IP/Network

netstat

netstat is used mainly to figure out what kind of socket application is running and which port is assigned to each of those application.

C:\>netstat -?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

  -a            Displays all connections and listening ports.

  -b            Displays the executable involved in creating each connection or

                listening port. In some cases well-known executables host

                multiple independent components, and in these cases the

                sequence of components involved in creating the connection

                or listening port is displayed. In this case the executable

                name is in [] at the bottom, on top is the component it called,

                and so forth until TCP/IP was reached. Note that this option

                can be time-consuming and will fail unless you have sufficient

                permissions.

  -e            Displays Ethernet statistics. This may be combined with the -s

                option.

  -f            Displays Fully Qualified Domain Names (FQDN) for foreign

                addresses.

  -n            Displays addresses and port numbers in numerical form.

  -o            Displays the owning process ID associated with each connection.

  -p proto      Shows connections for the protocol specified by proto; proto

                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s

                option to display per-protocol statistics, proto may be any of:

                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.

  -r            Displays the routing table.

  -s            Displays per-protocol statistics.  By default, statistics are

                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;

                the -p option may be used to specify a subset of the default.

  -t            Displays the current connection offload state.

  interval      Redisplays selected statistics, pausing interval seconds

                between each display.  Press CTRL+C to stop redisplaying

                statistics.  If omitted, netstat will print the current

                configuration information once..

Example 1: -------------------------------------------------------------

C:\>netstat -af

Active Connections

  Proto  Local Address          Foreign Address        State

  TCP    192.168.0.13:56767     65.49.56.57:ftp        ESTABLISHED

  TCP    192.168.0.13:56968     server1103.teamviewer.com:5938  ESTABLISHED

  TCP    192.168.0.13:57254     192.168.0.1:http       TIME_WAIT

Example 2: -------------------------------------------------------------

C:\>netstat -aof

Active Connections

  Proto  Local Address          Foreign Address                     State          PID

  TCP    192.168.0.13:56968     server1103.teamviewer.com:5938  ESTABLISHED        2884

  TCP    192.168.0.13:57285     65.49.56.51:ftp                 ESTABLISHED        8320

  TCP    192.168.0.13:57443     192.168.0.1:http                  TIME_WAIT        0

  TCP    192.168.0.13:57444     192.168.0.1:http                  TIME_WAIT        0

  TCP    192.168.0.13:57446     192.168.0.1:http                  TIME_WAIT        0

  TCP    192.168.0.13:57447     192.168.0.1:http                  TIME_WAIT        0

Example 3: -------------------------------------------------------------

C:\>netstat -aof

Active Connections

  Proto  Local Address          Foreign Address        State           PID

  TCP    [::]:21                SN6201142744:0         LISTENING       1552 <--ftp server

  TCP    [::]:80                SN6201142744:0         LISTENING       4    <--http server

  UDP    192.168.1.2:53         *:*                                    4272 <--dns server

  UDP    192.168.1.2:5060       *:*                                    4272 <--IMS CSCF

  UDP    [2001:0:0:1::2]:53     *:*                                    4272 <--dns server

  UDP    [2001:0:0:1::2]:5060   *:*                                    4272 <--IMS CSCF

Example 4: -------------------------------------------------------------

C:\>netstat -a -n -o

Active Connections

 

  Proto  Local Address          Foreign Address        State           PID

  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1004

  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4

  TCP    0.0.0.0:52230          0.0.0.0:0              LISTENING       2344

  TCP    127.0.0.1:843          0.0.0.0:0              LISTENING       72716

  TCP    127.0.0.1:2000         127.0.0.1:49205        ESTABLISHED     2464

  TCP    127.0.0.1:5939         0.0.0.0:0              LISTENING       66696

  TCP    127.0.0.1:49159        127.0.0.1:49182        ESTABLISHED     2964

  TCP    127.0.0.1:49159        127.0.0.1:49183        ESTABLISHED     2964

  TCP    [::]:135               [::]:0                 LISTENING       1004

  TCP    [::]:445               [::]:0                 LISTENING       4

  TCP    [::1]:49186            [::1]:49229            ESTABLISHED     4032

  TCP    [::1]:49229            [::1]:49186            ESTABLISHED     6904

  TCP    [fd33:fba1:99eb:d8d4:26d9:7188:b4ed:8e2d]:4002  [::]:0  LISTENING       7336

  UDP    0.0.0.0:68             *:*                                    608

  UDP    0.0.0.0:68             *:*                                    608

  UDP    0.0.0.0:123            *:*                                    1064

  UDP    0.0.0.0:500            *:*                                    1096

  UDP    127.0.0.1:50731        *:*                                    3296

  UDP    [fe80::2c3e:aabf:6ffa:8145%12]:1900  *:*                      2176

  UDP    [fe80::2c3e:aabf:6ffa:8145%12]:5353  *:*                      2964

  UDP    [fe80::2c3e:aabf:6ffa:8145%12]:60481  *:*                     2176