Network Administration: The netstat Command - dummies

Network Administration: The netstat Command

Using the netstat command displays a variety of statistics about a computer’s active TCP/IP connections. It’s a useful tool to use when you’re having trouble with TCP/IP applications, such as File Transfer Protocol (FTP), HyperText Transport Protocol (HTTP), and so on.

Displaying connections

If you run netstat without specifying any parameters, you get a list of active connections. This list shows all the active connections on the computer and indicates the local port used by the connection, as well as the IP address and port number for the remote computer.

C:>netstat
Active Connections
  Proto  Local Address  Foreign Address                  State
  TCP    Doug:1463      192.168.168.10:1053              ESTABLISHED
  TCP    Doug:1582      192.168.168.9:netbios-ssn        ESTABLISHED
  TCP    Doug:3630      192.168.168.30:9100              SYN_SENT
  TCP    Doug:3716      192.168.168.10:4678              ESTABLISHED
  TCP    Doug:3940      192.168.168.10:netbios-ssn       ESTABLISHED
C:>

You can specify the -n switch to display both local and foreign addresses in numeric IP form:

C:>netstat -n
Active Connections
  Proto  Local Address          Foreign Address        State
  TCP    192.168.168.21:1463    192.168.168.10:1053    ESTABLISHED
  TCP    192.168.168.21:1582    192.168.168.9:139      ESTABLISHED
  TCP    192.168.168.21:3658    192.168.168.30:9100    SYN_SENT
  TCP    192.168.168.21:3716    192.168.168.10:4678    ESTABLISHED
  TCP    192.168.168.21:3904    207.46.106.78:1863     ESTABLISHED
  TCP    192.168.168.21:3940    192.168.168.10:139     ESTABLISHED
C:>

Finally, you can specify the -a switch to display all TCP/IP connections and ports that are being listened to. The output from that command would run several pages, suffice it to say that it looks a lot like the netstat output shown previously, but a lot longer.

Displaying interface statistics

If you use an -e switch, netstat displays various protocol statistics, like this:

C:>netstat -e
Interface Statistics
                           Received            Sent
Bytes                     672932849       417963911
Unicast packets             1981755         1972374
Non-unicast packets          251869           34585
Discards                          0               0
Errors                            0               0
Unknown protocols              1829
C:>

The items to pay attention to in this output are the Discards and Errors. These numbers should be zero, or at least close to it. If they’re not, the network may be carrying too much traffic or the connection may have a physical problem. If no physical problem exists with the connection, try segmenting the network to see whether the error and discard rates drop.

You can display additional statistics by using an -s switch, like this:

C:>netstat -s
IPv4 Statistics
  Packets Received                   = 9155
  Received Header Errors             = 0
  Received Address Errors            = 0
  Datagrams Forwarded                = 0
  Unknown Protocols Received         = 0
  Received Packets Discarded         = 0
  Received Packets Delivered         = 14944
  Output Requests                    = 12677
  Routing Discards                   = 0
  Discarded Output Packets           = 71
  Output Packet No Route             = 0
  Reassembly Required                = 0
  Reassembly Successful              = 0
  Reassembly Failures                = 0
  Datagrams Successfully Fragmented  = 0
  Datagrams Failing Fragmentation    = 0
  Fragments Created                  = 0
IPv6 Statistics
  Packets Received                   = 3
  Received Header Errors             = 0
  Received Address Errors            = 0
  Datagrams Forwarded                = 0
  Unknown Protocols Received         = 0
  Received Packets Discarded         = 0
  Received Packets Delivered         = 345
  Output Requests                    = 377
  Routing Discards                   = 0
  Discarded Output Packets           = 0
  Output Packet No Route             = 0
  Reassembly Required                = 0
  Reassembly Successful              = 0
  Reassembly Failures                = 0
  Datagrams Successfully Fragmented  = 0
  Datagrams Failing Fragmentation    = 0
  Fragments Created                  = 0
ICMPv4 Statistics
                            Received    Sent
  Messages                  6           14
  Errors                    0           0
  Destination Unreachable   6           14
  Time Exceeded             0           0
  Parameter Problems        0           0
  Source Quenches           0           0
  Redirects                 0           0
  Echo Replies              0           0
  Echos                     0           0
  Timestamps                0           0
  Timestamp Replies         0           0
  Address Masks             0           0
  Address Mask Replies      0           0
  Router Solicitations      0           0
  Router Advertisements     0           0
ICMPv6 Statistics
                            Received    Sent
  Messages                  3           7
  Errors                    0           0
  Destination Unreachable   0           0
  Packet Too Big            0           0
  Time Exceeded             0           0
  Parameter Problems        0           0
  Echos                     0           0
  Echo Replies              0           0
  MLD Queries               0           0
  MLD Reports               0           0
  MLD Dones                 0           0
  Router Solicitations      0           6
  Router Advertisements     3           0
  Neighbor Solicitations    0           1
  Neighbor Advertisements   0           0
  Redirects                 0           0
  Router Renumberings       0           0
TCP Statistics for IPv4
  Active Opens                        = 527
  Passive Opens                       = 2
  Failed Connection Attempts          = 1
  Reset Connections                   = 301
  Current Connections                 = 1
  Segments Received                   = 8101
  Segments Sent                       = 6331
  Segments Retransmitted              = 301
TCP Statistics for IPv6
  Active Opens                        = 1
  Passive Opens                       = 1
  Failed Connection Attempts          = 0
  Reset Connections                   = 1
  Current Connections                 = 0
  Segments Received                   = 142
  Segments Sent                       = 142
  Segments Retransmitted              = 0
UDP Statistics for IPv4
  Datagrams Received    = 6703
  No Ports              = 0
  Receive Errors        = 0
  Datagrams Sent        = 6011
UDP Statistics for IPv6
  Datagrams Received    = 32
  No Ports              = 0
  Receive Errors        = 0
  Datagrams Sent        = 200
C:>