NETSTAT is command line utility in Windows and Linux Operating systems that provides a way to verify whether TCP/IP parameters are working and connections are being formed. Netstat utility provides TCP and UDP protocol information and it becomes very essential in diagnosing the network and application association issues. In fact it becomes more useful for Resident/Desktop engineers with access to end user devices only like Desktops and laptops.
A scenario for more clarity of NETSTAT based troubleshooting:
“SYN_SENT” signifies that local client has initiated a TCP socket to connect to a server socket. If acknowledged by the server, the client socket state will proceed to ESTABLISHED. “Established” state confirms end to end transport layer between local host and remote server or endpoint is complete. if end host stays in “SYN_SENT” state , it may be due to firewall blocking the communication or network layer issue like destination not reachable etc. In fact malware connections may also be diagnosed like when so many connections are initiated by local windows PC.
Below is the command syntax for NETSTAT :
| OPTION | NETSTAT |
|---|---|
| -a | Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions. |
| -b | Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions. |
| -e | Displays Ethernet statistics. This may be combined with the -s option |
| -f | Displays Fully Qualified Domain Names (FQDN) for foreign addresses |
| -n | Displays addresses and port numbers in numerical form |
| -o | Displays the owning process ID associated with each connection |
| -p proto | Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the –s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6. |
| -r | Displays the routing table. |
| -s | Displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default. |
| -t | Displays the current connection offload state. |
| -x | Displays Network Direct connections, listeners, and shared endpoints |
| -y | Displays the TCP connection template for all connections. Cannot be combined with the other options. |
| interval | Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once. |
Download the table here.
![NETSTAT is command line utility in Windows and Linux Operating systems that provides a way to verify whether TCP/IP parameters are working and connections are being formed.Nestat utility provides TCP and UDP protocol information and it becomes very essential in diagnosing the network and application association issues.Infact it becomes more useful for Resident/Desktop engineers with access to end user devices only like Desktops and laptops. A scenario for more clarity of NETSTAT based troubleshooting – “SYN_SENT” signifies that local client has initiated a TCP socket to connect to a server socket. If acknowledged by the server, the client socket state will proceed to ESTABLISHED. “Established” state confirms end to end transport layer between local host and remote server or endpoint is complete. if end host stays in “SYN_SENT” state , it may be due to firewall blocking the communication or network layer issue like destination not reachable etc.Infact malware connections may also be diagnosed like when so many connections are initiated by local windows PC. Below is the command syntax for NETSTAT – NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-x] [-t] [interval]](https://ipwithease.com/wp-content/uploads/2020/10/NETSTAT-TABLE.jpg)
Continue Reading:
TCP FLAGS : All you want to know
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
