menu
close

Practical Uses of the Netstat Command

Netstat command is a DOS command used to find all active TCP connections between your computer and other network devices with port numbers and TCP connection state.

By simply using this command on the command prompt, you will get the list of active TCP connections between local IP addresses(your computer) and foreign IP addresses.


The netstat command has many uses in computer security.


You can also find the port numbers open in those connections. This feature helps the netstat command to view the foreign computers connected to your PC. Check the image below to understand it.


How to use the netstat command

You can use the netstat command better if you understand the command syntax. I give you a list of proper command syntax for your reference below.



List of Common Netstat Command Syntax

  1. netstat -n: Displays addresses and port numbers in numerical form.

  2. netstat -a: Displays all connections and listening port.

  3. netstat -b: Displays the executable in creating each connection or listening ports.

  4. netstat -e: Displays Ethernet statistics.

  5. netstat -o: Displays the Process Identifier associated with each connection.

  6. netstat -p: Shows connections for the specific protocol only.

  7. netstat r: Displays the routing table.

  8. netstat s: It displays per-protocol statistics.


Practical Uses of Netstat Command

It is a handy tool for securing your computer. There are many practical uses: finding any programs that establish a connection to the Internet without your knowledge, finding the IP address of a chat friend while sharing a file, etc. Let us check some of such uses.



  1. Check For Programs that Established Connections

    We can find the names of applications installed on your computer to establish a connection between your computer and a foreign address. Use the following format to find every application having an active TCP connection.


    Run the Command Prompt with administrative privileges to execute netstat.


    Let me explain the steps to find active applications with connections to remote servers.

    1. Type Command Prompt on the Windows Search and run as administrator.

    2. Type netstat -b and press the enter key.


    code to find active internet programs

    Run the Command Prompt in administrator mode to execute this command. To learn how to do this, visit the link below.



  2. Find Process Identifiers

    With the netstat -o command, you can find active TCP connections made on your computer with exact Process Identifiers(PID).


    Practical uses of netstat command

  3. Find the Absolute Domain name of the Foreign Host

    We can find the absolute domain name or Fully Qualified Domain Name(FQDN). It will give you a clear picture of the Internet foreign hosts with a connection to your computer. The syntax to find the Fully Qualified Domain Name of foreign addresses is:



    netstat -f


    Check the screenshot for a better understanding.


    Find FQDN of foreign connections

  4. Find the Offload with Netstat Command

    We can find the current offload state of TCP connections using it. The syntax to check the current TCP chimney offload state is:


    netstat -t



    important uses

I hope you enjoyed this tutorial. Let me share a few recent posts as the suggested readings.

How to Use Tracert (Trace Route) Utility?

The Tracert command (Trace Route) helps determine the path from your computer to the destination host by sending ICMP Echo Request messages.

Once the command finds the path to the destination, it will print it on the command prompt. Now you understand why the Trace Route (Tracert) utility is popular.


Tracert prints the route to the destination IP.


This tutorial covers the application of the Tracert (Trace route) utility in troubleshooting a connection problem.



How Does Trace Route (Tracert) Help To Fix Network Problems?

ICMP command Tracert is very helpful to troubleshoot network-related issues. It helps determine the network location where the actual cause of the issue is present.

Let us check how it works.

It sends ICMP Echo messages to the destination host and decrements its TTL value by one when it passes on each hop. When the packets pass each hop, it displays the path in the DOS window. So you can identify the route.



This feature helps to identify the actual cause of any network issue. So, it is a handy tool for every network Engineer to analyze and troubleshoot network issues. Let us check how to use this tool.



How to Print the Path To a Remote Device On Command Prompt?

The primary application of the Tracert utility is to trace and print the path to a remote server. Let me explain the procedure.

  1. Open Command Prompt.

  2. Type the following command and press the enter key.


    tracert remote IP


    Remote IP is the IP address or the domain name. You will see the path to the remote IP address from your computer.



A Practical Example of Printing Route To a Website

If you want to know the route of the server of www.corenetworkz.com from your computer, you can check it by typing the following code on the DOS prompt.



Tracert www.corenetworkz.com


You can see the result in the screenshot.


track the route to a website


We use the Tracert command to find the path and deliver the packets to the destination host from the source. Now, let us check the general syntax of the tracert command.




The general syntax is :

tracert [-d] [-h MaximumHops] [-j HostList] [-w Timeout] [TargetName]




Example: tracert -h 30 google.com

After pressing the enter key, we will have a complete trace of the packet sent. By default, it will go up to 30 hopes. If there is a connection issue, it will show the request timed out when the packet reaches the hop (the one with the problem).




Create and Delete Windows 11 User Account From the Command Prompt

We can create and delete user accounts on a Windows PC in multiple methods. The easiest method, I found, is to do it from the Command Prompt. Today, we discuss the creation of a user account with a DOS command.

The second part explains the application of this DOS command in deleting and modifying a Windows user account.



Which DOS Command Can Create a Windows User Account?

You can create a user account directly from Command Prompt by a DOS command Net User.


You need administrative privileges to execute Net User Command.


This command creates a new user account on a Windows computer. This tutorial explains the use of the command net user. Then, we cover the creation of a new user account on a Windows computer from the Command Prompt.

We also check how to modify an existing user account on a Windows computer using the net user command. Let us check the procedure to create a new Windows 11 user account from the Command Prompt.



How to Create a New Windows 11 User From The Command Prompt?

  1. Type Command Prompt on the Windows 11 Search. Click on Run as Administrator.

  2. Type the command in the format below.


    net user (user account name) (password) /add


    Example: net user corenetworkz mypassword /add

  3. Press the Enter key.


    How to Create a Windows User account from Command Line

    See the screenshot. You will get the reply "The command completed successfully" if Windows has created a new account.

Windows has created a new account, and I do not want to keep it. So, I am going to remove that account from my computer. Let us see how to do it from the Command Prompt.



How to Delete a Windows 11 User Account From The Command Prompt?

We can remove an unwanted Windows user account from the command prompt. Follow the steps below.

  1. Open the Command Prompt as the "Run as Administrator" option. Type the net user command in the following format.


    net user username /delete


    Example: I will remove the newly created Windows user account corenetworkz from the Command Prompt. The net user command format to delete the Windows user account corenetworkz is - net user corenetworkz /delete.


    How to Remove a Windows User account

    You can see from the screenshot that I have successfully removed the Windows user account.




The Practical Uses and Syntax of Net User Command

The net user command can create, delete, and edit user accounts on Windows computers. The different syntaxes to create, modify, and delete user accounts from Command Prompt are:



  • To create User Account:   net user Username Password /domain

  • To modify User Account:   net user Username Password /add /domain

  • To Delete User Account:   net user Username /delete /domain

While entering a username from Command Prompt for a new user account, ensure it is a maximum of 20 characters long. While typing the password for the new account, you can use a maximum of 127 characters.




How to Fetch Admin Account Details From Command Prompt?

Another practical use of the net user command is to fetch the complete information about the administrator account on your Windows computer from the command prompt. See how I used the net user command to get the necessary details about the administrator account from Command Prompt.


Net User command

You can see important information like the creation date of the user account, the user's country code, the last date on which the user created the password, the date on which the current password expires, etc. You can also see the last date a user accessed the account. We can also see if there is any login restriction.



The Net User Command Returns Access Denied

Some users reported an error while creating a new Windows user account with the net user command. The error code is 'System error 5 has occurred' with 'access is denied.


System error 5 has occurred

I created this error code to study it properly. The reason for getting an access denied error while creating a new user account is the privileges issues with the DOS Prompt.

You must run the DOS Prompt as an administrator to execute the net user command.

The Session layer and Its Role

The session layer is the fifth layer in the OSI reference model. It responds to service requests from the Presentation layer and issues service requests to the Transport layer. This tutorial explains the role of the Session layer in a network and its critical functions.



Where is The Session Layer?

The session layer is between the Transport and Presentation layers in the OSI reference model.


You cannot find a session layer in the TCP/IP model.


If someone asks where is the Session layer in a TCP/IP model, answer them there is no separate session layer in that model. The Application layer in the TCP/IP model handles the role of the session layer.



What Does The Session Layer Do?

The primary function of the Session layer is to create, maintain, and terminate sessions. The session layer is also responsible for finding and sending data across the correct connection.


The Session layer communicates with the Transport layer to set up and tear down the connection.


We will learn more about the importance and working of the Session layer by studying its functions. The functions of the Session layer are listed below.



The Functions of the Session Layer are:


  1. It starts and ends a session across a network.

  2. Allows applications to share information.

  3. Ensures that information is flowing to the right place.

  4. Communicate to the presentation layer and Transport layer.

Another question you may hear is about the maximum number of sessions supported by the Session layer in a network. The answer is simple. A session layer is there because it handles multiple sessions at a time.


We can have multiple sessions on a network due to the Session layer.


Let me explain it with a practical example. We are seeing a movie where sound and sight both should match. It is one of the applications of the Session layer.



You have learned about the working and functions of the Session layer. We will complete this tutorial by providing the list of protocols in this layer.




List of Session layer protocols

  1. AppleTalk Data Stream Protocol (ADSP)
  2. AppleTalk Session Protocol (ASP)
  3. Call Control Protocol for Multimedia Communication
  4. Internet Storage Name Service
  5. Network Basic Input Output (NetBIOS)
  6. Password Authentication Protocol (PAP)
  7. Point-to-Point Tunneling Protocol (PPTP)
  8. Remote Procedure Call Protocol (RPC)
  9. Short Message Peer-to-Peer (SMPP)
  10. Secure Shell (SSH)

Suggested Readings

  1. Physical layer

  2. Data link layer

  3. Network layer

  4. Transport layer

  5. Session layer

  6. Presentation layer

  7. Application layer

Role of Transport Layer - Responsibilities and Protocols

The transport layer is the fourth layer in the OSI Reference Model. It lies between the Network and Session layers (in the OSI Model).

It is one of the critical layers with many duties and responsibilities. This tutorial explains the working, responsibilities, and protocols in the Transport layer.



The Working Of The Transport Layer

The primary responsibility of the Transport layer is to establish an end-to-end connection between the source IP and the destination IP. TCP and UDP are the two Transport layer protocols that establish an end-to-end connection.


TCP and UDP work in the Transport Layer.


It responds to service requests from the Session layer and issues service requests to the Network layer.


In the Transport layer, data travels in the form of segments.


After creating an end-to-end connection, this layer delivers messages between the devices. Transport Layer is responsible for delivering messages between hosts.

TCP is a connection-oriented protocol, but UDP is a connectionless protocol. So, by using TCP, we can create an end-to-end reliable connection between the source and destination hosts.

The transport layer is also present in the TCP/IP model. It is called the host-to-host transport layer in the TCP/IP model. Now, let us check the duties of the Transport layer in a network.



Duties of The Transport Layer


  1. Creating an end-to-end connection between hosts in different networks,

  2. Error recovery,

  3. Flow control,

  4. Ensuring complete data transfer in TCP

  5. Congestion avoidance


The stateful protocol( TCP ) helps to establish the end-to-end connection in the Transport layer. It offers reliable delivery of data to the destination host.

Transport Layer is also responsible for error recovery and resending the data segments that had an error. The TCP protocol handles this duty.

Flow control is the process of ensuring that the amount of data sent to the destination is affordable. Without flow control, a faster source might flood the destination with so much information. To accomplish this, we are using many techniques like windowing.



How Does the Transport Layer Ensure Complete Data Delivery?

As I explained above, TCP is a connection-oriented protocol. As the title suggests, it ensures the complete transfer of segments. TCP verifies if the destination host receives them. If not, it will resend the segments.


Assurance of a Complete Data Delivery is possible with a TCP connection only.


For example, let us consider two hosts, A and B. A sends data to B, but B fails to receive a few. Then, B will request A to resend them. When A receives the request, it will resend the missing part. So, this connection ensures the complete data transfer.

This way, the Transport layer assures complete data delivery.


Datagram Congestion Control Protocol = DCCP


Datagram Congestion Control Protocol (DCCP) helps to prevent congestion avoidance in this layer. By removing the possibilities of bottleneck issues, DCCP assures congestion avoidance.




Transport Layer protocols

A list of the major protocols works in the Transport later are:
  1. TCP( Transmission Control Protocol)

  2. UDP( User Datagram Protocol)

  3. DCCP (Datagram Congestion Control Protocol)

  4. SCTP (Stream Control Transmission Protocol)




Suggested Readings

  1. Physical layer

  2. Data link layer

  3. Network layer

  4. Transport layer

  5. Session layer

  6. Presentation layer

  7. Application layer

The Functions of MAC Sublayer ( IEEE 802.3)

During the development of IEEE Ethernet, IEEE divided the Data Link layer into two. They are the MAC sublayer and LLC sublayer. MAC sublayer functions are performed in hardware and are the bottom part of the data link layer.


IEEE 802.3 defines the MAC sublayer.


MAC sublayer defines how data is transmitted in an Ethernet environment and defines framing, MAC address, etc.


MAC Sublayer = Medium Access Control sublayer


So, what are the duties of the MAC sublayer in the OSI reference model? Let us check the functions of the MAC sublayer in the details below.




Functions of MAC Sublayer in IEEE Ethernet

  1. Defines how an Ethernet environment transmits information.

  2. MAC Sublayer defines framing

  3. This Sublayer defines the working of Ethernet and MAC addressing.

  4. CSMA/CD works in the MAC Sublayer.


How to Differentiate Ethernet II and MAC Sublayer Frames?

We know Ethernet has two versions, and we must understand how to differentiate both versions of Ethernet. The primary difference between Ethernet II (developed by DIX) and IEEE 802.2/3 is the frame value.



The frame value of Ethernet II is higher than 1500. The IEEE version of Ethernet uses frames with a value of less than 1500.


We use DIX and IEEE versions of Ethernet today.


So, a network engineer must know the difference between the DIX and IEEE versions of Ethernet while troubleshooting. Only the IEEE version of the Ethernet has two sublayers in the data link layer.

The DIX version of Ethernet (Ethernet 2) does not have sub-layers for the data link layer.

If you learned about the MAC sublayer, I recommend you read about the LLC sublayer. To read more about LLC Sublayer, visit the link below.


Without studying the OSI Reference Model, you cannot start computer networking. To read about the OSI Reference Model and its seven-layered structure, visit the link below.