Netstat


Netstat is a program used to see what protocols, local and remote ports your computer is using and open to the Internet. Netstat can also be used to find your own IP address
To get to netstat in windows 98/2000 and Xp
Click on start\programs\Accessories then click on command prompt

When the command prompt opens, it brings up a black box and what you will see on the screen is the following
Yours will be different if you use windows 2000 or 98 the switches listed below will work on all of them

Microsoft Windows Xp [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>Documents and settings\User _
Or
Microsoft Windows 2000 [Version 5.00.2195 ]
(C) copyright 1995-2000 Microsoft Corp.

C:\>_


Looks boring huh well lets give it something to do

Netstat uses these following Switches [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]
(To bring this help screen up at the comand prompt type Netstat ? and this will bring up the list you see below)
I will explain what each one does
Code:
  -a            Shows all connections and listening ports.
  -e            Shows Ethernet sending and receiving
  -n            Shows addresses and port numbers in a series of numbers
  -o            shows the owner process Identfication Linked with each connection.
  -p            proto shows the connections for the protocol specified by proto
                Proto may be TCP or UDP, If it is used with the -s switch it will show the protocol Results    
  -r            shows the routing table.
  -s            Displays per-protocol results. by default the results are
                Shown for IP, IPv6, ICMP, TCP, UDP
                The -p option may be used to specify a subset of the default.
Interval   This refreshes selected results, pausing for a specified number of seconds
 Example Netstat –a 10                
this will refresh the display every 10 seconds Between the next display to stop refreshing the results. Press CTRL+C
The following ports that you will see on your screen may be different because of various programs you may have running at the time. The foreign addresses are blank due to the fact that this session of netstat was run while off line

TCP stands for Transmission Control Protocol is one of the main protocols in TCP/IP networks. Tcp enables two hosts to make a connection and exchange streams of data. TCP guarantees delivery of data and makes sure that packets will be delivered in the same order in which they were sent

UDP stands for User Datagram Protocol is a connectionless protocol that runs on top of IP networks, UDP/IP gives very few error recovery services, it instead provides a direct way to send and receive datagrams over an IP network.

The name proto is short for protocol this shows you what protocol(s) that is currently being used by the open socket
The local address is the name of the computer that you are using
The foreign address contains the web site you are currently connected to
The state tells you what the status of the connection is
This is a list of States and their definitions

Code:
State				What it means

Closed		No connection is between your computer and the remote host
Closing 		Your computer and the computer you have connected to have agreed to close the connection
close_wait	The remote computer has started to close the connection
Established	There is a connection between you and the remote computer
Fin_wait 1	The software program using the connection has finished using the connection
Fin_wait 2 	The remote computer has started to close the connection
Last ack 		The connection is waiting for all of the data packets
Listen		Your computer is listening for a connection
Sin received	The remote computer is sending you a request for a connection
Sin sent		Your computer has started to open the connection
Last ack		It is the same as last the ack
The first switch is –A and this is what is displayed

Microsoft Windows XP
[Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\User>netstat -a

Active connections
Code:
Proto                     local address                 foreign address                    state
TCP                     computername;epmap              computername:0                    Listening
tcp                     computername;microsoft-ds       computername:0                    listening
tcp                     computername;1025               computername:0                    listening
tcp                     computername;1028               computername:0                    listening
tcp                     computername;5000               computername:0                    listening 
tcp                     computername;3001               computername:0                    listening
tcp                     computername;3002               computername:0                    listening
tcp                     computername;3003               computername:0                    listening
tcp                     computername:netbios-ssn        computername:0                    listening
udp                     computername:epmap                 *.*
udp                     computername:microsoft-ds          *.*
udp                     computername:isakmp                *.*
udp                     computername:1026                  *.*
udp                     computername:3028                  *.*
C:\Documents and Settings\User>netstat -e
Interface Statistics
Code:
                  Received      Sent
Bytes             3593608       401754
Unicast packets    4538         4026
Non-unicast packets 608         166
Discards             0          0
Errors               0          7
Unknown protocols    33         0
C:\Documents and Settings\user>Netstat -s

IPv4 Statistics
Code:
  Packets Received                = 5101
  Received Header Errors          = 0
  Received Address Errors         = 9
  Datagrams Forwarded             = 0
  Unknown Protocols Received      = 0
  Received Packets Discarded      = 567
  Received Packets Delivered      = 4534
  Output Requests                 = 4185
  Routing Discards                = 0
  Discarded Output Packets        = 0
  Output Packet No Route          = 0
  Reassembly Required             = 0
  Reassembly Successful           = 0
  Reassembly Failures             = 0
  Datagrams Successfully Fragmented  = 0
  Datagrams Failing Fragmentation    = 0
  Fragments Created                  = 0
ICMPv4 Statistics
                             Received    Sent
  Messages .....................1        4
  Errors .......................0        0
  Destination Unreachable.......1        1
  Time Exceeded.................0        0
  Parameter Problems............0        0
  Source Quenches...............0        0
  Redirects.....................0        0
  Echos.........................0        3
  Echo Replies..................0        0
  Timestamps ...................0        0
  Timestamp Replies.............0        0
  Address Masks.................0        0
  Address Mask Replies..........0        0
TCP Statistics for IPv4
  Active Opens = 266
  Passive Opens  = 0
  Failed Connection Attempts  = 3
  Reset Connections  = 75
  Current Connections = 0
  Segments Received  = 3449
  Segments Sent    = 2935
  Segments Retransmitted = 9
UDP Statistics for IPv4

  Datagrams Received = 1080
  No Ports         = 5
  Receive Errors = 0
  Datagrams Sent = 1234

This next Switch is –r

C:\Documents and Settings\user>netstat -r

Route Table
==================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 ef aa db ...... Intel(R) PRO/100 M Network Connection - Packet
Scheduler Miniport
==================================================
These numbers below are random numbers that I am using as an example
==================================================
Active Routes:
Code:
Network Destination           Netmask               Gateway             Interface       Metric
          0.0.0.0              0.0.0.0           145.163.0.1            163.24.133.2      30
        134.0.0.0            255.0.0.0             124.0.0.1            124.0.0.1         1
      158.134.0.0            255.255.255.0         169.172.0.2        169.172.0.2        30
      158.134.0.2            255.255.255.255       124.0.0.1           138.0.0.1         30
    158.134.0.255           255.255.255.255       158.134.0.3         146.134.0.3        30
        265.0.0.0           265.0.0.0            158.134.0.3          146.134.0.1        30
  255.255.255.255          255.255.255.255        158.134.0.3         158.168.0.1        1
Default Gateway:       163.24.133.2
============================================
Persistent Routes:
  None
Thank you for reading this.