only provide interval value which is 2 in this case.

RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/windows-netstat-command-tutorial-examples-list-network-ports-connections/
PINTEREST
PINTEREST
INSTAGRAM

You may also like...

Leave a Reply

Your email address will not be published.

Enjoy this blog? Please spread the word :)