Wednesday, February 23, 2011

Using the Netstat utility to understand network connections

Netstat is an old utility.  It's been around for as long as I can remember.  It's still very much relevant today as a means of identifying what connections are open on a computer and the nature of the those connections.  If you simply run "netstat" at a command prompt, you'll see a list of connections to your computer.  The first column lists the protocol (TCP, for example), the second column lists the local IP address and port number, the third column lists the foreign address and port number, and the fourth column lists the TCP state.  (For information about TCP states, review RFC 793.)

Netstat also supports a variety of options which can display Ethernet statistics such as the number of packets and bytes sent and received (netstat -e) or ICMP traffic (netstat -ps icmp).  You can see all the options by typing netstat /?.

If it's been a while since you visited Netstat, open up a command prompt or PowerShell and give it a try.  (I hope you don't find any surprises in the connections list!)

No comments: