Netstat
Netstat displays protocol statistics and current TCP/IP connections. From a command prompt, type Netstat -a to display all connections and listening ports. Type netstat -r to display the contents of the IP routing table and any persistent routes. The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution. The netstat -s option shows all protocol statistics. The netstat-p < protocol > option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified. The -e switch displays interface statistics. Sample output for the netstat -e command is shown here:
C:\>netstat -e
Interface Statistics
Received Sent
Bytes 372959625 123567086
Unicast packets 134302 145204
Non-unicast packets 55937 886
Discards 0 0
Errors 0 0
Unknown protocols 1757381
Discards are the packets received that contained errors or could not be processed. Errors indicate packets that are damaged, including packets sent by the local computer that were damaged while in the buffer.
Both of these types of errors should be at or near zero. If not, errors in the Sent column indicate that the local network might be overloaded or that there might be a bad physical connection between the local host and the network. High errors and discards in the Receive column indicate an overloaded local net, an overloaded local host, or a physical problem with the network.
The following output shows a sample report for the netstat -a -n command.
C:\>netstat -a -n
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:42 0.0.0.0:0 LISTENING
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1038 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1041 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1048 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING
TCP 10.99.99.1:53 0.0.0.0:0 LISTENING
TCP 10.99.99.1:139 0.0.0.0:0 LISTENING
TCP 10.99.99.1:389 10.99.99.1:1092 ESTABLISHED
TCP 10.99.99.1:1092 10.99.99.1:389 ESTABLISHED
TCP 10.99.99.1:3604 10.99.99.1:135 TIME_WAIT
TCP 10.99.99.1:3605 10.99.99.1:1077 TIME_WAIT
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:1087 *:*
UDP 10.99.99.1:53 *:*
UDP 10.99.99.1:137 *:*
UDP 10.99.99.1:138 *:*
The number after the colon indicates which port number each connection is using. For a complete port reference list, see the appendix "TCP and UDP Port Assignments" in this book.
The following output shows the TCP, IP, ICMP, and UDP statistics for the local host.
D:\>netstat -s
IP Statistics
Packets Received = 3175996
Received Header Errors = 0
Received Address Errors = 38054
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 3142564
Output Requests = 3523906
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
ICMP Statistics
Received Sent
Messages 462 33
Errors 0 0
Destination Unreachable 392 4
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenchs 0 0
Redirects 0 0
Echos 1 22
Echo Replies 12 1
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
TCP Statistics
Active Opens = 12164
Passive Opens = 12
Failed Connection Attempts = 79
Reset Connections = 11923
Current Connections = 1
Segments Received = 2970519
Segments Sent = 3505992
Segments Retransmitted = 18
UDP Statistics
Datagrams Received = 155620
No Ports = 16578
Receive Errors = 0
Datagrams Sent = 17822
Table 3.7 summarizes the switches available for use with Netstat.
Table 3.7 Netstat Switches
Switch |
Function |
---|---|
-a |
Displays all connections and listening ports. |
-r |
Displays the contents of the routing table. |
-n |
Speeds execution by telling Netstat not to convert addresses and port numbers to names. |
-s |
Shows per-protocol statistics for IP, ICMP, TCP, and UDP. |
-p < protocol > |
Shows connection information for the specified protocol. The protocol can be TCP, UDP, or IP. When used with the -s option, shows statistics for the specified protocol. In this case, the protocol can be TCP, UDP, IP, or ICMP. |
-e |
Shows Ethernet statistics, and can be combined with -s. |
Interval |
Shows a new set of statistics each interval (in seconds). You can stop the redisplaying of Netstat statistics by typing CTRL-C. Without specifying an interval, Netstat shows the statistics once. |