NETSTAT – TCP/UDP ACTIVE CONNECTION DISPLAY TOOL

NETSTAT is command line utility in Windows and Linux Operating systems that provides a way to verify whether TCP/IP parameters are working and connections are being formed. Nestat utility provides TCP and UDP protocol information and it becomes very essential in diagnosing the network and application association issues. Infact it becomes more useful for Resident/Desktop engineers with access to end user devices only like Desktops and laptops.

A scenario for more clarity of NETSTAT based troubleshooting:

SYN_SENT” signifies that local client has initiated a TCP socket to connect to a server socket. If acknowledged by the server, the client socket state will proceed to ESTABLISHED. “Established” state confirms end to end transport layer between local host and remote server or endpoint is complete. if end host stays in “SYN_SENT” state , it may be due to firewall blocking the communication or network layer issue like destination not reachable etc.Infact malware connections may also be diagnosed like when so many connections are initiated by local windows PC.

Advertisements

Below is the command syntax for NETSTAT :

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-x] [-t] [interval]
OPTIONNETSTAT
-aDisplays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.
-bDisplays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.
-eDisplays Ethernet statistics. This may be combined with the -s option
-fDisplays Fully Qualified Domain Names (FQDN) for foreign addresses
-nDisplays addresses and port numbers in numerical form
-oDisplays the owning process ID associated with each connection
-p proto
Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the –s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-rDisplays the routing table.
-sDisplays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default.
-tDisplays the current connection offload state.
-xDisplays Network Direct connections, listeners, and shared endpoints
-yDisplays the TCP connection template for all connections. Cannot be combined with the other options.
intervalRedisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.

Download the table here.

NETSTAT is command line utility in Windows and Linux Operating systems that provides a way to verify whether TCP/IP parameters are working and connections are being formed.Nestat utility provides TCP and UDP protocol information and it becomes very essential in diagnosing the network and application association issues.Infact it becomes more useful for Resident/Desktop engineers with access to end user devices only like Desktops and laptops. A scenario for more clarity of NETSTAT based troubleshooting – “SYN_SENT” signifies that local client has initiated a TCP socket to connect to a server socket. If acknowledged by the server, the client socket state will proceed to ESTABLISHED. “Established” state confirms end to end transport layer between local host and remote server or endpoint is complete. if end host stays in “SYN_SENT” state , it may be due to firewall blocking the communication or network layer issue like destination not reachable etc.Infact malware connections may also be diagnosed like when so many connections are initiated by local windows PC. Below is the command syntax for NETSTAT – NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-x] [-t] [interval]

 

Share this:
Advertisements

Related Posts

About The Author

Add Comment

Social Media Auto Publish Powered By : XYZScripts.com
Select your currency
USD United States (US) dollar