Using netstat is a great way to see the TCP/IP connections (both inbound and outbound) on your machine. You can also use it to view packet statistics (similar to the MONITOR.NLM utility on a NetWare server console), such as how many packets have been sent and received, the number of errors, and so on.
When used without any options, netstat produces output similar, which shows all the outbound TCP/IP connections The netstat utility, used without any options, is particularly useful in determining the status of outbound Web connections.
The Proto column lists the protocol being used. Because this is a Web connection, the protocol is TCP. The Local Address column lists the source address and the source port (source socket). In this case, default indicates that the PC has no NetBIOS name configured and refers to the local IP address, which is followed by the source ports, four separate dynamically registered TCP ports used to open four separate TCP connections. The Foreign Address item for all four connections is 220.127.116.11:80, indicating that for all four connections, the address of the destination machine is 18.104.22.168 and that the destination port is TCP port 80 (in other words, HTTP for the Web). The State column indicates the status of each connection. This column shows statistics only for TCP connections because UDP establishes no virtual circuit to the remote device. Usually, this column indicates ESTABLISHED once a TCP connection between your computer and the destination computer is established.
Output of thenetstatcommand without any Switches
The output of the netstat utility depends on the switch. You can use the following :
Simply type netstat followed by a space and then the switch. Some switches have options, but the syntax is basically the same. Note the UNIX style of the switches, where the hyphen must be included. This is common in Microsoft operating systems for TCP/IP utilities, which stem from original use in UNIX systems.
When you use the –a switch, the netstat utility displays all TCP/IP connections and all User Datagram Protocol (UDP) connections. Figure shows a sample output produced by the netstat –a command.
A protocol type of UDP and the source port nicknames of nbname and nbdatagram, are the well-known port numbers of 137 and 138, respectively. These port numbers are commonly seen on networks that broadcast the NetBIOS name of a workstation on the TCP/IP network. You can tell that this is a broadcast because the destination address is listed as *:* (meaning “any address, any port”).
Sample output of the netstat -a command
The -e switch displays a summary of all the packets that have been sent over the network interface card (NIC) as of that instant. The two columns in Figure shows packets coming in as well as being sent.
You can use the –e switch to display the following categories of statistics:
Bytes The number of bytes transmitted or received since the computer was turned on. This statistic is useful in helping to determine if data is actually being transmitted and received or if the network interface isn’t doing anything.
Unicast Packets The number of packets sent from or received at this computer. To register in one of these columns, the packet must be addressed directly from one computer to another and the computer’s address must be in either the source or destination address section of the packet.
Non-unicast Packets The number of packets not directly sent from one workstation to another. For example, a broadcast packet is a non-unicast packet. The number of non-unicast packets should be smaller than the number of unicast packets. If the number of nonunicast packets is as high as or higher than that of unicast packets, too many broadcast packets are being sent on your network. You should find the source of these packets and make any necessary adjustments.
Discards The number of packets that were discarded by the NIC during either transmission or reception because they weren’t assembled correctly.
Errors The number of errors that occur during transmission or reception. These numbers may indicate problems with the network card.
Unknown Protocols The number of received packets that the Windows networking stack couldn’t interpret. This statistic shows up only in the Received column because, if the computer sent them, they wouldn’t be unknown, would they?
Unfortunately, statistics don’t mean much unless they can be colored with time information. For example, if the Errors column shows 100 errors, is that a problem? It might be if the computer has been on for only a few minutes. But 100 errors could be par for the course if the computer has been operating for several days. Unfortunately, the netstat utility doesn’t have a way of indicating how much time has elapsed for these statistics.
You use the –r switch to display the current route table for a workstation so that you can see how TCP/IP information is being routed. Figure 4.4 shows sample output using this switch. You can tell from this output which interface is being used to route to a particular network (useful if computers have multiple NICs).
Using the –s switch displays a variety of TCP, UDP, IP, and ICMP protocol statistics.
The following is some sample output using this switch.
The -n switch is a modifier for the other switches. When used with other switches, it reverses the natural tendency of netstat to use names instead of network addresses. In other words, when you use the –n switch, the output always displays network addresses instead of their associated network names. Following is output from the netstat command and then the netstat -n command, showing the same information but with IP addresses instead of names:
Like the –n switch, the –p switch is a modifier. Typically used with the –s switch (discussed earlier), it specifies which protocol statistics to list in the output (IP, TCP, UDP, or ICMP). For example, if you want to view only ICMP statistics, you use the –p switch like so:netstat –s –p ICMP
The netstat utility then displays the ICMP statistics instead of the gamut of TCP/IP statistics that the –s switch normally produces.
Networking Related Tutorials
|Network Security Tutorial|
Networking Related Interview Questions
|Network Technical Support Interview Questions||Networking Interview Questions|
|CCNA Interview Questions||Network Security Interview Questions|
|Computer Network Security Interview Questions||Hardware and Networking Interview Questions|
|CCNP Interview Questions||Routing Protcol Interview Questions|
|CWNA (Certified Wireless Network Administrator) Interview Questions||Border Gateway Protocol (BGP) Interview Questions|
|Enhanced Interior Gateway Routing Protocol (EIGRP) Interview Questions||Virtual Private Network (VPN) Interview Questions|
|Controller Area Network (CAN bus) Interview Questions||Cisco Network Engineer Interview Questions|
|Storage Area Network Interview Questions||Network Troubleshooting Interview Questions|
Networking Related Practice Tests
|Network Technical Support Practice Tests||Networking Practice Tests|
|CCNA Practice Tests||Network Security Practice Tests|
|Computer Network Security Practice Tests||Hardware and Networking Practice Tests|
|CCNP Practice Tests||Routing Protcol Practice Tests|
|CWNA (Certified Wireless Network Administrator) Practice Tests||Border Gateway Protocol (BGP) Practice Tests|
|Enhanced Interior Gateway Routing Protocol (EIGRP) Practice Tests|
The Osi Model
Network Operating Systems
Wired And Wireless Networks
Wan And Remote Access Technologies
Network Access And Security
Fault Tolerance And Disaster Recovery
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.