Netstat is a Command utility Prompt which allows you to monitor your network and active internet connections.
The Netstat command in the Windows Command Prompt is very basic and all advanced users should have a good understanding of its use. In addition to helping you monitor your internal network (intranet) it provides you with information about active connections on the external network (internet).
It provides a quick way to see all open ports, active connections, network services running on your system, which .exe archives they talk on the internet, which IPs you are connected to and other technical details that are very useful when it comes to the security of your computer.
netstat exists as a command as well on Windows (via Command Prompt) and on Linux (via ternimal). It does the same job of providing information about the network, although it is compiled with slightly different switches.
We in this article will do an analysis of netstat for Windows 10 and 11 operating system.
What does the Netstat command do?
The netstat command provides information only and does not perform any actions or tasks that change computer data. In other words, it is purely a monitoring order.
It is mainly used by IT specialists or network troubleshooters and when run, it displays a list of active TCP connections, ports that are open, statistics of Ethernet connection, the addresses and ports used by your system and more.
Simply put, this command allows you to see which network connections are active and which applications are using them in the background at any given time.
The above makes it a capable tool to indicate to you any suspicious connections from unknown applications or services.
How Netstat is compiled
The netstat command is only accessible from the command line. Because some of its features require administrative rights, it is best to open a Command Prompt window with administrative rights. And since netstat is only monitoring, you don't have to worry about messing up your computer settings.
Step 1: (Only if you don't know how to open a Command Prompt window with administrator rights). In Windows 10, right-click the Taskbar and then click “Taskbar (Admin)”.
In Windows 11, navigate to All apps, find the “Terminal” app, right-click on it, and select “More > Run as administrator”.
A Command Prompt window with administrative privileges will open.
Step 2: At the command line, type netstat and press Enter. The command, upon execution, will produce a list of active connections along with their status.
The netstat command is compiled with several switches (parameters) which you can see if you issue the command netstat /?. Let's look at some useful parameters you can use.
Useful parameters of Netstat
Parameters or switches are symbols placed at the end of the command that allow you to modify what the netstat command displays.
When you use a parameter in the form “netstat -parameter”, it helps you to view detailed information about the traffic and different connections in a local network.
Let's look at some useful netstat parameters to get more specific and filtered information from netstat:
netstat -a: Shows all running TCP and UDP connections and listening ports. Failed login attempts will also be displayed.
netstat -b: The -b parameter displays the executable files (.EXE) involved in creating each connection or doorof listening. It is primarily useful for those involved in network troubleshooting on a Windows server.
netstat -e: If you are using an Ethernet connection instead of Wi-Fi, the -e parameter can show you detailed Ethernet statistics, such as connection speed, total bytes sent/received, and some other technical statistics.
netstat -o: Suppose you installed an app (from an untrusted website), in that case, you can check whether the app is doing something suspicious with the connection or not.
This is because the -o parameter displays the Process ID (PID) of each connection that you can map from Task Manager.
netstat -s: Displays statistics from a protocol such as packets sent/received, errorthe, dropped packets, etc. It's useful if you want to understand protocol-based bandwidth usage.
You can, if you want, insert more than one switch that will work together. . For example, netstat -es will show you Ethernet network details along with protocol-based bandwidth usage in a single view.
More generally:
Unlike utilities that you need to download separately, the netstat command is ready to use at the command line in all versions of Windows. This makes it the go-to tool for taking a snapshot of your network status, right from your computer.
Plus, from checking incoming and outgoing connections to detecting potential malicious activity, you can easily use it even if you're not a network expert.
