• Learn data science, cloud computing, machine learning, and many other specialization courses.

netstat is command line network tool which is handy troubleshooting command. Its cross-platform utility means you can use on Linux, OS X or Windows.

netstat can be very handy in following.

  • Display incoming and outgoing network connections
  • Display routing tables
  • Display number of network interfaces
  • Display network protocol statistics

Let’s get it started…

Show only established connection

You can use below syntax to view all established connection from/to your Windows server.

C:\Windows\system32>netstat | findstr ESTABLISHED
 TCP a23-77-202-113:http ESTABLISHED

Note: to view LISTEN, CLOSE_WAIT, TIME_WAIT you can just use as follows.

netstat | findstr LISTEN  
netstat | findstr CLOSE_WAIT  
netstat | findstr TIME_WAIT

Show PID used by port number

A very handy when you have to find out which PID is using the particular port number.

netstat –o | findstr $portnumber

Note: you can just use netstat –o to display all connection with PID

Show statistics of all protocols

Useful when you have to find out for any received header error, received address error, discarded packet, etc. It will list out statistics from IPv4, IPv6, ICMPv4, ICMPv6, TCP, UDP, etc.

netstat –s

Note: to find out any errors quickly you can use syntax.

C:\Windows\system32>netstat -s | findstr Errors
 Received Header Errors = 0
 Received Address Errors = 0
 Received Header Errors = 0
 Received Address Errors = 0
 Errors 0 0
 Errors 0 0
 Receive Errors = 0
 Receive Errors = 0

Show routing information

To display Route Table, you can use below syntax. The following syntax will also list all interfaces.

netstat –r

Show Interface Statistics

To view the status of all interface, you can use the following syntax. This will display Received & Sent details.

C:\Windows\system32>netstat -e
Interface Statistics
 Received Sent
Bytes 8988576 2105244
Unicast packets 12972 11880
Non-unicast packets 0 0
Discards 0 0
Errors 0 0
Unknown protocols 0

Show Fully Qualified Domain Name of foreign address (remote host)

If you are tracking some issues and would like to know FQDN of the remote host, then you can use the following syntax.

netstat –f

Note: you can combine findstr syntax to show precise results like below.

netstat –f | findstr ESTABLISHED  
netstat –f | findstr $domainnameifyouknow

I hope this helps you get familiar with netstat command usage on Windows. To learn more about Windows administration, you can check out this online course by Paul Hill.