Netstat command is a DOS command used to find all active TCP connections between your computer and other network devices with port numbers and TCP connection state.
By simply using this command on the command prompt, you will get the list of active TCP connections between local IP addresses(your computer) and foreign IP addresses.
The netstat command has many uses in computer security.
You can also find the port numbers open in those connections. This feature helps the netstat command to view the foreign computers connected to your PC. Check the image below to understand it.
You can use the netstat command better if you understand the command syntax. I give you a list of proper command syntax for your reference below.
List of Common Netstat Command Syntax
I have read a few comments asking about various uses of this command. A comment from Resnish asks about getting the list of all listening ports active on a computer. Abhilash asked about the practical uses, and Adash is curious to know how to print the names of active programs connected to the Internet.
You can get them by using the Netstat command with the correct syntax. Read this list, and I am sure you will find the syntax suitable for your needs.
- netstat -n: Displays addresses and port numbers in numerical form.
- netstat -a: Displays all connections and listening port.
- netstat -b: Displays the executable in creating each connection or listening ports.
- netstat -e: Displays Ethernet statistics.
- netstat -o: Displays the Process Identifier associated with each connection.
- netstat -p: Shows connections for the specific protocol only.
- netstat r: Displays the routing table.
- netstat s: It displays per-protocol statistics.
Practical Uses of Netstat Command
Abhilash PV commented about the practical uses of this command. You will find the command Netstat helpful in solving multiple problems in your practical life.
It is a handy tool for securing your computer. There are many practical uses: finding any programs that establish a connection to the Internet without your knowledge, finding the IP address of a chat friend while sharing a file, etc. Let us check some of such uses.
Check For Programs that Established Connections
Let me answer the question by Adarsh Menon. He asked how to find the programs on his computer connected to an external server.
We can find the names of applications installed on your computer to establish a connection between your computer and a foreign address. Use the following format to find every application having an active TCP connection.
Run the Command Prompt with administrative privileges to execute netstat.
Let me explain the steps to find active applications with connections to remote servers.
Type Command Prompt on the Windows Search and run as administrator.
Type netstat -b and press the enter key.
Run the Command Prompt in administrator mode to execute this command. To learn how to do this, visit the link below.
Find Process Identifiers
With the netstat -o command, you can find active TCP connections made on your computer with exact Process Identifiers(PID).
Find the Absolute Domain name of the Foreign Host
We can find the absolute domain name or Fully Qualified Domain Name(FQDN). It will give you a clear picture of the Internet foreign hosts with a connection to your computer. The syntax to find the Fully Qualified Domain Name of foreign addresses is:
netstat -f
Check the screenshot for a better understanding.
Find the Offload with Netstat Command
We can find the current offload state of TCP connections using it. The syntax to check the current TCP chimney offload state is:
netstat -t
I hope you enjoyed this tutorial. Let me share a few recent posts as the suggested readings.
Reference
You have learned the basics of the Netstat command. I suggest you read the following tutorials for the detailed study.
- https://www.cisco.com/c/en/us/support/docs/interfaces-modules/channel-interface-processors/12989-69.html
- https://supportportal.juniper.net/s/article/Junos-How-to-identify-the-process-that-is-listening-on-a-specific-port?language=en_US
Author: Alex George
Alex George is the Chief Editor and founder of CoreNetworkZ Tech Solutions. He is a senior software developer with 20 years of experience.
You can contact him at alex.george@corenetworkz.com.
you have a fast server
ReplyDeletewhen i type netstat -b it says "The requested operation requires elevation" what does that mean?
ReplyDeleteIt means, you must start your DOS prompt with administrative privileges. Ref: https://www.corenetworkz.com/2012/10/the-requested-operation-requires.html
Delete"The requested operation requires elevation" displays. Soloution is Please open the commnad prompt as Run as Administrator mode.
ReplyDeleteThanks for providing solution Atanu.
ReplyDelete@ Riju For more details please visit the link below.
http://www.corenetworkz.com/2012/10/the-requested-operation-requires.html
Hello Alex,
ReplyDeleteCan we get the list of listening ports using this command?
Yes Renish. I explained it in the article.
DeleteThanks for this article Alex. But I have a question. Is there any use for this command in practical life?
ReplyDeleteYes Abhilash,
DeleteHow can I check the connected programs using this command?
ReplyDeleteHello Adash,
DeleteOpen Windows Command Prompt as administrator and execute the netstat command.