Networking / Beginners

Using the netstat Command

Using the Netstat command displays a variety of statistics about a computer's active TCP/IP connections. It's a useful tool to use when you're having trouble with TCP/IP applications, such as File Transfer Protocol (FTP), HyperText Transport Protocol (HTTP), and so on.

Displaying connections

If you run netstat without specifying any parameters, you get a list of active connections, something like this:

C:\>netstat
Active Connections
  Proto Local Address   Foreign Address 		State
  TCP 	Doug:1463 	192.168.168.10:1053 		ESTABLISHED
  TCP 	Doug:1582 	192.168.168.9:netbios-ssn 	ESTABLISHED
  TCP 	Doug:3630 	192.168.168.30:9100 		SYN_SENT
  TCP 	Doug:3716 	192.168.168.10:4678 		ESTABLISHED
  TCP 	Doug:3940 	192.168.168.10:netbios-ssn 	ESTABLISHED
C:\>

This list shows all the active connections on the computer and indicates the local port used by the connection, as well as the IP address and port number for the remote computer.

You can specify the -n switch to display both local and foreign addresses in numeric IP form:

C:\>netstat -n
Active Connections
Proto 	Local Address 		Foreign Address 	State
TCP 	192.168.168.21:1463 	192.168.168.10:1053 	ESTABLISHED
TCP 	192.168.168.21:1582 	192.168.168.9:139 	ESTABLISHED
TCP 	192.168.168.21:3658 	192.168.168.30:9100 	SYN_SENT
TCP 	192.168.168.21:3716 	192.168.168.10:4678 	ESTABLISHED
TCP 	192.168.168.21:3904 	207.46.106.78:1863 	ESTABLISHED
TCP 	192.168.168.21:3940 	192.168.168.10:139 	ESTABLISHED
C:\>

Finally, you can specify the -a switch to display all TCP/IP connections and ports that are being listened to. I won't list the output from that command here because it would run several pages, and I want to do my part for the rainforests. Suffice it to say that it looks a lot like the netstat output shown previously, but a lot longer.

Displaying interface statistics

If you use an -e switch, netstat displays various protocol statistics, like this:

C:\>netstat -e
Interface Statistics

			Received 	Sent
Bytes 			672932849 	417963911
Unicast packets 	1981755 	1972374
Non-unicast packets 	251869 		34585
Discards 		0 		0
Errors 			0 		0
Unknown protocols 	1829
C:\>
Remember: The items to pay attention to in this output are the Discards and Errors. These numbers should be zero, or at least close to it. If they're not, the network may be carrying too much traffic or the connection may have a physical problem. If no physical problem exists with the connection, try segmenting the network to see whether the error and discard rates drop.

You can display additional statistics by using an -s switch, like this:

C:\>netstat -s

IPv4 Statistics

  Packets Received 			= 9155
  Received Header Errors 		= 0
  Received Address Errors 		= 0
  Datagrams Forwarded 			= 0
  Unknown Protocols Received 		= 0
  Received Packets Discarded 		= 0
  Received Packets Delivered 		= 14944
  Output Requests 			= 12677
  Routing Discards 			= 0
  Discarded Output Packets 		= 71
  Output Packet No Route 		= 0
  Reassembly Required 			= 0
  Reassembly Successful 		= 0
  Reassembly Failures 			= 0
  Datagrams Successfully Fragmented 	= 0
  Datagrams Failing Fragmentation 	= 0
  Fragments Created 			= 0

IPv6 Statistics

  Packets Received 			= 3
  Received Header Errors 		= 0
  Received Address Errors 		= 0
  Datagrams Forwarded 			= 0
  Unknown Protocols Received 		= 0
  Received Packets Discarded 		= 0
  Received Packets Delivered 		= 345
  Output Requests 			= 377
  Routing Discards 			= 0
  Discarded Output Packets 		= 0
  Output Packet No Route		= 0
  Reassembly Required 			= 0
  Reassembly Successful 		= 0
  Reassembly Failures 			= 0
  Datagrams Successfully Fragmented 	= 0
  Datagrams Failing Fragmentation 	= 0
  Fragments Created 			= 0

ICMPv4 Statistics	

			    Received 	Sent
  Messages 		    6 	 	14
  Errors 		    0 	 	0
  Destination Unreachable   6 		14
  Time Exceeded 	    0 		0
  Parameter Problems 	    0 		0
  Source Quenches 	    0 		0
  Redirects 		    0 		0
  Echo Replies 		    0 		0
  Echos 		    0 		0
  Timestamps 		    0 		0
  Timestamp Replies 	    0 		0
  Address Masks 	    0 		0
  Address Mask Replies 	    0 		0
  Router Solicitations 	    0 		0
  Router Advertisements     0 		0

ICMPv6 Statistics

  			    Received 	Sent
  Messages 		    3 		7
  Errors 		    0 		0
  Destination Unreachable   0 		0
  Packet Too Big 	    0 		0
  Time Exceeded 	    0 		0
  Parameter Problems 	    0 		0
  Echos 		    0 		0
  Echo Replies 		    0 		0
  MLD Queries 		    0 		0
  MLD Reports 		    0 		0
  MLD Dones 		    0 		0
  Router Solicitations 	    0 		6
  Router Advertisements     3 		0
  Neighbor Solicitations    0 		1
  Neighbor Advertisements   0 		0
  Redirects 		    0 		0
  Router Renumberings 	    0 		0

TCP Statistics for IPv4

  Active Opens  			= 527
  Passive Opens 			= 2
  Failed Connection Attempts 		= 1
  Reset Connections 			= 301
  Current Connections 			= 1
  Segments Received 			= 8101
  Segments Sent 			= 6331
  Segments Retransmitted 		= 301

TCP Statistics for IPv6

  Active Opens 				= 1
  Passive Opens 			= 1
  Failed Connection Attempts 		= 0
  Reset Connections 			= 1
  Current Connections 			= 0
  Segments Received	 		= 142
  Segments Sent 			= 142
  Segments Retransmitted 		= 0

UDP Statistics for IPv4

  Datagrams Received 			= 6703
  No Ports 				= 0
  Receive Errors 			= 0
  Datagrams Sent 			= 6011

UDP Statistics for IPv6

  Datagrams Received 			= 32
  No Ports 				= 0
  Receive Errors 			= 0
  Datagrams Sent 			= 200
C:\>
[Previous] [Contents] [Next]

In this tutorial:

  1. TCP/IP Tools and Commands
  2. Using the arp Command
  3. Using the hostname Command
  4. Renewing an IP lease
  5. Using the nbtstat Command
  6. Using the netdiag Utility
  7. Using the netstat Command
  8. Using the nslookup Command
  9. Displaying DNS records
  10. DNS-Land
  11. Using the pathping Command
  12. Using the ping Command
  13. Using the route Command
  14. Using the tracert Command