How to use netstat command?
Netstat is a utility that you can use to display your computer’s connections to the Internet. It’s a useful tool for monitoring connections and diagnosing problems. You can tweak netstat commands by adding arguments at the end of the command. Since netstat is run from a command prompt, it doesn’t require you to install special software
The command syntax is netstat [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval] A brief description of the switches is given in Table I below. Note that switches for Netstat use the dash symbol “-” rather than the slash “/”.
| Switch | Description |
|---|---|
| -a | This switch displays all connections and listening ports |
| -b | This switch displays the executable involved in creating each connection or listening port. |
| -e | Use this switch to see statistics |
| -n | This switch displays addresses and port numbers |
| -o | This switch displays ID of the owning process, associated with each connection |
| -r | Use this to see routing table |
| -s | Displays per-protocol statistics |
| -v | When used in conjunction with -b, will display sequence of components involved in creating the connection or listening port for all executables |
| -p proto | This shows you connections for the protocol specified by proto; proto may take any value out of : TCP, UDP, TCPv6, or UDPv6. |
Netstat usefulness
It is a command-line tool, which is very useful to check the behaviour of your network. It allows you to check all aspects of TCP/IP. It also tells you what all connections your machine is making presently. You can also check if any virus, malware or other unwanted script is making connection to other harmful sources and stealing your information through this command.
Some examples of usage of netstat command for non-professional users are:
Checking connections
TCP and UDP connections and their IP and port addresses can be seen by entering a command combining two switches: netstat -an
This command displays protocol, the local address, the remote address, and the connection state along with port.
Table II. Description of various connection states
| State | Description |
|---|---|
| CLOSED | server has received an ACK signal from the client and the connection is closed |
| CLOSE_WAIT | server has received the first FIN signal from the client and the connection is in the process of being closed |
| ESTABLISHED | server received the SYN signal from the client and the session is established |
| FIN_WAIT_1 | connection is still active but not currently being used |
| FIN_WAIT_2 | client just received acknowledgment of the first FIN signal from the server |
| LAST_ACK | server is in the process of sending its own FIN signal |
| LISTENING | server is ready to accept a connection |
| SYN_RECEIVED | server just received a SYN signal from the client |
| SYN_SEND | particular connection is open and active |
| TIME_WAIT | client recognizes the connection as still active but not currently being used |
How to check for unwanted or risky connections?
If u doubt that there are unwanted malwares on ur system trying to establish risky connections. You can find out which programs are making connections with the outside world, we can use the command
netstat -b
Actually, it is better to check over a period of time and we can add a number that sets the command to run at fixed intervals. Also, it is best to create a written record of the connections that are made over some period of time. The command can then be written
netstat -b 5 >> C:\connections.txt
Note that as written, this command will run with five-second intervals until stopped by entering “Ctrl+c“, which is a general command to exit. (Some reports say that this can be fairly CPU intensive so it may cause a slower, single-core machine to run sluggishly. Note that the Process ID (PID) is given. This command can be combined with other tools such as Task Manager to analyze what executable files and processes are active and are trying to make Internet connections.
------------------------Similar Posts---------------------------
Tips to protect yourself from hackers on social networking site by Imroz on March 3rd, 2009
Social networking has a very important part to play in our lives now.
Difference between virus, trojan and worm by Imroz on April 6th, 2009
The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus.
Is Kaspersky Internet Security 2010 best Security Solution for PC as of now? by Imroz on February 12th, 2010
Kaspersky Internet Security(KIS) 2010 is the latest release from Kaspersky Labs.
What are Trojan Viruses and How to get rid of them by Imroz on October 28th, 2008
.
Common Networking Commands by Imroz on February 1st, 2010
The following are common Microsoft Windows .
Popularity: 18% [?]
May 13th, 2010
[...] Imrozbaig.com » Blog Archive » How to use netstat command? Bomber Command: veterans celebrate after memorial approval …Command & Conquer Red Alert 3 PC Games Clip – Launch Trailer …OmniFootball » How Billy G could command 80k* p/w – Football Blog …Memorial to Bomber Command heroes | Inno Press ::: Up to date. Up …Command & Conquer 3:Tiberium Wars DVDOlicanalad's Games: Command and Colours – table-topCommand & Conquer 3 Tiberium Wars Map – Deep Space PlatformCommand & Conquer 4: Tiberian Twilight Class System Trailer [HD …The ship is the section of the command - Le blog de godmanCommand Injection « Linktor.com View the Contact Powered by Blog [...]