IP Network - netstat

 

 

 

netstat is used mainly to figure out what kind of socket application is running and which port is assigned to each of those application.

 

 

C:\>netstat -?

 

Displays protocol statistics and current TCP/IP network connections.

 

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

 

  -a            Displays all connections and listening ports.

  -b            Displays the executable involved in creating each connection or

                listening port. In some cases well-known executables host

                multiple independent components, and in these cases the

                sequence of components involved in creating the connection

                or listening port is displayed. In this case the executable

                name is in [] at the bottom, on top is the component it called,

                and so forth until TCP/IP was reached. Note that this option

                can be time-consuming and will fail unless you have sufficient

                permissions.

  -e            Displays Ethernet statistics. This may be combined with the -s

                option.

  -f            Displays Fully Qualified Domain Names (FQDN) for foreign

                addresses.

  -n            Displays addresses and port numbers in numerical form.

  -o            Displays the owning process ID associated with each connection.

  -p proto      Shows connections for the protocol specified by proto; proto

                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s

                option to display per-protocol statistics, proto may be any of:

                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.

  -r            Displays the routing table.

  -s            Displays per-protocol statistics.  By default, statistics are

                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;

                the -p option may be used to specify a subset of the default.

  -t            Displays the current connection offload state.

  interval      Redisplays selected statistics, pausing interval seconds

                between each display.  Press CTRL+C to stop redisplaying

                statistics.  If omitted, netstat will print the current

                configuration information once..

 

 

Example 1: -------------------------------------------------------------

 

C:\>netstat -af

 

Active Connections

 

  Proto  Local Address          Foreign Address        State

  TCP    192.168.0.13:56767     65.49.56.57:ftp        ESTABLISHED

  TCP    192.168.0.13:56968     server1103.teamviewer.com:5938  ESTABLISHED

  TCP    192.168.0.13:57254     192.168.0.1:http       TIME_WAIT

 

 

Example 2: -------------------------------------------------------------

 

C:\>netstat -aof

 

Active Connections

 

  Proto  Local Address          Foreign Address                     State          PID

  TCP    192.168.0.13:56968     server1103.teamviewer.com:5938  ESTABLISHED        2884

  TCP    192.168.0.13:57285     65.49.56.51:ftp                 ESTABLISHED        8320

  TCP    192.168.0.13:57443     192.168.0.1:http                  TIME_WAIT        0

  TCP    192.168.0.13:57444     192.168.0.1:http                  TIME_WAIT        0

  TCP    192.168.0.13:57446     192.168.0.1:http                  TIME_WAIT        0

  TCP    192.168.0.13:57447     192.168.0.1:http                  TIME_WAIT        0

 

 

Example 3: -------------------------------------------------------------

 

C:\>netstat -aof

 

 

C:\>netstat -aof

 

Active Connections

 

  Proto  Local Address          Foreign Address        State           PID

 

  TCP    [::]:21                SN6201142744:0         LISTENING       1552 <--ftp server

  TCP    [::]:80                SN6201142744:0         LISTENING       4    <--http server

  UDP    192.168.1.2:53         *:*                                    4272 <--dns server

  UDP    192.168.1.2:5060       *:*                                    4272 <--IMS CSCF

  UDP    [2001:0:0:1::2]:53     *:*                                    4272 <--dns server

  UDP    [2001:0:0:1::2]:5060   *:*                                    4272 <--IMS CSCF