Additional menu

6 netstat Command Usage on Windows with Example

6 netstat Command Usage on Windows with Example

Geek Flare Blog post is sponsored by Netsparker Web Application Security Scanner.

netstat is command line network tool which is handy troubleshooting command. Its cross-platform utility means you can use on Linux, OS X or Windows.

netstat can be very handy in following.

  • Display incoming and outgoing network connections
  • Display routing tables
  • Display number of network interfaces
  • Display network protocol statistics

Let’s get it started…

Show only established connection

You can use below syntax to view all established connection from/to your Windows server.

C:\Windows\system32>netstat | findstr ESTABLISHED
 TCP 172.16.179.128:49375 a23-77-202-113:http ESTABLISHED
C:\Windows\system32>

Note: to view LISTEN, CLOSE_WAIT, TIME_WAIT you can just use as follows.

netstat | findstr LISTEN  
netstat | findstr CLOSE_WAIT  
netstat | findstr TIME_WAIT

Show PID used by port number

A very handy when you have to find out which PID is using the particular port number.

netstat –o | findstr $portnumber

Note: you can just use netstat –o to display all connection with PID

Show statistics of all protocols

Useful when you have to find out for any received header error, received address error, discarded packet, etc. It will list out statistics from IPv4, IPv6, ICMPv4, ICMPv6, TCP, UDP, etc.

netstat –s

Note: to find out any errors quickly you can use syntax.

C:\Windows\system32>netstat -s | findstr Errors
 Received Header Errors = 0
 Received Address Errors = 0
 Received Header Errors = 0
 Received Address Errors = 0
 Errors 0 0
 Errors 0 0
 Receive Errors = 0
 Receive Errors = 0
C:\Windows\system32>

Show routing information

To display Route Table, you can use below syntax. The following syntax will also list all interfaces.

netstat –r

Show Interface Statistics

To view the status of all interface, you can use the following syntax. This will display Received & Sent details.

C:\Windows\system32>netstat -e
Interface Statistics
 Received Sent
Bytes 8988576 2105244
Unicast packets 12972 11880
Non-unicast packets 0 0
Discards 0 0
Errors 0 0
Unknown protocols 0
C:\Windows\system32>

Show Fully Qualified Domain Name of foreign address (remote host)

If you are tracking some issues and would like to know FQDN of the remote host, then you can use the following syntax.

netstat –f

Note: you can combine findstr syntax to show precise results like below.

netstat –f | findstr ESTABLISHED  
netstat –f | findstr $domainnameifyouknow

I hope this helps you get familiar with netstat command usage on Windows. To learn more about Windows administration, you can check out this online course by Paul Hill.

Reader Interactions

Chandan Kumar
About Chandan
Chandan Kumar is the founder of Geek Flare. Learn more here and connect with him on Twitter.

Comments

  1. Unfortunately this works only on an english language version windows. in case of a other language you need to search for the expression in the specific language. Example: On a german version you need to find ‘HERGESTELLT’ instead of ‘ESTABLISHED’ ……

Leave a Reply

Your email address will not be published. Required fields are marked *

121 Shares
Share
Tweet
Stumble
Share