| netstat |
Displays statistics and current connections for TCP/IP.
netstat [-a] [-e] [-n] [-s] [-p protocol] [-r] [interval]
-a
Lists all TCP/IP connections and their current statuses.
-e
Displays frame statistics for network adapters (can be used with -s option).
-n
Lists addresses and port numbers as numbers instead of trying to resolve them using DNS. This is useful if DNS isn't working properly, and you want to avoid long timeouts when using netstat.
-o
Displays process ID associated with each listening port.
-s
Displays statistics and connections for all TCP/IP protocols.
-p protocol
When used in conjunction with -s option, displays statistics for the specified protocol, which can be either TCP, UDP, ICMP, or IP.
-r
Displays the routing table.
interval
Causes the output to be refreshed each specified number of seconds until Ctrl-C is pressed.
Show statistics for Ethernet frames:
netstat -e Interface Statistics Received Sent Bytes 48446148 43795441 Unicast packets 195267 207067 Non-unicast packets 12311 6830 Discards 0 0 Errors 0 0 Unknown protocols 15400
Show statistics for TCP protocol and the current state of TCP connections:
netstat -s -p tcp TCP Statistics Active Opens = 7631 Passive Opens = 4689 Failed Connection Attempts = 269 Reset Connections = 380 Current Connections = 23 Segments Received = 160892 Segments Sent = 173884 Segments Retransmitted = 680 Active Connections Proto Local Address Foreign Address State TCP test:ldap test.mtitcanada.com:4208 ESTABLISHED TCP test:ldap test.mtitcanada.com:4216 ESTABLISHED TCP test:ldap test.mtitcanada.com:4229 ESTABLISHED TCP test:ldap test.mtitcanada.com:4233 ESTABLISHED TCP test:1110 test.mtitcanada.com:ldap CLOSE_WAIT TCP test:4208 test.mtitcanada.com:ldap ESTABLISHED TCP test:4216 test.mtitcanada.com:ldap ESTABLISHED TCP test:4229 test.mtitcanada.com:ldap ESTABLISHED TCP test:4233 test.mtitcanada.com:ldap ESTABLISHED TCP test:ldap test.mtitcanada.com:3993 TIME_WAIT TCP test:ldap test.mtitcanada.com:3994 TIME_WAIT TCP test:ldap test.mtitcanada.com:4001 TIME_WAIT TCP test:ldap test.mtitcanada.com:4007 TIME_WAIT TCP test:ldap test.mtitcanada.com:4232 ESTABLISHED TCP test:microsoft-ds test.mtitcanada.com:4009 ESTABLISHED TCP test:1026 test.mtitcanada.com:1233 ESTABLISHED TCP test:1026 test.mtitcanada.com:1334 ESTABLISHED TCP test:1224 test.mtitcanada.com:ldap CLOSE_WAIT TCP test:1227 test.mtitcanada.com:3268 CLOSE_WAIT TCP test:1233 test.mtitcanada.com:1026 ESTABLISHED TCP test:1298 LEONARDO:netbios-ssn ESTABLISHED TCP test:1300 BACH:1026 ESTABLISHED TCP test:1334 test.mtitcanada.com:1026 ESTABLISHED TCP test:3712 test.mtitcanada.com:ldap CLOSE_WAIT TCP test:3936 test.mtitcanada.com:ldap CLOSE_WAIT TCP test:3995 BACH:ldap TIME_WAIT TCP test:3996 BACH:microsoft-ds TIME_WAIT TCP test:3998 test.mtitcanada.com:microsoft-ds TIME_WAIT TCP test:4001 test.mtitcanada.com:ldap TIME_WAIT TCP test:4008 BACH:ldap TIME_WAIT TCP test:4009 test.mtitcanada.com:microsoft-ds ESTABLISHED TCP test:4010 test.mtitcanada.com:epmap TIME_WAIT TCP test:4011 test.mtitcanada.com:1026 TIME_WAIT TCP test:4012 test.mtitcanada.com:epmap TIME_WAIT TCP test:4013 test.mtitcanada.com:1026 TIME_WAIT TCP test:4232 test.mtitcanada.com:ldap ESTABLISHED
The -o switch is new to WS2003.
The fields in the output of netstat are:
Proto
The name of the protocol used for the connection.
Local Address
The name (or IP address) and port number (or descriptor) for the connection on the local machine. An asterisk means that the port has not yet been established.
Foreign Address
The name (or IP address) and port number (or descriptor) for the connection on the remote machine. An asterisk means that the port has not yet been established.
State
The connection state (TCP only). This is typically either:
LISTEN
TCP is waiting for a connection at this port.
ESTABLISHED
An active TCP connection has been established at this port.
If the state is any of the following, the TCP/IP connection is in the process of being established or torn down using a three-way TCP handshake:
TCP/IP