Introduction to netstat: what is netstat and how does it work?
netstat provides statistics about all active connections so you can find out which computers or networks a PC is connected to. You can use the network tool for Windows, Linux, and macOS conveniently via the command line.
$1 Domain Names
Register great TLDs for less than $1 for the first year.
Why wait? Grab your favorite domain name today!
What is netstat?
Netstat — derived from the words network and statistics — is a program that’s controlled via commands issued in the command line. It delivers basic statistics on all network activities and informs users on which ports and addresses the corresponding connections – TCP and UDP – are running and which ports are open for tasks.
In 1983, netstat was first implemented into the Unix derivative BSD (Berkley Software Distribution), whose version 4.2 supported the first Internet protocol family TCP/IP. netstat has been integrated into Linux since its debut in 1991 and has been present in Windows since the release of version 3.11 (1993), which could also communicate via TCP/IP with the help of extensions. While the parameters of netstat commands (as well as their outputs) differ from system to system, when it comes to their functions, the various implementations are very similar.
Essentially, netstat is a command line program and for this reason doesn’t feature a graphical user interface. Programs like TCPView, which was developed by the Microsoft division Windows Sysinternals, makes it possible for statistics to be displayed graphically.
Why it makes sense to use netstat
Knowing about the incoming and outgoing connections of your computer or server gives you a big advantage in the fight against disproportionate traffic and malicious software. These connections are established via the respective network address, which indicates, among other things, which port was opened in advance for data exchange.
The big problem with these open ports is the fact that they offer third parties the opportunity to sneak malware into your system. Moreover, there is a possibility that a Trojan that is already in your system may install a so-called backdoor and open a corresponding port in the process. For this reason, you should regularly check the ports opened by your system. netstat is excellent for this.
Thanks to the detailed statistics, you can also get information about the packets transferred since the last system start and any errors that occurred. Also, the routing table, which gives information about the data packets’ journey through the network, can be displayed with the help of netstat.
For a meaningful result, all other programs such as your Internet browser should be closed before using netstat, since they often connect to computers that have unknown IP addresses.
How does netstat work?
In Windows operating systems, you can use the netstat services via the command line (cmd.exe). So, in Windows you need the command prompt, which you can start at any time via “Run” by pressing the key combination [Windows key] + [R] and entering “cmd”. In macOS and Linux, launch the Terminal to use the network tool.
The syntax of netstat’s commands varies from system to system. However, it basically has the following pattern:
netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p Protocol] [-r] [-s] [-t] [-x] [-y] [Interval]
Typical for the listing of the parameters is a preceding hyphen (-), which you only have to put in front of the first link when combining several options:
netstat [-OPTION1] [-OPTION2] [-OPTION3] …
If you only use the hyphen with the first parameter, you don’t have to put spaces between the single netstat options!
netstat commands using Windows as an example
[OPTION] | Command | Description |
netstat | Standard listing of all active connections | |
-a | netstat -a | Displays all active ports |
-e | netstat -e | Shows statistics about your network connection (received and sent data packets, etc.) |
-i | netstat -i | Brings up the netstat overview menu |
-n | netstat -n | Numerical display of addresses and port numbers |
-p protocol | netstat -p TCP | Displays the connections for the specified protocol, in this case TCP (also possible: UDP, TCPv6, or UDPv6) |
-q | netstat -q | Lists all connections, all listening TCP ports, and all open TCP ports that are not listening |
-r | netstat -r | Displays the IP routing table |
-s | netstat -s | Retrieves statistics about the important network protocols such as TCP, IP, or UDP |
The table lists only some of the available commands for using netstat in Windows. See our detailed article on netstat commands for a complete listing — for Linux and macOS, among others.
Examples for the use of netstat
In order to make the use of the listed netstat commands for Windows easier to understand, we will show you some example commands (Windows):
List of all connections for the IPv4 protocol
If you don’t want to retrieve all active connections, but only all active IPv4 connections, you can do this using the netstat command:
netstat -p IP
Accessing statistics using the ICMPv6 protocol
If you only want to obtain statistics on the ICMPv6 protocol, enter the following command in the command line:
netstat -s -p icmpv6
The output will then look something like this:
Display of all open ports and active connections (numeric and process ID included)
One of the most popular netstat commands is undoubtedly to query all open ports and active connections (including process ID) in numeric form:
netstat -ano
Related articles
What is Traceroute (tracert)?
Whether at home or at your business: network issues can really grind one’s gears. When ensuring that all the cables have been connected and the settings have been checked multiple times is of no help, it may be time to make use of traceroute or tracert. These help users find the source of all their frustration.
What is chmod?
With Linux, access rights for directories and files are often set through the terminal where file owners can be defined and groups can be assigned. With the ‘chmod’ command, user classes can be assigned certain file rights. Access rights in the Unix file system can be changed in two different ways: symbolic or numeric. Find out more about both notation types here.
Maksim KabakouShutterstock Creating a batch file: How to write your own .bat file
Windows operating systems can be controlled and configured in a wide variety of ways. To this day, experienced administrators use Command Prompt, the Windows command-line interpreter, for this purpose. If you want to have Windows automatically process a sequence of commands, you can create a batch file. This tutorial will show you how.
isak55Shutterstock Netsh – how to manage networks with Netsh commands
Netsh is a versatile command line tool for administrating networks on Windows. Once you’ve learned the syntax and its special structure, you can solve a range of tasks and problems. Get to know the Netsh commands and find out how to administrate Windows networks comfortably, and efficiently via Windows command prompt.
Port tests: Checking open ports with a port check
Ports are the doors through which operating systems and software communicate with the Internet. Data can be transmitted in both directions via open ports and assigned to specific target addresses and local applications. At the same time, open ports can create a vulnerability and a point of entry for malware and hackers. As such, regularly checking for open ports is recommended. Learn how to check…