Netstat

c
Netstat is a versatile tool catered for the windows platform by means of the MS-DOS (now a days referred to as
"Command Prompt") command line.

The main use of this command is for the quick overview of active ports on your machine and their status, i.e. listening
and connected ports, types of ports, and on UNIX, any open streams and a lot of other useful information. This helps
the user by notifying he/she which ports are open, which are closed and/or listening for incoming connections which
can give you an accurate assumption of how vulnerable your PC is to attacks on the respective ports.
C:\Documents and Settings\Home>netstat /?
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:

IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
C:\Documents and Settings\Home>netstat /a
Active Connections
Proto Local Address Foreign Address State
TCP Nida:http Nida:0 LISTENING
TCP Nida:epmap Nida:0 LISTENING
TCP Nida:https Nida:0 LISTENING
TCP Nida:microsoft-ds Nida:0 LISTENING
TCP Nida:13621 Nida:0 LISTENING
TCP Nida:1028 localhost:1029 ESTABLISHED



TCP Nida:netbios-ssn Nida:0 LISTENING
TCP Nida:1072 dynamic-114-69-54-138.vips.gol.ne.jp:34738 ESTA
BLISHED
TCP Nida:1117 58.27.86.218:http ESTABLISHED
TCP Nida:1181 212.161.8.4:12350 ESTABLISHED
TCP Nida:1187 www-13-02-snc5.facebook.com:http ESTABLISHED
TCP Nida:1193 channel-126-131.01.snc6.tfbnw.net:http ESTABLIS
HED
TCP Nida:1239 CPE001c2582eac2-CM001a668b6f06.cpe.net.cable.rog
ers.com:58955 FIN_WAIT_1
TCP Nida:1326 by2msg4020816.phx.gbl:http ESTABLISHED

TCP Nida:1386 ir1.fp.vip.re1.yahoo.com:http CLOSE_WAIT
UDP Nida:https *:*
UDP Nida:microsoft-ds *:*
UDP Nida:isakmp *:*
UDP Nida:1025 *:*
UDP Nida:1061 *:*
UDP Nida:1062 *:*
UDP Nida:1063 *:*
UDP Nida:1064 *:*
UDP Nida:1065 *:*
UDP Nida:1066 *:*
UDP Nida:1256 *:*
UDP Nida:4500 *:*
UDP Nida:13621 *:*
UDP Nida:37998 *:*
UDP Nida:ntp *:*
UDP Nida:1027 *:*
UDP Nida:1060 *:*

UDP Nida:1093 *:*
UDP Nida:1119 *:*
UDP Nida:1141 *:*
UDP Nida:1900 *:*
UDP Nida:ntp *:*
UDP Nida:netbios-ns *:*
UDP Nida:netbios-dgm *:*
UDP Nida:1900 *:*
UDP Nida:netbios-ns *:*
UDP Nida:netbios-dgm *:*
UDP Nida:1900 *:*

The first switch, a, is used as the syntax below:
p
This command lists all active connections including listening ports
C:\Documents and Settings\Home>netstat /b
Active Connections
Proto Local Address Foreign Address State PID
TCP Nida:1028 localhost:1029 ESTABLISHED 276
[YahooMessenger.exe]
[YahooMessenger.exe]
[registrybooster.exe]
[chrome.exe]
[chrome.exe]
[chrome.exe]
[chrome.exe]
[chrome.exe]
[AvastSvc.exe]
[AvastSvc.exe]
[AvastSvc.exe]
[AvastSvc.exe]
[AvastSvc.exe]
BLISHED 456
[Skype.exe]
TCP Nida:1117 58.27.86.218:http ESTABLISHED 1028
c:\windows\system32\WS2_32.dll
c:\windows\system32\WINHTTP.dll
[svchost.exe]
TCP Nida:1181 212.161.8.4:12350 ESTABLISHED 456
[Skype.exe]
1492
[AvastSvc.exe]
TCP Nida:1326 by2msg4020816.phx.gbl:http ESTABLISHED 1492
[AvastSvc.exe]
HED 1492
[AvastSvc.exe]
[Skype.exe]
[Skype.exe]
TCP Nida:1414 74.125.232.140:http CLOSE_WAIT 1492
[AvastSvc.exe]
TCP Nida:1416 ww-in-f102.1e100.net:http CLOSE_WAIT 1492
[AvastSvc.exe]
TCP Nida:1410 58.27.86.114:http TIME_WAIT 0
TCP Nida:1412 a96-17-180-144.deploy.akamaitechnologies.com:htt
p TIME_WAIT 0
Switch e
C:\Documents and Settings\Home>netstat /e
Interface Statistics
Received Sent
Bytes 62021302 9581078
Unicast packets 73128 60872
Non-unicast packets 114 109
Discards 0 0
Errors 0 0
Unknown protocols 30
u
The e switch is a bit more complicated, this lists the statistics of your internet connection, including how many packets
were sent, recieved or how many bytes were recieved for example.
Switch n
C:\Documents and Settings\Home>netstat /n
Active Connections
TCP 127.0.0.1:1028 127.0.0.1:1029 ESTABLISHED
TCP 127.0.0.1:1029 127.0.0.1:1028 ESTABLISHED
TCP 127.0.0.1:1430 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:1434 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:1446 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:1448 127.0.0.1:10435 ESTABLISHED
TCP 127.0.0.1:10435 127.0.0.1:1448 ESTABLISHED
TCP 127.0.0.1:12080 127.0.0.1:1430 ESTABLISHED
TCP 127.0.0.1:12080 127.0.0.1:1434 ESTABLISHED
TCP 127.0.0.1:12080 127.0.0.1:1446 ESTABLISHED
TCP 192.168.1.2:1072 114.69.54.138:34738 ESTABLISHED
TCP 192.168.1.2:1181 212.161.8.4:12350 ESTABLISHED
TCP 192.168.1.2:1431 66.220.151.77:80 ESTABLISHED
TCP 192.168.1.2:1435 66.220.158.11:80 ESTABLISHED
TCP 192.168.1.2:1447 207.46.125.63:80 ESTABLISHED
The characters under the title "Proto" indicate the protocol type, in this case the only connections present include
TCP which means that you and the remote host are communicating via TCP.
The local address specifies the name of your computer on the network along with the port number you are using to
recieve connections which is randomly generated.
The foreign address lists the remote host's name and the port they are using to initiate the connection.
The state of the connection indicates exactly what it says, the state of the connection between a remote system and
yours. Below lists all of the possible states of connection.

The n switch is also fairly easy to understand, this lists all connections and remote computers in numerical form, this
being in IP form. For example if you are connected to IRC and you would like to view the server in numerical form, for
whatever reason that may be, you can use the n switch and it will transform the web address of it into an IP.
R
.C:\Documents and Settings\Home>netstat /o

Active Connections
Proto Local Address Foreign Address State PID
TCP Nida:1072 dynamic-114-69-54-138.vips.gol.ne.jp:34738 ESTABLISHED 456
TCP Nida:1447 by2msg4020816.phx.gbl:http ESTABLISHED 1492
TCP Nida:1516 www-13-02-snc5.facebook.com:http ESTABLISHED 1492
TCP Nida:1520 channel-126-131.01.snc6.tfbnw.net:http ESTABLISHED 1492
TCP Nida:1560 74.125.232.143:http CLOSE_WAIT 1492

TCP Nida:1562 wy-in-f100.1e100.net:http CLOSE_WAIT 1492

This switch lists active connections, combined with its PID (Process Identification Number)
R
C:\Documents and Settings\Home>netstat /r
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
66.220.149.32 255.255.255.255 192.168.1.1 192.168.1.2 25
66.220.151.77 255.255.255.255 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 25
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 25
207.46.125.63 255.255.255.255 192.168.1.1 192.168.1.2 25
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 25
255.255.255.255 255.255.255.255 192.168.1.2 3 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================D

The r switch lists information for your ethernet card, netmask, gateway, network destination, etc.
Switch s
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Home>netstat /s
IPv4 Statistics
Packets Received = 89931
Received Header Errors =0
Received Address Errors = 66
Datagrams Forwarded =0
Unknown Protocols Received =0
Received Packets Discarded =5
Received Packets Delivered = 89926
Output Requests = 79837
Routing Discards =0
Discarded Output Packets =0
Output Packet No Route =0
Reassembly Required =0
Reassembly Successful =0
Reassembly Failures =0
Datagrams Successfully Fragmented = 0

Datagrams Failing Fragmentation = 0
Fragments Created =0
ICMPv4 Statistics
Received Sent
Messages 606 36
Errors 0 0
Destination Unreachable 570 1
Time Exceeded 14 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echos 0 35
Echo Replies 22 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
TCP Statistics for IPv4
Active Opens = 515
Passive Opens = 158
Failed Connection Attempts = 60

Reset Connections = 150
Current Connections = 15
Segments Received = 65284
Segments Sent = 51377
Segments Retransmitted = 494
UDP Statistics for IPv4
Datagrams Received = 24641
No Ports =2
Receive Errors =0
Datagrams Sent = 27957
C:\Documents and Settings\Home>
Switch v
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Home>netstat /v
Active Connections
BLISHED
TCP Nida:1181 212.161.8.4:12350 ESTABLISHED
TCP Nida:1447 by2msg4020816.phx.gbl:http ESTABLISHED
HED
C
interval
þ
The interval switch allows you to give your computer a specific time, or interval, inbetween netstat probings of your
active connections.

Netstat

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Netstat

Diunggah oleh

Hak Cipta:

Format Tersedia

c 

C:\Documents and Settings\Home>netstat /?

Displays protocol statistics and current TCP/IP network connections.

-a Displays all connections and listening ports.

-b Displays the executable involved in creating each connection or

listening port. In some cases well-known executables host

multiple independent components, and in these cases the

sequence of components involved in creating the connection

or listening port is displayed. In this case the executable

name is in [] at the bottom, on top is the component it called,

can be time-consuming and will fail unless you have sufficient

-e Displays Ethernet statistics. This may be combined with the -s

-n Displays addresses and port numbers in numerical form.

-o Displays the owning process ID associated with each connection.

-p proto Shows connections for the protocol specified by proto; proto

option to display per-protocol statistics, proto may be any of:

-r Displays the routing table.

-s Displays per-protocol statistics. By default, statistics are

the -p option may be used to specify a subset of the default.

-v When used in conjunction with -b, will display sequence of

components involved in creating the connection or listening

port for all executables.

interval Redisplays selected statistics, pausing interval seconds

between each display. Press CTRL+C to stop redisplaying

statistics. If omitted, netstat will print the current

configuration information once.

C:\Documents and Settings\Home>netstat /a

Proto Local Address Foreign Address State

TCP Nida:http Nida:0 LISTENING

TCP Nida:epmap Nida:0 LISTENING

TCP Nida:https Nida:0 LISTENING

TCP Nida:microsoft-ds Nida:0 LISTENING

TCP Nida:13621 Nida:0 LISTENING

TCP Nida:37998 Nida:0 LISTENING

TCP Nida:1028 localhost:1029 ESTABLISHED

TCP Nida:1055 Nida:0 LISTENING

TCP Nida:1096 localhost:10435 ESTABLISHED

TCP Nida:1138 localhost:10435 ESTABLISHED

TCP Nida:1186 localhost:12080 ESTABLISHED

TCP Nida:1192 localhost:12080 ESTABLISHED

TCP Nida:1325 localhost:12080 ESTABLISHED

TCP Nida:1347 localhost:12080 ESTABLISHED

TCP Nida:1353 localhost:12080 ESTABLISHED

TCP Nida:1354 localhost:12080 ESTABLISHED

TCP Nida:1355 localhost:12080 ESTABLISHED

TCP Nida:1356 localhost:12080 ESTABLISHED

TCP Nida:1357 localhost:12080 ESTABLISHED

TCP Nida:1358 localhost:12080 ESTABLISHED

TCP Nida:1359 localhost:12080 ESTABLISHED

TCP Nida:1360 localhost:12080 ESTABLISHED

TCP Nida:1362 localhost:12080 ESTABLISHED

TCP Nida:1363 localhost:12080 ESTABLISHED

TCP Nida:1364 localhost:12080 ESTABLISHED

TCP Nida:1365 localhost:12080 ESTABLISHED

TCP Nida:1366 localhost:12080 ESTABLISHED

TCP Nida:1381 localhost:12080 ESTABLISHED

TCP Nida:1385 localhost:12080 ESTABLISHED

TCP Nida:5152 Nida:0 LISTENING

TCP Nida:10000 Nida:0 LISTENING

TCP Nida:10435 localhost:1096 ESTABLISHED

TCP Nida:10435 localhost:1138 ESTABLISHED

TCP Nida:12025 Nida:0 LISTENING

c

UDP Nida:https :

UDP Nida:microsoft-ds :

UDP Nida:isakmp :

UDP Nida:1025 :

UDP Nida:1061 :

UDP Nida:1062 :

UDP Nida:1063 :

UDP Nida:1064 :

UDP Nida:1065 :

UDP Nida:1066 :

UDP Nida:1256 :

UDP Nida:4500 :

UDP Nida:13621 :

UDP Nida:37998 :

UDP Nida:ntp :

UDP Nida:1027 :

UDP Nida:1060 :

UDP Nida:1119 :

UDP Nida:1141 :

UDP Nida:1900 :

UDP Nida:ntp :