Netstat
Netstat is a program used to see what protocols, local and remote ports your computer is using and open to the Internet. Netstat can also be used to find your own IP address
To get to netstat in windows 98/2000 and Xp
Click on start\programs\Accessories then click on command prompt
When the command prompt opens, it brings up a black box and what you will see on the screen is the following
Yours will be different if you use windows 2000 or 98 the switches listed below will work on all of them
Microsoft Windows Xp [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\>Documents and settings\User _
Or
Microsoft Windows 2000 [Version 5.00.2195 ]
(C) copyright 1995-2000 Microsoft Corp.
C:\>_
Looks boring huh well lets give it something to do
Netstat uses these following Switches [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]
(To bring this help screen up at the comand prompt type Netstat ? and this will bring up the list you see below)
I will explain what each one does
Code:
-a Shows all connections and listening ports.
-e Shows Ethernet sending and receiving
-n Shows addresses and port numbers in a series of numbers
-o shows the owner process Identfication Linked with each connection.
-p proto shows the connections for the protocol specified by proto
Proto may be TCP or UDP, If it is used with the -s switch it will show the protocol Results
-r shows the routing table.
-s Displays per-protocol results. by default the results are
Shown for IP, IPv6, ICMP, TCP, UDP
The -p option may be used to specify a subset of the default.
Interval This refreshes selected results, pausing for a specified number of seconds
Example Netstat –a 10
this will refresh the display every 10 seconds Between the next display to stop refreshing the results. Press CTRL+C
The following ports that you will see on your screen may be different because of various programs you may have running at the time. The foreign addresses are blank due to the fact that this session of netstat was run while off line
TCP stands for Transmission Control Protocol is one of the main protocols in TCP/IP networks. Tcp enables two hosts to make a connection and exchange streams of data. TCP guarantees delivery of data and makes sure that packets will be delivered in the same order in which they were sent
UDP stands for User Datagram Protocol is a connectionless protocol that runs on top of IP networks, UDP/IP gives very few error recovery services, it instead provides a direct way to send and receive datagrams over an IP network.
The name proto is short for protocol this shows you what protocol(s) that is currently being used by the open socket
The local address is the name of the computer that you are using
The foreign address contains the web site you are currently connected to
The state tells you what the status of the connection is
This is a list of States and their definitions
Code:
State What it means
Closed No connection is between your computer and the remote host
Closing Your computer and the computer you have connected to have agreed to close the connection
close_wait The remote computer has started to close the connection
Established There is a connection between you and the remote computer
Fin_wait 1 The software program using the connection has finished using the connection
Fin_wait 2 The remote computer has started to close the connection
Last ack The connection is waiting for all of the data packets
Listen Your computer is listening for a connection
Sin received The remote computer is sending you a request for a connection
Sin sent Your computer has started to open the connection
Last ack It is the same as last the ack
The first switch is –A and this is what is displayed
Microsoft Windows XP
[Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\User>netstat -a
Active connections
Code:
Proto local address foreign address state
TCP computername;epmap computername:0 Listening
tcp computername;microsoft-ds computername:0 listening
tcp computername;1025 computername:0 listening
tcp computername;1028 computername:0 listening
tcp computername;5000 computername:0 listening
tcp computername;3001 computername:0 listening
tcp computername;3002 computername:0 listening
tcp computername;3003 computername:0 listening
tcp computername:netbios-ssn computername:0 listening
udp computername:epmap *.*
udp computername:microsoft-ds *.*
udp computername:isakmp *.*
udp computername:1026 *.*
udp computername:3028 *.*
C:\Documents and Settings\User>netstat -e
Interface Statistics
Code:
Received Sent
Bytes 3593608 401754
Unicast packets 4538 4026
Non-unicast packets 608 166
Discards 0 0
Errors 0 7
Unknown protocols 33 0
C:\Documents and Settings\user>Netstat -s
IPv4 Statistics
Code:
Packets Received = 5101
Received Header Errors = 0
Received Address Errors = 9
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 567
Received Packets Delivered = 4534
Output Requests = 4185
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
ICMPv4 Statistics
Received Sent
Messages .....................1 4
Errors .......................0 0
Destination Unreachable.......1 1
Time Exceeded.................0 0
Parameter Problems............0 0
Source Quenches...............0 0
Redirects.....................0 0
Echos.........................0 3
Echo Replies..................0 0
Timestamps ...................0 0
Timestamp Replies.............0 0
Address Masks.................0 0
Address Mask Replies..........0 0
TCP Statistics for IPv4
Active Opens = 266
Passive Opens = 0
Failed Connection Attempts = 3
Reset Connections = 75
Current Connections = 0
Segments Received = 3449
Segments Sent = 2935
Segments Retransmitted = 9
UDP Statistics for IPv4
Datagrams Received = 1080
No Ports = 5
Receive Errors = 0
Datagrams Sent = 1234
This next Switch is –r
C:\Documents and Settings\user>netstat -r
Route Table
==================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 ef aa db ...... Intel(R) PRO/100 M Network Connection - Packet
Scheduler Miniport
==================================================
These numbers below are random numbers that I am using as an example
==================================================
Active Routes:
Code:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 145.163.0.1 163.24.133.2 30
134.0.0.0 255.0.0.0 124.0.0.1 124.0.0.1 1
158.134.0.0 255.255.255.0 169.172.0.2 169.172.0.2 30
158.134.0.2 255.255.255.255 124.0.0.1 138.0.0.1 30
158.134.0.255 255.255.255.255 158.134.0.3 146.134.0.3 30
265.0.0.0 265.0.0.0 158.134.0.3 146.134.0.1 30
255.255.255.255 255.255.255.255 158.134.0.3 158.168.0.1 1
Default Gateway: 163.24.133.2
============================================
Persistent Routes:
None
Thank you for reading this.