what is netstat command

netstat  is short for network statistics and this is a  command line tool that is used to display the  current network connections and port activity on  your computer. It's a useful tool that you can use  to see what service may be running on your  computer or server, and which ports are open.  Now netstat is available on various operating systems  but some of the option commands may be a little  bit different, but in my example I'm going to be  working on a windows computer.   So at a command prompt you type in the word netstat and then you press enter. So right now our computer is not  connected to anything, which is why the output  is blank. But if our computer was connected to  other hosts, it would show us the protocol that's  being used, the local address, the foreign address, and the state of the connection. So let's go  ahead and have our computer connect to a couple of websites, such as yahoo.com and example.com. And then we'll also connect to an FTP server, and then we'll connect to a couple of local computers in  our home. So now if we do the netstat command again and in the output we'll see some activity. So here  we see that TCP is the protocol that's being used. And here we see the local IP address of my  computer, along with the port number that's being used for that particular connection. And here we  see the two IP addresses of the websites that our computer is connected to, along with the port names  because http is the protocol for websites. And we also see the FTP site that we're connected to. And  then finally we see the two computers in our home.

netstat command

Now netstat can be combined with subcommands or  switches to alter the output. So for example if we  do a netstat with a -n switch it'll show the  same output as netstat but it'll show only numbers and not names. So for example on the left side of  the screen let's do the same netstat command again all by itself. And if you notice, the output is not  instant. The output is slow, coming in line by line. Now the reason for this is because it's using  DNS to resolve numbers to names, and it takes some time to do this. So as you can see, it's  showing the names of the computers that our  computer is connected to, along with the names  of the ports. But over here on the right side of the screen, if we do a netstat with a -n switch, the output is very fast. In fact it's instant. And this is because it doesn't use DNS  to resolve numbers to names, it only shows numbers  So as you can see, instead of showing the names  of the computers, it only shows their IP addresses. And the same thing goes with the ports, it only  shows the port numbers and not the port names.Now another option is netstat with a -a  switch. Now this is going to show us a little bit  more. So not only is it going to show our current  connections, but it's also going to show us which 

netstat command

TCP and UDP ports are listening for a connection.  So on the top we see the TCP ports. And towards the bottom, we see the UPD ports. The IP address of  all zeros is our computer. And the reason why it's  all zeros is because it means that the port is not  listening on a specific IP address, it's listening on all available IP addresses on all network  interfaces. And because the local IP address is all  zeros, the other end of the connection is actually  our computer in the foreign address column. So you can see that our computer is named "MYPC".  And here we see the port numbers that are  open on our computer that are either listening  for a connection or have already established a  

connection. The top section we see the IP version 4  addresses and the bottom we see the IP version 6 addresses.Now if you wanted to see which program is being  used to make these connections, you can use our  next command which is netstat -b. So now if  we look at the output, we see that the two website  connections are done using google chrome, indicated  by chrom.exe. And the FTP connection is done using  filezilla, which is a very popular FTP application.  And the next command is netstat -f. Now this  command shows the fully qualified domain name of  the addresses that we're connected to. So here we  can clearly see the yahoo and example websites and  the FTP server that our computer is connected to.Now you don't have to use these switches all by  themselves, you can actually combine them to get  

netstat command

the output that you desire. So for example let's  combine the last two switches that we just did. So let's do netstat -bf. And then we  can see from the output, we see the program that's being used from b switch and we  can also see the fully qualified domain names from the f switch. Or in another example let's  do netstat with a -a and n switch. And in the output we see the current active connections  and which ports are listening for a connection from using the a switch. And we also see that the output is  instant because it's only showing numbers and  not names which is produced by the n switch.Now if you wanted to see the full list of switches  that are available with netstat, just type netstat  and a question mark and then it'll show you what's  available. So thank you everyone for watching