Netstat command in Windows
(Applies to Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2, Windows Server 2012)
Display active TCP connections, ports at which the computer is listening and simultaneously display Ethernet statistics, IP routing tables, IPv4 statistics (for IP protocols, ICMP, TCP and UDP) and IPv6 statistics (for IPv6, ICMPv6, TCP over IPv6 and UDP via IPv6 protocol).Without using parameters, netstat displays active TCP connections.
Syntax
netstat [-a] [-e] [-n] [-o] [-p] [-r] [-s] []
Parameters
Parameters
Describe
-a
Displays all active TCP connections, as well as TCP and UDP ports on which the computer is listening.
-e
Display Ethernet statistics, such as number of bytes and packets sent and received.This parameter can be combined with -s.
-n
Display of active TCP connections, however, addresses and port numbers are denoted as numeric but cannot specify a specific name.
-o
Displays active TCP connections and includes Process ID (Process ID - PID) for each connection.You can find the application by looking up the PID on the Processes tab in Windows Task Manager.This parameter can be combined with -a, -n and -p.
-p
Displays the connection for the protocol specified byProtocol . In this case, the Protocol can be tcp, udp, tcpv6 or udpv6. If this parameter is used with -s to display statistics by protocol, Protocolcan be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6 or ipv6.
-S
Display statistics by protocol.By default, the statistics are displayed for TCP, UDP, ICMP and IP protocols.If the IPv6 protocol is installed, the statistics will be displayed for the TCP protocol via IPv6, UDP over IPv6, ICMPv6 and IPv6.The -p parameter can be used to specify a set of protocols.
-r
Display the contents of the IP routing table (IP routing table).This information is equivalent to the print route command.
After every second, the selected information will be displayed again.Press CTRL + C to stop the display process again.If this parameter is omitted, netstat only prints the selected information once.
/?
Show help at thecommand prompt.
Note
- The parameters used with this command must be preceded by a hyphen (-) instead of a slash (/).
- The netstat command provides statistics for the following objects:
- The name of the protocol (TCP or UDP).
- Local address.The IP address of the local computer and the port number is being used.The name of the local computer corresponds to the IP address and the name of the port is displayed unless the -n parameter is specified.If the port is not set, the port number is displayed as an asterisk (*).
- Remote address.The IP address and port number of the remote computer are connected.Remote computer names corresponding to the IP address and port are displayed unless the -n parameter is specified.If the port is not set, the port number is displayed as an asterisk (*).
- Status.Indicates the status of TCP connections.The states may be as follows: CLOSE_WAIT CLOSED ESTABLISHED FIN_WAIT_1 FIN_WAIT_2 LAST_ACK listEN SYN_RECEIVED SYN_SEND timeD_WAIT for more information on the status of the TCP connection, refer to Rfc 793.
- This command can only be used if the Internet Protocol (TCP / IP) protocol is installed as a component in the properties of the network adapter in the Network Connections system.
For example
To display both Ethernet statistics as well as statistics for all protocols, type:
netstat -e -s
To display only statistics for TCP and UDP protocols, type:
netstat -s -p tcp udp
To display active TCP connections and process IDs every 5 seconds, type:
netstat -o 5
To display active TCP connections and process IDs in digital form, type:
netstat -n -o
See more:
- Netcfg command in Windows
- Nbtstat command in Windows
- Bitsadmin create command in Windows
- Bcdboot command in Windows
- The bcdedit command in Windows
You should read it
- How to use the Netstat command in Windows 11 to monitor network activity
- Top 10 examples of Netstat commands on Linux
- 10 useful commands in Windows you should know
- How to use ss command on Linux
- Determine which system is attacked by Windows commands
- Del command in Windows
- How to check open ports in Linux
- Set command in Windows
- How to See Active Network Connections (Windows)
- Cmd command in Windows
- Command at in Windows
- Fc command in Windows
Maybe you are interested
Using tcpdump to analyze traffic
How to reset TCP/IP on Windows 10 and Windows 11
How to find open and blocked TCP / UDP ports
Most cyber attacks focused on these 3 TCP ports only
Configure TCP / IP to use DHCP and static IP address at the same time
TCP / IP Troubleshooting: Structural Methods - Part 1: Introduction