Shares 11

netstat is command line network tool which is very useful troubleshooting command. Its cross-platform utility means you can use on Linux, OS X or Windows. netstat can be very handy in following.

  • Display incoming and outgoing network connections
  • Display routing tables
  • Display number of network interfaces
  • Display network protocol statistics

Let’s get it started…

1. Show only established connection

You can use below syntax to view all established connection from/to your Windows server.

C:\Windows\system32>netstat | findstr ESTABLISHED
 TCP 172.16.179.128:49375 a23-77-202-113:http ESTABLISHED
C:\Windows\system32>

Note: to view LISTEN, CLOSE_WAIT, TIME_WAIT you can just use as following.

netstat | findstr LISTEN  netstat | findstr CLOSE_WAIT  netstat | findstr TIME_WAIT

2. Show PID used by port number

A very handy when you have to find out which PID is using the particular port number.

netstat –o | findstr $portnumber

Note: you can just use netstat –o to display all connection with PID

3. Show statistics of all protocols

Useful when you have to find out for any received header error, received address error, discarded packet, etc. It will list out statistics from IPv4, IPv6, ICMPv4, ICMPv6, TCP, UDP, etc.

netstat –s

Note: to find out any errors quickly you can use below syntax.

C:\Windows\system32>netstat -s | findstr Errors
 Received Header Errors = 0
 Received Address Errors = 0
 Received Header Errors = 0
 Received Address Errors = 0
 Errors 0 0
 Errors 0 0
 Receive Errors = 0
 Receive Errors = 0
C:\Windows\system32>

4. Show routing information

To display Route Table you can use below syntax. The following syntax will also list all interfaces.

netstat –r

5. Show Interface Statistics

To view the status of all interface you can use following syntax. This will display Received & Sent details.

C:\Windows\system32>netstat -e
Interface Statistics
 Received Sent
Bytes 8988576 2105244
Unicast packets 12972 11880
Non-unicast packets 0 0
Discards 0 0
Errors 0 0
Unknown protocols 0
C:\Windows\system32>

6. Show Fully Qualified Domain Name of foreign address (remote host)

If you are tracking some issues and would like to know FQDN of the remote host then you can use following syntax.

netstat –f

Note: you can combine findstr syntax to show precise results like below.

netstat –f | findstr ESTABLISHED  netstat –f | findstr $domainnameifyouknow

I hope this helps you get familiar with netstat command usage on Windows.

Shares 11

Reader Interactions

Comments

Your email address will not be published. Required fields are marked *