What is Netstat??
Netstat (Network Statistics) is a command line tool that displays network connections for the Transmission control protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software defined network interface) and network protocol statistics.
It is available on multiple platforms. But let us concentrate on how we can use it in windows Operating System.
Open Command prompt and type netstat – help
Above all are the parameters with description that can be used in netstat.
Note: – Windows is not case sensitive so you can try this command with and without caps.
Lets us go through all this command one by one…
So what if I simply type netstat…
It will result all the connection i am establishing with the network.
Proto –>Refers to the protocol used to make connection.
Local address –>The address of a resource in the computer being used.
It will be by default start with 127.0.0.1.
Foreign address –>Remote Network Address.
State –>whether the connection is Established, closed or in waiting stage.
NOTE:- Initially the Foreign address either will have our system name or the default address(127.0.0.1).
Once the connection is made –>Foreign address will use its own IP to connect with the local machine now.
Netstat –a command:-
It will display all the tcp and udp connections with the listening ports.
Netstat –b command:-
It will display along with executable application used for connection.
Note:- Here you can see I have used firefox.exe,xming.exe, and pandora.exe services.
Netstat –e command:-
This command will display all ethernet statictics…..like how many bytes of data sent and received any error while making connection, or any unkown protocols etc.
Unicast packets –>Unicast packet is a packet sent directly from one device to another device.
Non-unicast packets –> Packets without acknowledgement are non-unicast packets.
Netstat –f command:-
Netstat –f command display all connection of foreign address with a domain name instead of numerical ip address.
Note:- Domain name or Dns translate ip address to some specified name which can be easily memorized by humans. For eg:-www.google.com is easy to memorize rather than 220.127.116.11.
Netstat -n command:-
Display all connection in numerical form.
Note:- Initial Foreign address will also display in numerical form rather than displaying it with system name.
Netstat -o command:-
This command will display the process id associated with each connection.
Note:- With help of ‘process id’ you can stop the particular service if it is not being used by you or if it is being maliciously run by some intruder.
To kill the Process –>Go to task manager->Services.
Now check for the process id which u got from netstat-o command, once u got it….right click it and stop the service.
Netstat –p command
Use the –p switch to show connections or statistics only for a particular protocol. You can not define more than one protocol at once, nor can you execute netstat with –p without defining a protocol.
Netstat –r command:-
Executing Netstat with –r will show the IP routing tables.
Netmask –> It is used to define a range of ip address.
Gateway –>It is Network point that act as an entrance to another network.
Netstat –s command:-
-s option when combined with netstat will show the detailed statistic by protocols.
Note:- netstat with –e will show overall statistic whereas –s will give you statistic for each protocols.
Netstat –t command:-
Executing –t along with netstat will show the current offload state of tcp.
I hope you are familiar with Netstat command now, so work with this command if you want to know more information about your network Statistics.