Would you like to know network status on your computer? Or would you like to know what network communication threads are open between your computer and networked or remote computers, then
Netstat is the right dos command to use to find this information.
The netstat command is a Command Prompt command used to display very detailed information about how your computer is communicating with other computers or network devices.
Specifically, the netstat command can show details about individual network connections, overall and protocol-specific networking statistics, and much more, all of which could help troubleshoot certain kinds of networking issues or it will help you troubleshooting application communication issues. These commands also useful to find malicious traffic from external IPs and ports open.
Netstat Command Syntax:
netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-t] [-x] [-y] [time_interval] [/?]
You can refer the following links to know more about these switches while using with the Netstat.
There are many more information resources available on internet in order to understand the use of Netstat command.
One of the simplest way I use to find the current network connections and their status by running the following Netstat command and export the data in text file to ease my job.
Go to command prompt.
Under the commandline Window, Type
Netstat –anob>port.txt and press Enter
Then type port.txt
It will open up the port.txt with information about Source IP/Destination IP and ports used.
For example, the above command should look like
When you open the text file, you will see TCP (Transmission control protocol) operations and its status. Refer the following table for most common TCP communication status
|TCP connection State||Represents|
|LISTEN||(server) represents waiting for a connection request from any remote TCP and port.|
|SYN-SENT||(client) represents waiting for a matching connection request after having sent a connection request|
|SYN-RECEIVED||(server) represents waiting for a confirming connection request acknowledgment after having both received and sent a connection request|
|ESTABLISHED||(both server and client) represents an open connection, data received can be delivered to the user. The normal state for the data transfer phase of the connection.|
|FIN-WAIT-1||(both server and client) represents waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.|
|FIN-WAIT-2||(both server and client) represents waiting for a connection termination request from the remote TCP|
|CLOSE-WAIT||(both server and client) represents waiting for a connection termination request from the local user.|
|CLOSING||(both server and client) represents waiting for a connection termination request acknowledgment from the remote TCP|
|LAST-ACK||(both server and client) represents waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).|
|TIME-WAIT||(either server or client) represents waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request. [According toRFC 793 a connection can stay in TIME-WAIT for a maximum of four minutes known as a MSL (maximum segment lifetime).|
|CLOSED||(both server and client) represents no connection state at all.|
Again this is just basic info on using the netstat command and not detailed information on how TCP/IP protocol communicates over the network. You can refer the above links or refer the below link for more detailed information.
Hope the provided information above helps. If you know any additional information or simplest tips to use netstat command please do share with others by commenting on this blog.