logo

Practical Computing Advice and Tutorials

Sun: 26 May 2019


Site Content

Programming
&
Development


Technical Knowhow


Command Line Interface


Security

Using The Netstat Command

This command is available on Windows OS and any 'Unix like' OS, such as Linux and MAC OS, but the options, or 'switches' (prefixed with a dash) to give them the proper term, differ. It's used to audit TCP connections and see if there's anything running in the background that you're maybe unaware of.

If you want to see what switches you can use, the -h switch means 'help'. Some of the switches can be combined so that you can perform parallel operations.

You'll see some GUI apps that, at their heart, are using netstat, and simply feed the information from netstat back to the GUI. Technically this is known as 'piping', where the output from one programme is 'piped' into another.

This is a short list of some of the options...


Switch  Action
-h Help: List the switch options
-b List the active connections/binary executables
-t List the active TCP connections/IP Address and Port number
-a As -t, but will show both TCP and UDP connections
-f List the active connections & FQDNs (Fully Qualified Domain Names) 

You can also combine them, like this...

netstat -tf

The -p switch needs an option of either 'tcp' or 'udp' to display the active connection of each protocol. You'll maybe not see any listed for udp, as it's what is known as a 'connectionless protocol' (I plan on producing some pages at some point, that will cover these kinds of topics), but you'll be able to see any apps waiting (or 'listening') for incoming connections with...

-ap udp

Another good combination is...

-btf

The option switches differ between Microsoft and Linux systems, so do a little experimentation and note the ones that you find useful.

Sometimes, the display can get sort of messy (as with -fo), which is one the advantages a GUI will have, as the GUI will 'pretty print' the netstat output for you, to the screen.