The internet unifies various computer networks around the world and gives users excellent opportunities to exchange data and information. As soon as a file is transferred from point A to point B, the overview on the existing connection is lost. The result of this is that unwanted or resource-intensive network activities are often discovered too late or not at all. In order to find out which computers or networks a PC is connected to, netstat provides statistics on all active connections. The following text reveals what exactly makes this network tool tick and how it’s properly used.
netstat — derived from the words network and statistics — is a program that’s controlled via commands issued in the command line. It delivers basic statistics on all network activities and informs users on which ports and addresses the corresponding connections (TCP, UDP) are running and which ports are open for tasks. In 1983, netstat was first implemented into the Unix derivative BSD (Berkley Software Distribution), whose version 4.2 supported the first internet protocol family, TCP/IP. netstat has been integrated into Linux since its debut in 1991 and has been present in Windows since the appearance of version 3.11 (1993), which could also communicate via TCP/IP with the help of extensions. While the parameters of netstat’s commands (as well as their outputs) differ from system to system, when it comes to their functions, the various implementations are very similar.
Essentially, netstat is a command line program and for this reason doesn’t feature a graphical user interface. Programs like TCPView, which was developed by the Microsoft division Windows Sysinternals, makes it possible for statistics to be displayed graphically.
When dealing with excessive traffic and malicious software it’s advantageous to be informed about the inbound and outbound connections to your computer. These are created via their respective network addresses that indicate which ports were preemptively opened for exchanging data. Once a port is opened, it receives the status ‘LISTEN’ and waits for connection attempts. One problem of having these ports remain open is that your system is then left vulnerable to malware. What’s more, there’s also a chance that Trojan viruses already found in your system may install a backdoor, opening up a corresponding port in the process. For this reason, you should always regularly check the ports opened by your system, a task for which netstat is particularly well suited. Thanks to the fact that you’ll be able to find the diagnosis tool on virtually every system, whether it be Unix, Linux, Windows, or Mac, this program offers a unified solution for all computers and servers.
Possible infections can be caught based on unknown opened ports or unknown IP addresses. In order to obtain an informative result, all other programs, such as your internet browser, should be turned off. This is due to the fact that these are often connected with computers that possess unknown IP addresses. Thanks to the detailed statistics, users also receive information on the packets that have been transferred since the last system start as well as notices of any errors that have occurred. The routing table, which delivers information on the paths data packets takes through the net, can be displayed with the help of the system-specific netstat command.
Under Linux, netstat’s syntax follows the simple pattern as follows:
netstat [OPTION]
The options are composed of different modes (e.g. the default port analysis, the routing table display, or different protocol options) that help with transparency and/or specification of the results. Typical for Unix/Linux, all options contain a long name, which is preceded by two hyphens, and a short name, which is preceded by one single hyphen. The three modes start with the following commands:
| [OPTION] | Abbreviation | Command | Mode description |
|---|---|---|---|
| sudo netstat | Standard mode that delivers information on all active network connections | ||
| --route | -r | sudo netstat -r | Allows the routing table to be called up |
| --interface | -i | sudo netstat -i | Statistics on transferred data packets sent to individual network interfaces |
| --statistics | -s | sudo netstat -s | Detailed statistics |
| --groups | -g | sudo netstat -g | Gives information on multicasting (network data traffic that’s sent to a group of terminal points) |
While these modes cannot be combined with one another in a command, this does remain a possibility for protocol options, which are particularly relevant for the standard mode. One popular combination involves listing all of your system’s netstat ports that are accessible to other computers.
With the command sudo netstat -tulpen all ports available for other computers are listed
The following table shows which individual parameters this netstat command is composed of and which additional protocol options are possible:
| [OPTION] | Abbreviation | Command | Description of options |
|---|---|---|---|
| --listening | -l | sudo netstat -l | Only open ports (‘LISTEN’ status) are displayed |
| --all | -a | sudo netstat -a | Existing connections and open ports are shown |
| --tcp | -t | sudo netstat -t | Lists al TCP connections |
| --udp | -u | sudo netstat -u | Lists all UDP connections |
| --numeric | -n | sudo nestat -n | All numbers (IP addresses, protocols, IDs) are displayed numerically in their original form |
| --extend | -e | sudo netstat -e | Extended information |
| --program | -p | sudo netstat -p | Provides information on process IDs and programs |
In Windows operating systems, netstat services are also used via the command line (cmd.exe). These can be found in the start menu under ‘All programs’ -> ‘Accessories’ -> ‘Command Prompt’. Alternatively, you can also start the command line via ‘run’ (press Windows key + ‘R’ and enter ‘cmd’)
netstat [OPTION]
The individual parameters largely vary from one another and are only available in their shortened form, not in their written-out forms. Here’s an overview of the most important netstat-cmd commands:
| [OPTION] | Command | Option description |
|---|---|---|
| -i | netstat -i | Calls up the netstat overview menu |
| netstat | Standard listing of all active connections | |
| -a | netstat -a | Additonally lists the open ports (‘LISTEN’) |
| -e | netstat -e | Interface statistic (received and sent data packets, etc.) |
| -n | netstat -n | Numeric display of addresses and port numbers |
| -o | netstat -o | Adds respective process IDs |
| -r | netstat -r | Displays the routing table |
| -p protocol | netstat -p TCP | Displays the connection for the indicated protocol, in this case TCP (UDP, TCPv6 or UDPv6 are also possible) |
Combining individual options works, as is typically done with Linux, is possible by stringing together individual parameters as long as there is a connection. One popular netstat cmd command with which both open ports as well as active connections can be shown is:
netstat -ano
The command netstat -ano numerically lists all open ports and active connections including process ID
Whether at home or at your business: network issues can really grind one’s gears. When ensuring that all the cables have been connected and the settings have been checked multiple times is of no help, it may be time to make use of traceroute or tracert. These help users find the source of all their frustration.
For server operators, security is of the utmost importance. Only those who have developed and set up a foolproof defense strategy are ready for drastic situations. As well as regular protection mechanisms, like security software, backups, and encryption, there are also some useful tools and frameworks that may come in handy in the fight against intruders. We have laid out essential details on the...
If independently installing the software package for your hosting project is your goal, then you might consider choosing one of the many free components out there. Sooner or later you are bound to encounter the widely used and very popular LAMP stack software bundle. But what exactly makes this package so attractive in comparison to alternative options?
With Linux, access rights for directories and files are often set through the terminal. There, file owners can be defined and groups can be assigned. With the command, chmod, user classes can be assigned certain file rights. Access rights in the Unix file system can be changed in two different ways: symbolic or numeric. Find out more about both notation types here.
