Netstat – free utility for troubleshooting

This small utility that is free and comes as a part of the operating system – NETSTAT is a perfect tool for troubleshooting and can be used on Windows and Linux with few differences as seems that Linux has few more parameters (functionality) when it comes to usage.

Netstat is used in command line as well as you can use it with your scripts to display active TCP/UDP connections, ports on which computer is listening, Ethernet statistics, IP routing table, IPv4/6.

In case you are using it on Windows operating system, you will need to use these parameters:

– a : Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.
– e : Displays Ethernet statistics, such as the number of bytes and packets sent and received.
– n : Displays active TCP connections, however, addresses and port numbers are expressed numerically and no attempt is made to determine names.
– o : Displays active TCP connections and includes the process ID (PID) for each connection.
– p : Shows connections for the protocol specified by 
 – s : Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP protocols
– r : Displays the contents of the IP routing table. This is equivalent to the route print command.

If you are working on Linux system, you will find that Linux is offering little a bit more features than Windows.

– a: Show the state of all sockets and all routing table entries; normally, sockets used by server processes are not shown and only interface, host, network, and default routes are shown.
-n : Show network addresses as numbers
-v : Verbose. Show additional information for the sockets and the routing table.
-g : Show the multicast group memberships for all interfaces.
-m : Show the STREAMS statistics.
-p : Show the address resolution (ARP) tables.
-s : Show per-protocol statistics. When used with the -M option, show multicast routing statistics instead.
-I : Show the state of the interfaces that are used for TCP/IP traffic.
-r : Show the routing tables.
-M : Show the multicast routing tables. When used with the -s option, show multicast routing statistics instead.
-d : how the state of all interfaces that are under Dynamic Host Configuration Protocol (DHCP) control.
-D : Show the status of DHCP configured interfaces.
-f : address family imit statistics or address control block reports to those of the specified address family
-P : Limit display of statistics or state of all sockets to those applicable to protocol.
-I :  Show the state of a particular interface. interface can be any valid interface such as ie0 

Here are some examples how to use netstat:

My preferred one is: c:>netstat -e -s -p tcp > netstatLog.txt  – once completed you will get completed capture into netstatLog.txt file and you can easily analyze the results.
c:>netstat -s -p tcp udp   – To display statistic on TCP/UDP protocols
c:>netstat -r -n   – shows routing table and connections
c:>netstat –an | find /i “ESTABLISHED” > EstablishedLog.txt

Established TCP Connections

Leave a Reply