The NETSTAT utility
The NETSTAT utility is a command available on most platforms that enables a user to list the sockets in use on a system. The information returned by the command is only for the local host, and there is no provision for monitoring remote hosts using this utility. The most common uses for NETSTAT are:
_ Determining how many sockets are currently open on a system _ Determining what application owns a particular socket
_ Diagnosing TCP/IP problems
_ Diagnosing routing problems
The NETSTAT command can be issued with or without parameters. Without parameters, the output generated by the command typically lists all of the active UDP and TCP connections in the system’s connection table. Options can be added to filter the output, or to request additional information. Because NETSTAT is not RFC defined, the specific options employed by different implementations vary. However, there is a common set of options that remain constant among most NETSTAT implementations. Common NETSTAT options
Common NETSTAT options include:
-r / -route Displays the routing table currently used by the TCP/IP application.
-i / -interface Displays a list of interfaces, and their states. -l / -listening Displays only sockets on which an application is listening. -a / -all Displays all connections (typically, this is the default). -s / -statistics Displays the statistics for each protocol.
-t / -timer Displays timer information.
-v / -verbose Displays the output in verbose mode.
-f / -family Displays the address family of the connections
Sample NETSTAT report output
Following is a sample of a NETSTAT -all command and illustrates what is usually output by the default implementation of the utility. Example 1 NETSTAT -all command output
:\> NETSTAT -a
TCPIP Name: TCPIP 13:11:51
User Id Conn Local Socket Foreign Socket State
------- ---- ------------ -------------- -----
10.44.36.163..21 10.76.141.227..1780 Establsh