Contacts
the main

Netstat A what makes this team. NetStat Team Description (TCP Active Connection Statistics). Using NetStat in Linux

To Omand Netstat displays various network data, such as network connections, routing table, interface statistics, masked compounds, multicast space, etc.,

In this article, let's look at 10 practical examples Teams NetStat. In UNIX.

1. List of all ports (both listened and non-listened ports)

List of all ports using the NetStat -a command

# Netstat -a | More Active Internet Connections (Servers and Established) Proto Recv-Q Send-q Local Address Foreign Address State TCP 0 0 Localhost: 30037 *: * Listen UDP 0 0 *: BootPC *: * Active Unix Domain Sockets (Servers and Established) Proto RefCnt Flags Type State I-Node Path Unix 2 [ACC] Stream Listening 6135 /Tmp/.x11-Unix/x0 Unix 2 [ACC] Stream Listening 5140 /Var/run/acpid.socket

List of all TCP ports with NetStat -at

# Netstat -at Active Internet Connections (Servers and Established) Proto Recv-Q Send-Q Local Address Foreign Address State TCP 0 0 0.0.0.0:Http 0.0.0:* Listen TCP 0 0 Localhost: WebCache 0.0.0..0.0 .0: * Listen TCP 0 0 Localhost: Domain 0.0.0.0:* Listen

Enumeration of all UDP ports with NetStat -au

# Netstat -Au Active Internet Connections (Servers and Established) Proto Recv-Q Send-Q Local Address Foreign Address State UDP 0 0 AndreyeEx..en: 50053 Google-Public-DN: Domain Established

2. List of sockets that are in the audience state

List of only listening ports with NetStat -L

# NetStat -l Active Internet Connections Proto RecV-Q Send-q Local Address Foreign Address State TCP 0 0 0.0.0.0:Http 0.0.0.0:* Listen TCP 0 0 Localhost: WebCache 0.0.0..0.0. 0: * Listen TCP 0 0 Localhost: Domain 0.0.0.0:* Listen

List of only TCP ports with NetStat -lt

# Netstat -LT Active Internet Connections (Only Servers) Proto RecV-Q Send-q Local Address Foreign Address State TCP 0 0 0.0.0.0:Http 0.0.0.0:* Listen TCP 0 0 Localhost: WebCache 0.0.0..0.0. 0: * Listen TCP 0 0 Localhost: Domain 0.0.0.0:* Listen

List of only auditions UDP ports using netstat -lu

# Netstat -Lu Active Internet Connections Proto Recv-q Send-q Local Address Foreign Address State UDP 0 0 0 0.0.0.0:* UDP 0 0 Localhost: Domain 0.0.0..0.0.0: *

List of ONLICAL UNIX ports with NetStat -LX

# NetStat -LX Active Unix Domain Sockets (Only Servers) Proto Refcnt Flags Type State I-Node Path Unix 2 [ACC] Stream Listening 19693 TMP / CORE.Adm.Internal Unix 2 [ACC] Seqpacket Listening 8723 / RUN / UDEV / Control UNIX 2 [ACC] Stream Listening 12566 / VAR / RUN / DBUS / System_Bus_Socket Unix 2 [ACC] Stream Listening 16948 /Var/Run/Fail2Ban/Fail2Ban.Sock Unix 2 [ACC] Stream Listening 19702 TMP / CORE.SOCK

netStat [-A] [-E] [-N] [-O] [-p protocol] [-R] [-S] [Interval]where

Examples of the NetStat team

An example of the NetStat command on Windows 10 is shown in the figure above, the utility works on all versions of Windows operating systems.

  • To display a command help, enter on the command prompt netstat /?;
  • To display Ethernet statistics and statistics on all protocols, enter the following command: netstat -E -s.;
  • To display statistics only on TCP and UDP protocols, enter the following command: netstat -S -p TCP UDP;
  • For output active connections TCP and process codes Each 5 seconds enter the following command: netstat -o 5..

IPConfig - Network Interface Management - Samalkhan A.

IPCONFIG command - TCP / IP parameters display

The IPConfig command serves to manage network interfaces and display all current TCP / IP network settings, as well as updates DHCP and DNS parameters in operating systems Windows. When you call the IPConfig command without parameters, only the IP address, subnet mask and the main gateway for each network adapter are displayed. And to check the connections in TCP / IP networks used ping team.



IPConfig Utility Settings

ipconfig]]]where

  • / All. - output full TCP / IP configuration for all adapters. Without this parameter, the ipconfig command displays only IP addresses, subnet mask and main gateway for each adapter. Adapters may be physical interfaces, such as installed network adapters, or logical interfaces, such as remote access connectivity.
  • / renew [adapter] - Update dHCP configurations For all adapters (if the adapter is not specified) or for a given adapter. This parameter is available only on computers with adapters configured to automatically get IP addresses. To specify the adapter, enter without the name parameters displayed by the IPConfig command.
  • / Release [Adapter] - sending a DHCPRelease message to the DHCP server to release the current DHCP configuration and deleting the configuration of IP addresses for all adapters (if the adapter is not specified) or for a specified adapter. This adapter disables the TCP / IP protocol for adapters configured to automatically get IP addresses. To specify the adapter, enter without the name parameters displayed by the IPConfig command.
  • / Flushdns. - Resetting and cleaning the contents of the client DNS names matching cache. During troubleshooting DNS, this procedure is used to remove from the cache records of negative mapping attempts and other dynamically added records.
  • / Displaydns. - Displays the contents of the client DNS name mapping cache, which includes records previously loaded from the local hosts file, as well as the latest resource records for query queries. This information is used by the client DNS service to quickly match common names without accessing the DNS servers specified in the configuration.
  • / registerdns. - Dynamic registration of manually DNS names and IP addresses configured on the computer. This parameter is useful in troubleshooting in case of refusal to register the DNS name or when finding out the causes of problems dynamic update Between the client and the DNS server without restarting the client. The names registered in DNS are determined by the DNS parameters in the additional properties of the TCP / IP protocol.
  • / showclassid adapter - Displays the DHCP class code for the specified adapter. To view the DHCP class code for all adapters, instead of the adapter parameter, specify an asterisk (*). This parameter is available only on computers with adapters configured to automatically get IP addresses.
  • / setclassid adapter [code_Klass] - Set the DHCP class code for the specified adapter. To set the DHCP class code for all adapters, instead of the adapter parameter, specify an asterisk (*). This parameter is available only on computers with adapters configured to automatically get IP addresses. If the DHCP class code is not specified, the current class code is deleted.

Examples of the ipconfig command

  • To display the main TCP / IP configuration for all adapters, enter: ipconfig
  • To display the full TCP / IP configuration for all adapters, enter: iPConfig / All.
  • To update the IP address configuration assigned to a DHCP server, only for the adapter "connection local network"Enter: iPCONFIG / Renew "Local Connection" "
  • To reset the DNS name mapping cache in the presence of names in matching names, enter: ipconfig / Flushdns.
  • To display the DHCP class code for all adapters with names starting with the word "Connection", enter: iPCONFIG / SHOWCLASSID "Connection"
  • To set the DHCP Test class code for the LAN connection adapter, enter: iPCONFIG / SETCLASSID "LAN Connection" Test

TRACERT - Definition of the Route Packets of ICMP - Meres

Team Description Tracert.

TRACERT team Performs tracing to the destination point by sending the addressing echo message. The parcel is carried out using the Control Message Protocol (ICMP) protocol with a constant increase in the lifetime values \u200b\u200bof the packet life (Time to Live, TTL).

The output path is a list of the nearest router interfaces located on the path between the source node and the destination point. The near interface is the router interface, which is closest to the sender's node on the way. Launched without parameters, the Tracert command displays a certificate.

To check the network, you can also use the commands:

  • Ping - the main TCP / IP command used to troubleshoot in connection, checking access and name resolution;
  • Pathping - provides information on network latency and data loss in intermediate nodes.

Regularly, some are only for diagnosis. I belong to the latest category: I prefer to use this utility to identify reasons system problems and troubleshooting.

For the netstat command, there are ten parameters that allow you to get detailed information To solve the very different tasks. However, no less useful information can be obtained without any parameters.

Most often, Netstat is used with the parameter -a to get a list of all connections and listed ports. The following are several other parameters that can be useful when using this utility.

Fully defined domain name. The -f parameter allows you to learn FQDN for an external address. When using NetStat with this parameter, the names are allowed both in the internal and external network. In fig. A shows the output of the command.

Figure A.

What process uses one or another port. The combination of parameters -A -N -O allows you to find out what the process identifier (PID) corresponds to one or another port. (See) The output of the command is shown in Fig. B.


Figure B.

And if you add the -b parameter to this combination, friendly names will be used for each process, as shown in Fig. C. True, this will require administrator rights.


Figure C.

Note: Remote addresses pointing to 192.168.1.220:3261 belong to the Windows ISCSI initiator service and are otherwise indicated than the addresses of the remaining services.

Routing table output. When you need to find out why on one computer, the network connection works otherwise than on the other in the same network, you can use the -R parameter, which displays the route for this system, as shown in Fig. D. Pay attention to the "Permanent Route" section: All are indicated in it. static routesconfigured for Windows Server).


Figure D.

These four variations of the NetStat team will greatly facilitate

& NBSP & NBSP Team NetStat. Designed to get information about the status network connections and listened to this computer ports TCP. and UDP, as well as, to display statistical data on network interfaces and protocols.

Command line format:

NetStat [-A] [-b] [-E] [-f] [-n] [-O] [-p protocol] [-R] [-S] [-T] [Interval]

Command Line Settings:

-a. - Displays all connections and waiting ports.
-b. - Displays an executable file involved in creating each connection, or a waiting port. Sometimes well-known executable files contain multiple independent components. Then the sequence of components involved in the creation of a connection is displayed or the expensive port. In this case, the name of the executable file is located below in brackets, from above, the component that is called by them, and so until the TCP / IP is achieved. Note that this approach can take a lot of time and requires sufficient permissions.
-E. - Display Ethernet statistics. It can be applied with the -s parameter.
-f. - Displays the full domain name (FQDN) for external addresses.
-N. - Display addresses and port numbers in numerical format.
-o. - Display code (ID) of the process of each connection.
-P protocol - Displays connections for the protocol specified by this parameter. Valid values: TCP, UDP, TCPV6 or UDPV6. Used with the -s parameter to display statistics on protocols. Valid values: IP, IPv6, ICMP, ICMPV6, TCP, TCPV6, UDP or UDPV6.
-r. - Displays the contents of the route table.
-s. - Displays protocol statistics. By default, statistics are displayed for IP, IPv6, ICMP, ICMPV6, TCP, TCPV6, UDP and UDPV6. The -p parameter allows you to specify a subset of the output data.
-t. - Displays the current connection in the load transfer state from the processor to the network adapter during data transmission ("offload").
-V. - Detailed output of information, if possible.
interval - re-output of statistical data through the specified interval in seconds. To stop the output of the data, press Ctrl + C. If the parameter is not specified, the information about the current configuration is output once.

In practice, utility netStat.exe. It is convenient to use in a chain with page conclusions ( more), redirecting standard output to the file ( > ) and search for text in the output results ( find.).

netstat -a | More - Display all connections in the page mode output on the screen.

netstat -A -N | More - The same as in the previous example, but with the display of port numbers and IP addresses in the numerical format. In contrast to the previous example, the team netStat. with parameter -t. It works far faster.

netstat -A -f | More - The same as in the previous example, but with the display of complete DNS names of the nodes involved in the compounds.

netstat -a\u003e C: \\ Netstatall.txt - Display all connections with recording results to the C: \\ Netstatall.txt file.

netstat -a | Find / I "Listening" - Display all connections with Listening status, i.e. Display a list of network interfaces and ports waiting for incoming connections ("listened" ports). Key / I. in a team Find. Indicates that when searching for text, you do not need to take into account the characters register.

netstat -a | Find / I "listening"\u003e C: \\ listening.txt - Display all connections with Listening status with the results entry to the C: \\ listening.txt file.

An example of the information displayed:

Active connections

Name - Name of the protocol.

Local address - Local IP address involved in a connection or related to the service awaiting incoming connections (listening port). If 0.0.0.0 is displayed as an address, it means "any address", that is, all IP addresses existing on this computer can be used in connection. Address 127.0.0.1 is a looped interface used as an IP protocol tool for interaction between processes without real data transmission.

External address External IP address involved in creating a connection.

condition - Connection status. condition Listening It suggests that the status bar displays information about the network service waiting for incoming connections to the corresponding protocol to the address and port displayed in the "Local Address" column. condition Established Indicates on active connection. In the Status column, the current stage of the TCP session can be displayed for the TCP protocol connections, which is determined by processing flags in the TCP header - Package (SYN, ASK, FIN ...). Possible states:

Close_wait. - Waiting for the closure of the connection.
Closed - The connection is closed.
Established - The connection is established.
Listening. - The connection is expected (the port is listened)
Time_Wait. - Excess the response time.

The name of the software module associated with this connection is displayed if the parameter is specified. -b. At the command prompt when you start NetStat.exe.

Netstat -A -B. - Get a list of all network connections and related programs.

TCP 192.168.0.3:3389 89.22.52.11:5779 Established
CryptSvc.

IN this example Displays connection information, in the creation of which software components participate CryptSvc. and svchost.exe..

netstat -ab. - Command line parameters can be combined. Parameter -ab. Equivalent -A -B.

netstat -e. - Get Statistical Data for Exchange by Ethernet Protocol. Displays the total values \u200b\u200bof the received and received bytes for all network adapters Ethernet.

Interface statistics

Netstat -E -V. - In addition to the total statistics, information on the exchange of data is displayed through separate network interfaces.

Netstat -E -s. - In addition to Ethernet statistics, statistics are displayed for IP, ICMP, TCP, UDP protocols

Interface statistics

Statistics ipv4.

Received packages
Obtained errors in headlines
Errors are obtained in addresses
Directed datagram

Duck off received packages

Requests for output
Routes are discarded
Output packages are discarded

Required assembly
Successful assembly
Assembly failures


Created fragments
= 10877781
= 0
= 27307
= 0
= 0
= 448
= 11384479
= 11919871
= 0
= 1517
= 6
= 0
= 0
= 0
= 5918
= 0
= 11836

Statistics ipv6.

Received packages
Obtained errors in headlines
Errors are obtained in addresses
Directed datagram
Received unknown protocols
Duck off received packages
Delivered received packages
Requests for output
Routes are discarded
Output packages are discarded
Output packets without route
Required assembly
Successful assembly
Assembly failures
Successfully fragmented datagram
Datagram fragmentation failures
Created fragments
= 0
= 0
= 0
= 0
= 0
= 0
= 391
= 921
= 0
= 0
= 14
= 0
= 0
= 0
= 0
= 0
= 0

Statistics icmpv4.

ICMPV6 statistics

TCP statistics for IPv4

TCP statistics for IPv6

UDP statistics for IPv4

UDP statistics for IPv6

netstat -S -P ICMP - Get statistics only by ICMP protocol

Example of displayed statistical data:

Statistics icmpv4.

For a cyclic survey of the state of network connections, a program starts with an indication of the output interval of statistical data in seconds.

NetStat -e 3. - Display Ethernet statistics with an interval of 3 seconds.

netstat -F 10. - Every 10 seconds to display network connections statistics using complete DNS node names.

Netstat -N 5 | FIND / I "ESTABLISHED" - Display statistics for installed connections every 5 seconds.

Hello everyone earlier I started a story about network utilities system administrator In the article "Pathping utility or how to diagnose the problem on the route to the site. Network utilities 3 part", moving on and disassemble another utility netStat. Or how to determine which ports listen to your computer. This program will not be a replace tool in the baggage of software, any system engineer, will help him carry out a quick diagnosis of the situation and detect a number of all kinds of problems with services and their availability.

NetStat teams

NetStat. - Displays the active TCP connections, ports listened to the computer, Ethernet statistics, IP routing tables, IPv4 statistics (for IP, ICMP, TCP and UDP protocols) and IPv6 (for IPv6, ICMPV6, TCP protocols via IPv6 and UDP via IPv6)

Imagine the situation you installed for example MSM LSI utility to view parameters RAID controller, Run the utility, but nothing it finds, because the port is closed and which you do not know, and not always in the internet you can quickly find information about it, for this you can run Netstat and see what port is listening to your server with MSM process .

Open command windows string And introduce netStat. .. You will hide the help of the utility.

C: \\ Users \\ SEM\u003e Netstat?

Display of protocol statistics and current network connections TCP / IP.

Netstat [-A] [-b] [-E] [-f] [-n] [-O] [-p protocol] [-R] [-S] [-X] [-T]
[interval]

  • -A Displays all connections and audition ports.
  • -b Displays the executable file involved in the creation
  • each connection or audition port. Sometimes well-known executable files contain many independent components. Then the sequence of components involved in creating a connection or audition port is displayed. In this case, the name of the executable file is located below in brackets, the component caused to them, and so until TCP / IP is reached. Note that this approach can take a lot of time and requires sufficient permissions.
  • -E display Ethernet statistics. It can be applied with the -s parameter.
  • -f Displays the full domain name () for external addresses.
  • -n Displays address and port numbers in numeric format.
  • -o Displays the ID of the process of each connection.
  • -p protocol Displays connections for the protocol specified by this parameter. Valid values: TCP, UDP, TCPV6 or UDPV6. If used with the -s parameter to display statistics on protocols, the following values \u200b\u200bare allowed: IP, IPv6, ICMP, ICMPV6, TCP, TCPV6, UDP or UDPV6.
  • -R Displays the contents of the route table.
  • -s Display statistics on protocols. By default, statistics are displayed for IP, IPv6, ICMP, ICMPV6, TCP, TCPV6, UDP and UDPV6. The -p parameter allows you to specify a subset of the output data.
  • -t Displaying the unloading status for the current connection.
  • -x Displays connections, listeners and shared NetworkDirect endpoints.
  • -y Displays TCP Connection Template for all connections. Cannot be used with other parameters. INTERVAL Reconfigure the selected statistics with a pause between the mappings set by the interval in seconds. To stop re-displaying statistics, press Ctrl + C. If this parameter is omitted, Netstat will print current configuration information once.

Let's see the interesting keys of the NetStat utility. First that we enter

and we will appear on the screen network packet statistics Ethernet.

If you add the key -S, we will receive statistics on protocols.

It is very useful to see everything that is listening to your host for this.

The output of the command contains the protocol type of either TCP or UDP, the local address with the port that the external address is listed with the port and state of action.

For a complete understanding of the information provided by this command, it is necessary to understand the principles of the connection of the connection in the TCP / IP protocol. Here are the main steps of the TCP / IP connection installation process:

1. When you try to establish a connection client sends a message Syn Server.

2. The server meets its own message SYN and confirmation (ACK).

3. After that, the client sends an ACK message back to the server, completing the connection process of the connection.

The process of breaking the compound consists of the following steps:

1. The client tells the "I finished" by sending a FIN server message. At this stage, the client only accepts data from the server, but does not send anything himself.

2. After that, the server sends an ACK message and sends the FIN client's own message.

3. After that, the client sends a message ACK server, confirming the FIN server request.

4. When receiving an ACK message from the client, the server closes the connection.

Understanding the steps of the installation process and bursting of the connection allows you to more transparently interpret the states of the connections in the output of the NetStat command. The connections in the list may be in the following states.

  • Close_wait. - Indicates the passive phase of closing the connection that begins after receiving the FIN message server from the client.
  • Closed - The connection is interrupted and closed by the server.
  • Established - The client has established a connection to the server, receiving SYN from the server.
  • Fin_wait_1 - The client initiated the closure of the connection (sent the FIN message).
  • Fin_wait_2. - The client received ACK and FIN messages from the server.
  • Last_ack - The server sent a FIN to the client.
  • Listen. - The server is ready to receive incoming connections.
  • Syn_received - The server received a message SYN from the client and sent him the answer.
  • Timed_Wait. - The client sent the FIN server message and waits for a response to this message.
  • Yn_send. - The specified connection is actively and open.

NetStat utility or how to determine which ports listen to your computer. Network utilities 4 part-06



Did you like the article? Share it
Recommended articles on the topic
Causes of why Flash Player does not work, and troubleshootingCauses of why Flash Player does not work, and troubleshooting
The laptop itself turns off, what to do?The laptop itself turns off, what to do?
HP Pavilion DV6: Characteristics and ReviewsHP Pavilion DV6: Characteristics and Reviews
Visitors are now discussing
Format representation of a floating point numbers How negative numbers are stored in the computer's memoryFormat representation of a floating point numbers How negative numbers are stored in the computer's memory ASUS
Computer fries and does not turn on what to do?Computer fries and does not turn on what to do? D-Link
Why does not work mouse on a laptop or mouse?Why does not work mouse on a laptop or mouse? Android
How to increase or decrease the scale of the page (font) in classmates?How to increase or decrease the scale of the page (font) in classmates? Problems