Home XP Commands
XP Syntax

NETSTAT.exe

Display current TCP/IP network connections and protocol statistics.

Syntax
   NETSTAT [options] [-p protocol] [interval]

Key
   -a   Display All connections and listening ports.
   -e   Display Ethernet statistics. (may be combined with -s)
   -n   Display addresses and port numbers in Numerical form.
   -r   Display the Routing table.
   -o   Display the Owning process ID associated with each connection.

   -b   Display the exe involved in creating each connection or listening port.*
   -v   Verbose - use in conjunction with -b, to display the sequence of
        components involved for all executables.

   -p protocol
        Show only connections for the protocol specified; 
        may be any of: TCP, UDP, TCPv6 or UDPv6.  
        If used with the -s option then the following protocols
        may also be specified: IP, IPv6, ICMP,or ICMPv6. 

   -s   Display per-protocol statistics.  By default, statistics are
        shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
        (The v6 protocols are not available under 2k and NT4)
        The -p option may be used to display just a subset of these.

   interval     Redisplay statistics, pausing interval seconds between
                each display. (default=once only) Press CTRL+C to stop.

* Where available this will display the sequence of components involved in creating the connection or listening port. (Typically well-known executables which host multiple independent components.) This option will display the executable name in [ ] at the bottom, with the component it called on top, repeated until TCP/IP is reached. The -b option can be time-consuming and will fail unless you have sufficient permissions.

"Once you're on the network, you can do a command called NetStat - Network Status - and it lists all the connections to that machine. There were hackers from Denmark, Italy, Germany, Turkey, Thailand ..." - Gary McKinnon

 Related Commands:

Dommon.exe - GUI Domain Monitor (W2K but works with NT)
BROWSTAT - Get domain, browser and PDC info
ROUTE - Manipulate network routing tables.
PATHPING - IP trace utility
PING - Test a network connection

Equivalent Linux BASH commands:

ping - Test a network connection
trace - Find the IP address of a remote host


Back to the Top

Simon Sheppard
 SS64.com