Netstat (Network Statistics) is a command line tool used to monitor and troubleshoot computer network problems. This tool shows you all the connections of your device in as much detail as you need.
With Netstat, you can see all your connections, ports and their statistics. This information is valuable in setting up or correcting your connectivity. This article will introduce you to the Netstat command and the main parameters for filtering information that appears about your connections.
|Use the Netstat command to troubleshoot network problems|
We will explore the following topics in this section:
- How to use the Netstat command.
- Use the netstat parameters to filter the information.
- Netstat parameter combination.
Join us to explore the above issues to help you better understand this tool and learn how to use it to troubleshoot your network.
|1] How to use the netstat command|
Right-click the Start button and look for the Command Prompt. Open the command prompt with elevated rights by right-clicking on "Command Prompt (Administrator)".
In the Command Prompt window, run Netstat by typing the following command and pressing ENTER:
If you are new to networking, you may not understand what columns mean.
Therefore: The network protocol. It could be either TCP or UDP.
Local address: Your computer's IP addresses and network ports for these local connections.
Foreign Address: The IP addresses and port names of the remote devices you are connecting to.
State: Indicates the connection status. For example, find out if connections are active or closed.
The netstat command shows you your active connections and their details. However, you will notice that the Foreign Address column shows the IP address and port name.
To display the port port numbers instead of the names, use the following command:
In addition, the system can be disconnected or connected to networks, and network details can change from time to time. Therefore, we can use the following command to refresh the netstat network details at intervals using this command:
netstat -n 5
To stop the process, press CTRL + C.
NOTE: The 5 in the above command renews the command every 5 seconds. You can modify this value if you want to increase or decrease the time period.
|2] Use the netstat parameters to filter information|
The netstat command is a powerful command that can show you every detail about your device connections. Let's explore the following most commonly used netstat parameters to find specific network details.
- Show active and inactive connections
See the links that are active and inactive
- Display application information
See a list of all applications related to connections.
- View network adapter statistics
Display statistics for incoming and outgoing network packets.
- Display fully recognized foreign domain name (FQDNS)
If you do not want to see port numbers or names, the following netstat parameter will display the fully recognized domain names of your addresses in the foreign addresses.
- Show port numbers instead of names
Change the port names of foreign addresses to port numbers.
- Display of the process ID
Similar to netstat, and has an extra column for the Process Identifier (PID) of each connection.
- Filter connections by protocol
Display the connections for the protocol you specify - UDP, TCP, tcpv6 or udpv6.
netstat -p udp
NOTE: You need to change the udp partition in whichever protocol you want to view.
- View non-listening and listening port without listening and registration
Show your connections and listening ports, not ports that are not connected.
- Grouping statistics by protocol
Categorization of networks with available protocols - UDP, TCP, ICMP, IPv4 and IPv6.
- Show routing table
Display the routing table of your current network. Lists every route to a destination and matrix available on your system. Similar to the command route print.
- Show offload connections
Display list of connections with offload status.
- See NetworkDirect connections
Displays all NetworkDirect connections.
- Template connection templates
Show the templates of your network TCP connections.
|3] Netstat parameter combination|
You can further filter the parameters of the Netstat command to show you information about your connections in any way you want. From the above commands, you can add a second parameter to display a combined view.
For example, you can combine switches -s and -e to view statistics for each protocol. This way, you can combine other parameters to get the results you want.
When mixing multiple parameters in the Netstat command, you do not need to include two dashes (-). You can use a hyphen (-) and add parameter letters without a second hyphen.
For example, instead of typing the following command:
netstat -s -e
You can write it as:
If you forget the settings, a quick way to remember them is to ask netstat for help. Just run the following command:
To stop any operation of the netstat command at any time, press CTRL + C at the same time.