Netstat command in Windows

(Applies to Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2, Windows Server 2012)

Display active TCP connections, ports at which the computer is listening and simultaneously display Ethernet statistics, IP routing tables, IPv4 statistics (for IP protocols, ICMP, TCP and UDP) and IPv6 statistics (for IPv6, ICMPv6, TCP over IPv6 and UDP via IPv6 protocol).Without using parameters, netstat displays active TCP connections.

Syntax

 netstat [-a] [-e] [-n] [-o] [-p] [-r] [-s] [] 

Parameters

Parameters

Describe

-a

Displays all active TCP connections, as well as TCP and UDP ports on which the computer is listening.

-e

Display Ethernet statistics, such as number of bytes and packets sent and received.This parameter can be combined with -s.

-n

Display of active TCP connections, however, addresses and port numbers are denoted as numeric but cannot specify a specific name.

-o

Displays active TCP connections and includes Process ID (Process ID - PID) for each connection.You can find the application by looking up the PID on the Processes tab in Windows Task Manager.This parameter can be combined with -a, -n and -p.

-p

Displays the connection for the protocol specified byProtocol . In this case, the Protocol can be tcp, udp, tcpv6 or udpv6. If this parameter is used with -s to display statistics by protocol, Protocolcan be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6 or ipv6.

-S

Display statistics by protocol.By default, the statistics are displayed for TCP, UDP, ICMP and IP protocols.If the IPv6 protocol is installed, the statistics will be displayed for the TCP protocol via IPv6, UDP over IPv6, ICMPv6 and IPv6.The -p parameter can be used to specify a set of protocols.

-r

Display the contents of the IP routing table (IP routing table).This information is equivalent to the print route command.

After every second, the selected information will be displayed again.Press CTRL + C to stop the display process again.If this parameter is omitted, netstat only prints the selected information once.

/?

Show help at thecommand prompt.

Note

- The parameters used with this command must be preceded by a hyphen (-) instead of a slash (/).

- The netstat command provides statistics for the following objects:

1. The name of the protocol (TCP or UDP).
2. Local address.The IP address of the local computer and the port number is being used.The name of the local computer corresponds to the IP address and the name of the port is displayed unless the -n parameter is specified.If the port is not set, the port number is displayed as an asterisk (*).
3. Remote address.The IP address and port number of the remote computer are connected.Remote computer names corresponding to the IP address and port are displayed unless the -n parameter is specified.If the port is not set, the port number is displayed as an asterisk (*).
4. Status.Indicates the status of TCP connections.The states may be as follows: CLOSE_WAIT CLOSED ESTABLISHED FIN_WAIT_1 FIN_WAIT_2 LAST_ACK listEN SYN_RECEIVED SYN_SEND timeD_WAIT for more information on the status of the TCP connection, refer to Rfc 793.

- This command can only be used if the Internet Protocol (TCP / IP) protocol is installed as a component in the properties of the network adapter in the Network Connections system.

For example

To display both Ethernet statistics as well as statistics for all protocols, type:

 netstat -e -s 

To display only statistics for TCP and UDP protocols, type:

 netstat -s -p tcp udp 

To display active TCP connections and process IDs every 5 seconds, type:

 netstat -o 5 

To display active TCP connections and process IDs in digital form, type:

 netstat -n -o 

See more:

1. Netcfg command in Windows
2. Nbtstat command in Windows
3. Bitsadmin create command in Windows
4. Bcdboot command in Windows
5. The bcdedit command in Windows