netstat Command Tutorial For Windows

netstat Command Tutorial For Windows

by

netstat is one of the most popular network commands for all Windows operating systems. Even most of the other operating systems like Linux, Ubuntu, Debian, Mint, CentOS, Kali, RHEL, FreeBSD, etc. support netstat command with very same parameters and usage.

What Is netstat?

netstat is a command-line tool in order to get information about the Windows network. netstat can provide information about TCP, UP, IPv4, IPV6, ICMP protocols statistics, open ports, etc. By default netstat command without any parameter will display TCP protocol-related statistics and information because TCP is the most popular protocol. As an old and reliable command, netstat is provided by Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server with the same options and parameters.

netstat Command Syntax

netstat command has the following syntax which is very simple. Only options can be provided to the netstat command.

netstat [-a] [-b] [-e] [-n] [-o] [-p <PROTOCOL>] [-r] [-s] [<INTERVAL>]
Parameter Description
-a Display all TCP connections, TCP and UDP listening ports
-h Display help information
-b Display programs about connections and listening ports
-e Display Ethernet protocol statistics for all interfaces
-n Display TCP connections
-o Display TCP connections with the Process ID (PID)
-p PROTOCOL Show connections about specified PROTOCOL
-r Display IP routing table
<INTERVAL> Refresh display at the specified INTERVAL
  • TCP Port/Protocol States, Local Address, Foreign Address, Proto

While using the netstat command different pieces of information are provided about the protocol or port states, local address, foreign address, etc. Let’s explain these a little bit.

  • Proto is the name of the protocol like TCP, UDP, IPv4, ICMP, etc.
  • Local address is the local system IP address or hostname
  • The foreign address is the remove system IP address or hostname
  • Port or Protocol state can be;
    • CLOSE_WAIT
    • CLOSED
    • ESTABLISHED
    • FIN_WAIT_1
    • FIN_WAIT_2
    • LAST_ACK
    • LISTEN
    • SYN_RECEIVED
    • SYN_SEND
    • TIMED_WAIT

netstat Command

We can run the netstat command without any parameter which will list only active TCP connections like below.

> netstat

Display Ethernet Statistics

Ethernet protocol is a layer 2 protocol that can contain different information about frame transmission. This is also called as Interface Statistics.

> netstat -e -s

We can see information like bytes, unicast packets non-unicast packets, discards, errors, unknown protocols.

Display TCP Statistics

TCP protocol statistics can be listed with the -s and -p parameters and providing the protocol. With the following command, TCP statistics and active connections can be listed easily.

C:\>netstat -s -p tcp

TCP Statistics for IPv4

  Active Opens                        = 4077
  Passive Opens                       = 0
  Failed Connection Attempts          = 63
  Reset Connections                   = 967
  Current Connections                 = 1
  Segments Received                   = 108697
  Segments Sent                       = 88917
  Segments Retransmitted              = 763

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    192.168.142.130:53410  40.67.254.36:https     ESTABLISHED

We can see that following TCP statistics are provided

  • TCP Statistics
    • Active Opens
    • Passive Opens
    • Failed Connections Attempts
    • Reset Connections
    • Current Connections
    • Segments Received
    • Segments Sent
    • Segments Retransmitted
  • Active Connections

Display UDP Statistics

UDP protocol statistics can be displayed with the following command. As a simpler protocol against the TCP, it has less information and fewer statistics. We will provide the -p udp parameter.

C:\>netstat -s -p udp

UDP Statistics for IPv4

  Datagrams Received    = 8855
  No Ports              = 2418
  Receive Errors        = 83460
  Datagrams Sent        = 38218

Active Connections

  Proto  Local Address          Foreign Address        State
  • UDP Statistics for IPV4
    • Datagrams Received
    • No Ports
    • Received Errors
    • Datagrams Sent
  • Active Connections

netstat Refresh Interval

By default, netstat command is executed one time and single output is printed. But if we want to run and check netstat command output an interval should be specified. The Interval parameter is just a number without any option. We can also use interval for different parameters. In the following example, we will set the interval as 5 seconds.

> netstat 5

> netstat -s -p tcp 5

Leave a Comment