Tech Articles

Top 5 Useful Netstat Commands on Windows

Netstat is a built in command line tool that provides you with information about TCP connections, network statistics and IP routing table. As it is built in, there is nothing to download. It is in all recent versions of Windows. Under Windows Vista and Windows 7 you may have to run some commands in an elevated command prompt.

To view network connections, listening ports and so on, netstat is one of the best utility which is available for both Windows and Linux OS.

Also Read: 10 cool Netstat Commands (For Linux)

For Example, you can see the programs listening on TCP ports by issuing the command (netstat -antp). Ports are simply software based network sockets that listen on the network to allow remote systems to interact with programs on a system.

Example 1 – With the following command, you can easily find out all established connections from/to your windows machine.

Command: netstat | findstr ESTABLISHED

Similarly, if you want to display only CLOSE_WAIT connections then the command is:

Command: netstat | findstr CLOSE_WAIT

CLOSE_WAIT indicates that the server has received the first FIN signal from the client and the connection is in the process of being closed

And for TIME_WAIT, the command is:

Command: netstat | findstr TIME_WAIT

TIME_WAIT indicates that the client recognizes the connection as still active but not currently being used.

Other states – 

  • CLOSED – Indicates that the server has received an ACK signal from the client and the connection is closed
  • FIN_WAIT_1 – Indicates that the connection is still active but not currently being used
  • FIN_WAIT_2 – Indicates that the client just received acknowledgment of the first FIN signal from the server
  • LAST_ACK – Indicates that the server is in the process of sending its own FIN signal
  • LISTENING – Indicates that the server is ready to accept a connection
  • SYN_RECEIVED – Indicates that the server just received a SYN signal from the client
  • SYN_SEND – Indicates that this particular connection is open and active

Example 2 – With the help of -s option, you can view all the statistics information like Received packets, Header errors, Discard packets etc.

Command: netstat -s

By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default.

From above output, you can easily filter out specific string based results as shown below:

Command: netstat -s | findstr Errors

Example 3 – With -r option, you can see all the information related to routing table.

Command: netstat -r

Example 4 – If you want to view the status of all interfaces and Ethernet statistics then you can use the following command:

Command: netstat -e

Example 5 – To display FQDN (Fully Qualified Domain Names) for foreign addresses, then the command is:

Command: netstat -f

And in case, if you want to filter out only ESTABLISHED Connections then the command is:

Command: netstat -f | findstr ESTABLISHED

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.



Subscribe to Our Newsletter and Get Instant Delivered to Your Email Inbox.

We respect your privacy and take protecting it seriously.

Leave a Reply