Netstat is a built in command line tool that provides you with information about TCP connections, network statistics and IP routing table. As it is built in, there is nothing to download. It is in all recent versions of Windows. Under Windows Vista and Windows 7 you may have to run some commands in an elevated command prompt.
To view network connections, listening ports and so on, netstat is one of the best utility which is available for both Windows and Linux OS.
Also Read: 10 cool Netstat Commands (For Linux)
For Example, you can see the programs listening on TCP ports by issuing the command (netstat -antp). Ports are simply software based network sockets that listen on the network to allow remote systems to interact with programs on a system.
Example 1 – With the following command, you can easily find out all established connections from/to your windows machine.
Command: netstat | findstr ESTABLISHED
Similarly, if you want to display only CLOSE_WAIT connections then the command is:
Command: netstat | findstr CLOSE_WAIT
CLOSE_WAIT indicates that the server has received the first FIN signal from the client and the connection is in the process of being closed
And for TIME_WAIT, the command is:
Command: netstat | findstr TIME_WAIT
TIME_WAIT indicates that the client recognizes the connection as still active but not currently being used.
Other states –
- CLOSED – Indicates that the server has received an ACK signal from the client and the connection is closed
- FIN_WAIT_1 – Indicates that the connection is still active but not currently being used
- FIN_WAIT_2 – Indicates that the client just received acknowledgment of the first FIN signal from the server
- LAST_ACK – Indicates that the server is in the process of sending its own FIN signal
- LISTENING – Indicates that the server is ready to accept a connection
- SYN_RECEIVED – Indicates that the server just received a SYN signal from the client
- SYN_SEND – Indicates that this particular connection is open and active
Example 2 – With the help of -s option, you can view all the statistics information like Received packets, Header errors, Discard packets etc.
Command: netstat -s
By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default.
From above output, you can easily filter out specific string based results as shown below:
Command: netstat -s | findstr Errors
Example 3 – With -r option, you can see all the information related to routing table.
Command: netstat -r
Example 4 – If you want to view the status of all interfaces and Ethernet statistics then you can use the following command:
Command: netstat -e
Example 5 – To display FQDN (Fully Qualified Domain Names) for foreign addresses, then the command is:
Command: netstat -f
And in case, if you want to filter out only ESTABLISHED Connections then the command is:
You may also like:Command: netstat -f | findstr ESTABLISHED
- CTEM – A Strategic Approach to Mitigating Cyber Risks
- AI in Penetration Testing – Revolutionizing Security Assessments
- Protecting Your Organization from AI-Enhanced Social Engineering Attacks
- The Rise of AI-Powered Cyber Attacks in 2025
- Top 5 Penetration Testing Methodologies to Follow in 2025
- Top 10 Penetration Testing Tools Every Security Professional Should Know in 2025
- Emerging Trends in Vulnerability Assessment and Penetration Testing (VAPT) for 2025
- The Role of Cybersecurity in Protecting IoT Devices in 2025
- Understanding the Five Phases of Penetration Testing
- Top 20 Cybersecurity Career Options