What Is Netstat Command and How to Use It

Daisy updated on Jan 11, 2024 to Knowledge Center | How-to Articles

The netstat command is a powerful tool that can be used to view network statistics and information. This article provides a detailed explanation of the netstat command and its commonly used options.

Netstat is a command-line tool that displays active network connections, routing tables, and other network interface information. It can be used to troubleshoot problems on your computer or server, or to identify security threats. In this article, we will discuss what netstat is used for, how to run the netstat command, and what the netstat results mean.

What is netstat command used for?

Netstat stands for "network statistics".  If you're having difficulties accessing the internet, the netstat command can help you identify where the problem lies. Netstat will display all of your computer's active network connections and the status of those connections. If a connection is not working, netstat can often provide more information about why it is not working.

Netstat can also be used to monitor your computer for security threats. By default, netstat does not show listening ports, so you will need to use the -l option to see them. If you discover any unusual or unfamiliar listening ports, it's possible that someone is attempting to gain access to your system without permission.

How do I run netstat command?

To use netstat, open a command prompt or terminal window and type "netstat" followed by the options you want to use. For example, you can follow these steps to give netstat a try:

Step 1: Open the start menu, type cmd into the search box, and press Enter to launch the command prompt.

Step 2: Type netstat at the prompt and press Enter. The netstat command will now display a list of all active network connections.

If you want to view all active network connections, just type netstat -a. Many other netstat options allow you to customize its output; type "netstat /?" for a full list at the command prompt.

To stop netstat output, just press the Control + C keys to exit.

What do netstat results mean?

The netstat command shows active network connections and displays information about them. It includes the status of the connection, the networking protocol, local and remote computer IP address, and more.

  • Proto -The networking protocol and it could be protocols like TCP, UDP, etc.
  • Local Address - The local computer's IP address and the port number being utilized. Unless the -n switch is used, the hostname and port corresponding to the IP address will be displayed. An asterisk (*) indicates that the port has not yet been assigned if one has not yet been set up.
  • Foreign Address - The remote computer's IP address and port number to which the socket is linked. The names that relate to the IP address and port are displayed unless the -n switch is used. If no port has yet been assigned, an asterisk (*) appears in place of the port number.
  • State - Indicates an active TCP connection's status,  including:
    • CLOSE_WAIT
    • CLOSED
    • ESTABLISHED
    • FIN_WAIT_1
    • FIN_WAIT_2
    • LAST_ACK
    • LISTEN
    • SYN_RECEIVED
    • SYN_SEND
    • TIMED_WAIT

What is netstat command syntax?

NETSTAT [-a] [-b] [-e] [-f] [-i] [-n] [-o] [-p Protocol ] [-r] [-s] [-t] [-x] [-y] [interval] [/?]

The netstat command syntax varies depending on the options and arguments used. You can find the table below to explore a detailed explanation for each option.

Parameter Description
-a Shows all current active TCP connections and the ports on which the computer is listening.
-b Display the program that created each connection or listening port. In some circumstances, well-known executables contain numerous distinct components, and in these situations, the order of elements involved in establishing a connection or listening port is displayed.
-e Displays information about all the Ethernet adapters on your computer. This parameter can be combined with -s.
-n Display active network connections and their status without resolving hostnames or port names.
-o Display active network connections and their status, as well as the process ID of the program that is using each connection. This parameter can be in conjunction with -a, -n, and -p.
-p Protocol Display all active connections for the specified protocol. The protocols can be TC, UDP, ICMP, and IP.
-s Displays statistics for all the protocols that are currently being used.
-r Displays the routing table for your computer. This is the same as using the route print command.
Interval Display active network connections and their status at the specified interval. You can press CTRL+C to stop it.
/? Displays help at the command prompt.

In closing

The netstat command is a powerful networking tool that can provide you with a wealth of information about your computer's network connections. By understanding the different options and switches available with netstat, as well as what the results mean, you can use this command to troubleshoot network issues, and more. Don't be afraid to experiment with netstat; it's a great way to learn more about how your computer communicates over the network. Have fun exploring all that this command has to offer!