Using the netstat Command
Using the Netstat command displays a variety of statistics about a computer's active TCP/IP connections. It's a useful tool to use when you're having trouble with TCP/IP applications, such as File Transfer Protocol (FTP), HyperText Transport Protocol (HTTP), and so on.
If you run netstat without specifying any parameters, you get a list of active connections, something like this:
C:\>netstat Active Connections Proto Local Address Foreign Address State TCP Doug:1463 192.168.168.10:1053 ESTABLISHED TCP Doug:1582 192.168.168.9:netbios-ssn ESTABLISHED TCP Doug:3630 192.168.168.30:9100 SYN_SENT TCP Doug:3716 192.168.168.10:4678 ESTABLISHED TCP Doug:3940 192.168.168.10:netbios-ssn ESTABLISHED C:\>
This list shows all the active connections on the computer and indicates the local port used by the connection, as well as the IP address and port number for the remote computer.
You can specify the -n switch to display both local and foreign addresses in numeric IP form:
C:\>netstat -n Active Connections Proto Local Address Foreign Address State TCP 192.168.168.21:1463 192.168.168.10:1053 ESTABLISHED TCP 192.168.168.21:1582 192.168.168.9:139 ESTABLISHED TCP 192.168.168.21:3658 192.168.168.30:9100 SYN_SENT TCP 192.168.168.21:3716 192.168.168.10:4678 ESTABLISHED TCP 192.168.168.21:3904 126.96.36.199:1863 ESTABLISHED TCP 192.168.168.21:3940 192.168.168.10:139 ESTABLISHED C:\>
Finally, you can specify the -a switch to display all TCP/IP connections and ports that are being listened to. I won't list the output from that command here because it would run several pages, and I want to do my part for the rainforests. Suffice it to say that it looks a lot like the netstat output shown previously, but a lot longer.
Displaying interface statistics
If you use an -e switch, netstat displays various protocol statistics, like this:
C:\>netstat -e Interface Statistics Received Sent Bytes 672932849 417963911 Unicast packets 1981755 1972374 Non-unicast packets 251869 34585 Discards 0 0 Errors 0 0 Unknown protocols 1829 C:\>
Remember: The items to pay attention to in this output are the Discards and Errors. These numbers should be zero, or at least close to it. If they're not, the network may be carrying too much traffic or the connection may have a physical problem. If no physical problem exists with the connection, try segmenting the network to see whether the error and discard rates drop.
You can display additional statistics by using an -s switch, like this:
C:\>netstat -s IPv4 Statistics Packets Received = 9155 Received Header Errors = 0 Received Address Errors = 0 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 14944 Output Requests = 12677 Routing Discards = 0 Discarded Output Packets = 71 Output Packet No Route = 0 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Successfully Fragmented = 0 Datagrams Failing Fragmentation = 0 Fragments Created = 0 IPv6 Statistics Packets Received = 3 Received Header Errors = 0 Received Address Errors = 0 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 345 Output Requests = 377 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 0 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Successfully Fragmented = 0 Datagrams Failing Fragmentation = 0 Fragments Created = 0 ICMPv4 Statistics Received Sent Messages 6 14 Errors 0 0 Destination Unreachable 6 14 Time Exceeded 0 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echo Replies 0 0 Echos 0 0 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 Router Solicitations 0 0 Router Advertisements 0 0 ICMPv6 Statistics Received Sent Messages 3 7 Errors 0 0 Destination Unreachable 0 0 Packet Too Big 0 0 Time Exceeded 0 0 Parameter Problems 0 0 Echos 0 0 Echo Replies 0 0 MLD Queries 0 0 MLD Reports 0 0 MLD Dones 0 0 Router Solicitations 0 6 Router Advertisements 3 0 Neighbor Solicitations 0 1 Neighbor Advertisements 0 0 Redirects 0 0 Router Renumberings 0 0 TCP Statistics for IPv4 Active Opens = 527 Passive Opens = 2 Failed Connection Attempts = 1 Reset Connections = 301 Current Connections = 1 Segments Received = 8101 Segments Sent = 6331 Segments Retransmitted = 301 TCP Statistics for IPv6 Active Opens = 1 Passive Opens = 1 Failed Connection Attempts = 0 Reset Connections = 1 Current Connections = 0 Segments Received = 142 Segments Sent = 142 Segments Retransmitted = 0 UDP Statistics for IPv4 Datagrams Received = 6703 No Ports = 0 Receive Errors = 0 Datagrams Sent = 6011 UDP Statistics for IPv6 Datagrams Received = 32 No Ports = 0 Receive Errors = 0 Datagrams Sent = 200 C:\>
In this tutorial:
- TCP/IP Tools and Commands
- Using the arp Command
- Using the hostname Command
- Renewing an IP lease
- Using the nbtstat Command
- Using the netdiag Utility
- Using the netstat Command
- Using the nslookup Command
- Displaying DNS records
- Using the pathping Command
- Using the ping Command
- Using the route Command
- Using the tracert Command