26288 total geeks with 3498 solutions
Recent challengers:
 Welcome, you are an anonymous user! [register] [login] Get a yourname@osix.net email address 

Articles

GEEK

User's box
Username:
Password:

Forgot password?
New account

Shoutbox
MaxMouse
It's Friday... That's good enough for me!
CodeX
non stop lolz here but thats soon to end thanks to uni, surely the rest of the world is going good?
stabat
how things are going guys? Here... boring...
CodeX
I must be going wrong on the password lengths then, as long as it was done on ECB
MaxMouse
lol... the key is in hex (MD5: of the string "doit" without the "'s) and is in lower case. Maybe i should have submitted this as a challenge!

Donate
Donate and help us fund new challenges
Donate!
Due Date: May 31
May Goal: $40.00
Gross: $0.00
Net Balance: $0.00
Left to go: $40.00
Contributors


News Feeds
The Register
SoftBank gives
Washington veto
over Sprint board
job
STROKE this mouse
to make apps POP,
says Microsoft
Oz shared services
collapse looks bad
for NetApp
Googlerola loses
bid to ban US Xbox
sales after ITC
slapdown
Samsung, carriers
tout first Tizen
mobes for late 2013
Google to double
encryption key
lengths for SSL
certs by year"s end
Facebook Home phone
plans canned in the
UK
Joyent cuts prices
on cloudy
infrastructure
Yahoo! continues
quest for youth
with yet another
acquisition
Internet2 superfast
boffin network
peers with Azure
cloud
Slashdot
Cockroaches
Evolving To Avoid
Roach Motels
Meet the 23-Ton
X-Wing, the World"s
Largest Lego Model
Android Malware
Intercepts Text
Messages, Forwards
To Criminals
Scientists Growing
New Crystals To
Make LED Lights
Better
Google Takes Street
View To the
Galapagos Islands
Bitcoin"s Success
With Investors
Alienates Earliest
Adopters
WIPO Panel Says Ron
Paul Guilty of
Reverse Domain Name
Hijacking
Red Hat"s Diane
Mueller Talks About
OpenShift (Video)
5-Pound UAV Flies
For 50 Minutes,
Streams HD From
Over 3 Miles
Google Code
Deprecates Download
Service For Project
Hosting
Article viewer

The Netstat command



Written by:splintty
Published by:Nightscript
Published on:2004-07-08 21:13:02
Topic:Networking
Search OSI about Networking.More articles by splintty.
 viewed 16648 times send this article printer friendly

Digg this!
    Rate this article :
Netstat is a windows shell command to show you whats happening on your network connections.

I thought that the shell command netstat deserved a paper on it because it is pretty interesting but I don't know everything about it so here's what I know:


When you launch your cmd.exe 'command prompt' you have many, many commands that not many people know about. This one permits you to get the IP of someone connected to you.

At the command prompt, type netstat -all
You will get the following:
NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.


Now that you know what they all do, type netstat -a

You will get something like this:
Active Connections

Proto Local Address Foreign Address State
TCP tip:epmap tip:0 LISTENING
TCP tip:microsoft-ds tip:0 LISTENING
TCP tip:1025 tip:0 LISTENING
TCP tip:1026 tip:0 LISTENING
TCP tip:3389 tip:0 LISTENING
TCP tip:4544 tip:0 LISTENING
TCP tip:5000 tip:0 LISTENING
TCP tip:3001 tip:0 LISTENING
TCP tip:3002 tip:0 LISTENING
TCP tip:3003 tip:0 LISTENING
TCP tip:3006 tip:0 LISTENING
TCP tip:4544 jimmyj.ircd:6667 ESTABLISHED
TCP tip:4568 logv17.xiti.com:http TIME_WAIT
TCP tip:4571 logv17.xiti.com:http TIME_WAIT
UDP tip:microsoft-ds *:*
UDP tip:isakmp *:*
UDP tip:3010 *:*
UDP tip:3021 *:*
UDP tip:3022 *:*
UDP tip:3810 *:*
UDP tip:1900 *:*
UDP tip:4557 *:*
UDP tip:1900 *:*

"LISTENING" means he is waiting for info on that port but hasn't connected yet.

"ESTABLISHED" means the connection is established (tough one, heh?)

"TIME_WAIT" means he is still waiting to establish a connection

the -n option is a good one : eg
Active Connections

Proto Local Address Foreign Address State
TCP 193.248.181.169:4544 67.130.99.243:6667 ESTABLISHED
TCP 193.248.181.169:4616 205.188.8.226:5190 ESTABLISHED
TCP 193.248.181.169:4621 205.188.250.25:80 TIME_WAIT
TCP 193.248.181.169:4627 64.236.46.56:80 ESTABLISHED
TCP 193.248.181.169:4628 64.236.46.56:80 ESTABLISHED
TCP 193.248.181.169:4629 64.12.164.153:80 ESTABLISHED
TCP 193.248.181.169:4630 64.12.164.153:80 CLOSE_WAIT

Basically, it simply displayes the address in numerical IP address format

I was running icq.
This command (netstat -n) allows you to get the IPs of people that are connected to you.

Now just look, dig and discover as I did you will find out that windows has much more then you think.
Did you like this article? There are hundreds more.

Comments:
Obscurity
2004-07-09 02:30:20
I like the fact that you went into some detail about the Netstat function, but I think this could have been better in something like a Tell All Windows guide.

You want to look into writing something like that in the future
splintty
2004-07-10 13:55:24
okay i will i just need to find the time...
txs
VMOFO
2004-09-14 11:48:46
Obscurity, you're the man and I'm just the little boy but this belongs in the networking section. Adims use this tools to make sure things are going good or to help some on the network trouble shoot a problem.
But I may be wrong.
rapture
2004-12-16 13:44:09
yeah, netstat is important, needs to be understood
Anonymous
2007-02-26 04:50:39
Hi,

Perhaps more info on more switches. For instance netstat -an |find "1433" This gets the number of connections to your sql server. Handy to find out if and how application servers are performing.

Anonymously add a comment: (or register here)
(registration is really fast and we send you no spam)
BB Code is enabled.
Captcha Number:


Blogs: (People who have posted blogs on this subject..)
everyMan
Blog entry for Thu 1st Feb 1am on Thu 1st Feb 2am
I need to write "run.pl" that calls expect script. the expect will the take the user and pass given in run.pl and telnet to another device.

Test Yourself: (why not try testing your skill on this subject? Clicking the link will start the test.)
Hubs / Switches & Cable Wires/Wireless by DocHoliday

This test is revolved around networking with hubs and of course switches in which are performed to create a network route.
Beginning Networking by truthseeker

Basic, beginning networking test. Covers a little of everything, protocols, hardware, OSI model, etc.
Networking by emmanuelmalanda

simple exercise to test one's knowledge on various networking aspects
Various Networking (part 2) by think12

Started as a Ethernet based test, but... It grew a mind of its own
Various Networking (pt1) by think12

Mainly protocols

     
Your Ad Here
 
Copyright Open Source Institute, 2006