Results 1 to 8 of 8

Thread: Netstat

  1. #1
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003



    Netstat is a program used to see what protocols, local and remote ports your computer is using and open to the Internet. Netstat can also be used to find your own IP address
    To get to netstat in windows 98/2000 and Xp
    Click on start\programs\Accessories then click on command prompt

    When the command prompt opens, it brings up a black box and what you will see on the screen is the following
    Yours will be different if you use windows 2000 or 98 the switches listed below will work on all of them

    Microsoft Windows Xp [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\>Documents and settings\User _
    Microsoft Windows 2000 [Version 5.00.2195 ]
    (C) copyright 1995-2000 Microsoft Corp.


    Looks boring huh well lets give it something to do

    Netstat uses these following Switches [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]
    (To bring this help screen up at the comand prompt type Netstat ? and this will bring up the list you see below)
    I will explain what each one does
      -a            Shows all connections and listening ports.
      -e            Shows Ethernet sending and receiving
      -n            Shows addresses and port numbers in a series of numbers
      -o            shows the owner process Identfication Linked with each connection.
      -p            proto shows the connections for the protocol specified by proto
                    Proto may be TCP or UDP, If it is used with the -s switch it will show the protocol Results    
      -r            shows the routing table.
      -s            Displays per-protocol results. by default the results are
                    Shown for IP, IPv6, ICMP, TCP, UDP
                    The -p option may be used to specify a subset of the default.
    Interval   This refreshes selected results, pausing for a specified number of seconds
     Example Netstat a 10                
    this will refresh the display every 10 seconds Between the next display to stop refreshing the results. Press CTRL+C
    The following ports that you will see on your screen may be different because of various programs you may have running at the time. The foreign addresses are blank due to the fact that this session of netstat was run while off line

    TCP stands for Transmission Control Protocol is one of the main protocols in TCP/IP networks. Tcp enables two hosts to make a connection and exchange streams of data. TCP guarantees delivery of data and makes sure that packets will be delivered in the same order in which they were sent

    UDP stands for User Datagram Protocol is a connectionless protocol that runs on top of IP networks, UDP/IP gives very few error recovery services, it instead provides a direct way to send and receive datagrams over an IP network.

    The name proto is short for protocol this shows you what protocol(s) that is currently being used by the open socket
    The local address is the name of the computer that you are using
    The foreign address contains the web site you are currently connected to
    The state tells you what the status of the connection is
    This is a list of States and their definitions

    State				What it means
    Closed		No connection is between your computer and the remote host
    Closing 		Your computer and the computer you have connected to have agreed to close the connection
    close_wait	The remote computer has started to close the connection
    Established	There is a connection between you and the remote computer
    Fin_wait 1	The software program using the connection has finished using the connection
    Fin_wait 2 	The remote computer has started to close the connection
    Last ack 		The connection is waiting for all of the data packets
    Listen		Your computer is listening for a connection
    Sin received	The remote computer is sending you a request for a connection
    Sin sent		Your computer has started to open the connection
    Last ack		It is the same as last the ack
    The first switch is A and this is what is displayed

    Microsoft Windows XP
    [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\User>netstat -a

    Active connections
    Proto                     local address                 foreign address                    state
    TCP                     computername;epmap              computername:0                    Listening
    tcp                     computername;microsoft-ds       computername:0                    listening
    tcp                     computername;1025               computername:0                    listening
    tcp                     computername;1028               computername:0                    listening
    tcp                     computername;5000               computername:0                    listening 
    tcp                     computername;3001               computername:0                    listening
    tcp                     computername;3002               computername:0                    listening
    tcp                     computername;3003               computername:0                    listening
    tcp                     computername:netbios-ssn        computername:0                    listening
    udp                     computername:epmap                 *.*
    udp                     computername:microsoft-ds          *.*
    udp                     computername:isakmp                *.*
    udp                     computername:1026                  *.*
    udp                     computername:3028                  *.*
    C:\Documents and Settings\User>netstat -e
    Interface Statistics
                      Received      Sent
    Bytes             3593608       401754
    Unicast packets    4538         4026
    Non-unicast packets 608         166
    Discards             0          0
    Errors               0          7
    Unknown protocols    33         0
    C:\Documents and Settings\user>Netstat -s

    IPv4 Statistics
      Packets Received                = 5101
      Received Header Errors          = 0
      Received Address Errors         = 9
      Datagrams Forwarded             = 0
      Unknown Protocols Received      = 0
      Received Packets Discarded      = 567
      Received Packets Delivered      = 4534
      Output Requests                 = 4185
      Routing Discards                = 0
      Discarded Output Packets        = 0
      Output Packet No Route          = 0
      Reassembly Required             = 0
      Reassembly Successful           = 0
      Reassembly Failures             = 0
      Datagrams Successfully Fragmented  = 0
      Datagrams Failing Fragmentation    = 0
      Fragments Created                  = 0
    ICMPv4 Statistics
                                 Received    Sent
      Messages .....................1        4
      Errors .......................0        0
      Destination Unreachable.......1        1
      Time Exceeded.................0        0
      Parameter Problems............0        0
      Source Quenches...............0        0
      Redirects.....................0        0
      Echos.........................0        3
      Echo Replies..................0        0
      Timestamps ...................0        0
      Timestamp Replies.............0        0
      Address Masks.................0        0
      Address Mask Replies..........0        0
    TCP Statistics for IPv4
      Active Opens = 266
      Passive Opens  = 0
      Failed Connection Attempts  = 3
      Reset Connections  = 75
      Current Connections = 0
      Segments Received  = 3449
      Segments Sent    = 2935
      Segments Retransmitted = 9
    UDP Statistics for IPv4
      Datagrams Received = 1080
      No Ports         = 5
      Receive Errors = 0
      Datagrams Sent = 1234

    This next Switch is r

    C:\Documents and Settings\user>netstat -r

    Route Table
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 07 e9 ef aa db ...... Intel(R) PRO/100 M Network Connection - Packet
    Scheduler Miniport
    These numbers below are random numbers that I am using as an example
    Active Routes:
    Network Destination           Netmask               Gateway             Interface       Metric
            30         30
             30        1
    Default Gateway:
    Persistent Routes:
    Thank you for reading this.

  2. #2
    Senior Member
    Join Date
    Aug 2003
    Thank you for a concise summary...

  3. #3
    Senior Member
    Join Date
    Oct 2003
    I wanted to add 1 thing.............. in the post u will find :: about the PC listening to a port. ::
    If u find ur PC listening to a port could be a trojan.... so I recoment scaning the PC if u find the pc listening to unusual ports......

    even if it is a remote posibilty..... try to find a list of Trogan ports.... & look throu them to C if ur pc is infected..... this is wt the commertial.... Anti-trogan progs do..... it will take u 10min but it will save ya 50$+ on a good anti-trogan

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Not bad...
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

  5. #5
    Junior Member
    Join Date
    Jul 2003
    Thanks 4 the post. Seems like I read a whole bunch of netstat posts and tutorials. Everytime another one comes up, I learn something new.

  6. #6
    Join Date
    Feb 2003
    Hey there Dead Addict.

    Nice Post/Turorial. But a question. I've Windows2k Pro on my machine. Listing netstats help doesn't give me the '-o' option. I get all the rest of the switches, but -o isn't listed. Tried using it, and it shows up as an invalid switch. Anyone has the same problem?

    > Scim <

  7. #7
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    I checked it on my W2k box and I get the same result I am going to do some searching and see if I can find out why Switch -o is removed from netstat

  8. #8
    Join Date
    Feb 2003
    mmm.. I have wanted to know how to use netstat more efficiantly for a while now... Ya musta read my mind when ya posted this thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts