netstat can be very handy in the following.
Display incoming and outgoing network connections Display routing tables Display number of network interfaces Display network protocol statistics
Let’s get it started…
Show all connections
To start with netstat, let’s see the command that displays all connections. Type the above command and hit enter. You will see all the active connections from different states as shown below. You will see a header with Proto, Local Address, Foreign Address, and State. Let’s see brief info about them.
Proto – defined the protocol type (TCP, UDP, etc..,) of the socket. Local Address – displays your computer IP address and port, local end of the socket. Foreign Address – displays remote computer that your computer is connected to, the remote end of the socket. State – defines the state of the socket (LISTENING, ESTABLISHED, CLOSE_WAIT, TIME_WAIT).
We can filter the connections in different ways. Let’s see them.
Show only established connection
We have seen the state in the connection information. You can use below syntax to view all established connections from/to your Windows server. Note: to view LISTEN, CLOSE_WAIT, TIME_WAIT you can just use as follows. To see the connections that are in LISTENING state change ESTABLISHED keyword in the previous command to LISTENING. You will get the information about connections that are in the listening state as follows. Similarly, run the following command to see all the connections that are in CLOSE_WAIT state. Finally, use the TIME_WAIT flag to get information about all the connections that are in TIME_WAIT state.
Show PID used by port number
Every connection is a process internally. And every process has an ID, and its called PID. We can see the PID of every socket connection using the following command. The above command displays all the connections with PID. Let’s run the command and see how we get the result. We got an extra column called PID. And its the process identifier. A very handy when you have to find out which PID is using the particular port number. You can see the following info if you use the above command.
Show statistics of all protocols
Useful when you have to find out for any received header error, received address error, discarded packet, etc. It will list out statistics from IPv4, IPv6, ICMPv4, ICMPv6, TCP, UDP, etc. You will see the statistics of all protocols as shown below. To find out any errors quickly you can use syntax. The above command filters all the errors from statistics of all protocols.
Show routing information
To display Route Table, you can use the below syntax. The following syntax will also list all interfaces. If you use the above command, then you see the info about routing as shown below.
Show Interface Statistics
To view the status of all interface, you can use the following syntax. This will display Received & Sent details.
Show Fully Qualified Domain Name of foreign address (remote host)
If you are tracking some issues and would like to know FQDN of the remote host, then you can use the following syntax. If you run the above command, then you will see a similar result as follows. Note: you can combine findstr syntax to show precise results like below. The above command will filter the connections and displays only established connections. Let’s see an example. We can filter the connections using the domain with the following command. Specify the domain in the command and you will see the filtered connections as follows. I hope this helps you get familiar with netstat command usage on Windows. If you are interested in learning Windows administration then I would suggest checking out this course.