Use the Netstat Command and its options
The Command Prompt command known as netstat, or "network statistics," is used to display incredibly precise information about how your computer is interacting with other computers or network devices.
- In particular, it may display information on specific network connections, general and protocol-specific networking statistics, and much more, all of which could be used to solve specific networking problems.
Command availability for Netstat
- Most versions of Windows, including Windows 11, Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP, Windows Server, and certain earlier Windows versions, have this command available from within the Command Prompt.
- Since Netstat is a cross-platform command, it may be used in Linux and macOS as well as other operating systems.
Netstat Command Syntax
- netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-t] [-x] [-y] [time_interval] [/?]
| Netstat Command List | |
|---|---|
| Option | Explanation |
| netstat | Execute the netstat command alone to show a relatively simple list of all active TCP connections which, for each one, will show the local IP address (your computer), the foreign IP address (the other computer or network device), along with their respective port numbers, as well as the TCP state. |
| -a | This switch displays active TCP connections, TCP connections with the listening state, as well as UDP ports that are being listened to. |
| -b | This netstat switch is very similar to the -o switch listed below, but instead of displaying the PID, will display the process's actual file name. Using -b over -o might seem like it's saving you a step or two but using it can sometimes greatly extend the time it takes netstat to fully execute. |
| -e | Use this switch with the netstat command to show statistics about your network connection. This data includes bytes, unicast packets, non-unicast packets, discards, errors, and unknown protocols received and sent since the connection was established. |
| -f | The -f switch will force the netstat command to display the Fully Qualified Domain Name (FQDN) for each foreign IP addresses when possible. |
| -n | Use the -n switch to prevent netstat from attempting to determine host names for foreign IP addresses. Depending on your current network connections, using this switch could considerably reduce the time it takes for netstat to fully execute. |
| -o | A handy option for many troubleshooting tasks, the -o switch displays the process identifier (PID) associated with each displayed connection. See the example below for more about using netstat -o. |
| -p | Use the -p switch to show connections or statistics only for a particular protocol. You can not define more than one protocol at once, nor can you execute netstat with -p without defining a protocol. |
| protocol | When specifying a protocol with the -p option, you can use tcp, udp, tcpv6, or udpv6. If you use -s with -p to view statistics by protocol, you can use icmp, ip, icmpv6, or ipv6 in addition to the first four I mentioned. |
| -r | Execute netstat with -r to show the IP routing table. This is the same as using the route command to execute route print. |
| -s | The -s option can be used with the netstat command to show detailed statistics by protocol. You can limit the statistics shown to a particular protocol by using the -soption and specifying that protocol, but be sure to use -s before -p protocol when using the switches together. |
| -t | Use the -t switch to show the current TCP chimney offload state in place of the typically displayed TCP state. |
| -x | Use the -x option to show all NetworkDirect listeners, connections, and shared endpoints. |
| -y | The -y switch can be used to show the TCP connection template for all connection. You cannot use -y with any other netstat option. |
| time_interval | This is the time, in seconds, that you'd like the netstat command to re-execute automatically, stopping only when you use Ctrl-C to end the loop. |
| /? | Use the help switch to show details about the netstat command's several options. |
Tip:- Use a redirection operator to send what is displayed on the screen to a text file, making it easier to manage all that netstat data in the command line. For further instructions, see How to Redirect Command Output to a File.
Netstat Command Examples
netstat -f
In this first example, we execute netstat to show all active TCP connections. However, we want to see the computers that we're connected to in FQDN format [-f] instead of a simple IP address.
Here's an example of what you might see:
Active Connections
Proto Local Address Foreign Address State
TCP 127.0.0.1:5357 VM-Windows-7:49229 TIME_WAIT
TCP 127.0.0.1:49225 VM-Windows-7:12080 TIME_WAIT
TCP 192.168.1.14:49194 75.125.212.75:http CLOSE_WAIT
TCP 192.168.1.14:49196 a795sm.avast.com:http CLOSE_WAIT
TCP 192.168.1.14:49197 a795sm.avast.com:http CLOSE_WAIT
TCP 192.168.1.14:49230 TIM-PC:wsd TIME_WAIT
TCP 192.168.1.14:49231 TIM-PC:icslap ESTABLISHED
TCP 192.168.1.14:49232 TIM-PC:netbios-ssn TIME_WAIT
TCP 192.168.1.14:49233 TIM-PC:netbios-ssn TIME_WAIT
TCP [::1]:2869 VM-Windows-7:49226 ESTABLISHED
TCP [::1]:49226 VM-Windows-7:icslap ESTABLISHED
