Unexplained TCP connections can create a major security risk. They can show that something or someone connected to the local host. Sometimes it is necessary to know which active TCP connections are open and running on a networked host. Netstat is a useful network tool for checking and verifying those connections.
This command can show particulars about individual network connections, overall and protocol-specific networking statistics, all listening ports, along with incoming and outgoing network connections and much more, all of which could help troubleshoot certain kinds of networking issues. By default, the netstat command will try to resolve IP addresses to domain names and port numbers to well-known applications.
There are various ways that a system administrator might use the assortment of switches with netstat command. I will give you a complete detail in this article.
Open the Command Prompt and execute the netstat command alone to show a comparatively simple list of all active TCP connections which, for each one, will show the local IP address, the foreign IP address, along with their relevant port numbers, as well as the TCP state.
netstat[-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-t] [-x] [-y] [time_interval] [/?]
This is the example of a netstat with -f switch. I execute netstat to show all active TCP connections. but, I do want to see the computers I’m connected to in FQDN format [-f] instead of a simple IP address.
Here’s an example of what you might see:
The command shows that there are 16 active TCP connections at the time of execution. The only protocol (in the Proto column) listed is TCP, if udp is required then you can use -a switch with n switch to reduce the execution time.
The information above that displayed in the result of the command with –an switch including protocol, the local address and port number, the foreign address and port number, and the connection status. An explanation of the different connection states is given below: