Like Linux, Windows does have a netstat command and it can come handy when you are in need of network-related monitoring and troubleshooting.
Consider you have any of the following requirement
- How to find who or which process owns the port in Windows Server
- To see how many HTTP/DB connections opened by IIS/Any other App server runs on windows.
- To make sure the port is open and listening for incoming calls in Windows Server
- How many connections are open from IIS to Database in WIndows server
- How many Connections are open from Application Server like Tomcat running on Windows Server
- Connection leaks to the database from windows server etc
Netstat command windows have the following syntax and options support.
using this various options given in the preceding picture you can derive many useful commands to help you in your endeavour
Windows Netstat Command Examples
- Find all the ESTABLISHED and WAITING TCP connections
- Get Detailed info of TCP and UDP connections
- List of Connections and Ports open with Process information - Find Who Owns the port
- Find Who owns the port with Process ID and Process Name
- Get Fully Qualified remote address on the open connections
- How to Grep for a Specific port with windows netstat command
- Execute Windows Netstat commands in interval
Here we have given some of the most used and quick netstat command snippets. You can choose one or you can frame one using the options shown in the preceding picture
To find all the Established and Waiting for TCP connections.
This is a Simple Netstat command it would result the simple list of TCP connections Established on the server
To get Detailed info on Ports Open, Ports Listening, Connections Established for TCP/UDP connections
netstat -a command would give the extended result of ports opened on the server and established connections and their current state for both TCP and UDP connections.
this command can be used to check if your application server (Tomcat,Weblogic,IIS) or any process running on the windows server has opened and listening on a certain port.
You can also use the
netstat -an command to get faster results as
netstat -a would take longer time in the name resolution of the remote foreign address
So, What is the Difference between netstat -a and netstat -an why the latter one is faster
netstat -ancommand would only show the remote server IP addresses where
netstat -awould try to resolve the name for that IP address. Thus
netstat -anwould be faster than the
How to get the Process name [service name] along with connections - Who owns the port
Consider that you have any of the tomcat ,weblogic, websphere, Apache HTTPD, IIS, MSSQL server, Oracle DB product running on the windows server
During issues, It might be necessary for you to validate which process owns which port. or would have wanted to know how many connections are currently open or established.
In Such cases, you can use the following command which would result in the great detailed info along with the process name (or) the binary name which opened the port or the connection.
You have to run the command prompt as Administrator [ Run as Administrator ] before running this command
If you do not want the the Domain Name be displayed in the Foreign Address and OK with the numeric IP information. You can use
netstat -anb as said earlier, adding an
-n option makes the command faster
Get the Process ID and Process Name of the Ports and Connections Open
In the previous example, with
netstat -ab we were only getting the Process name who owns the port. not the Process ID.
Getting a Process ID of the process who owns the port would also be helpful in most of the cases.
To get the PID information you need to use
-o option along with
Using -f option to get Fully Qualified Domain Names (FQDN) or Remote Address
With any preceding command, you can use the
-f option to get the Fully Qualified Domain Names (FQDN) of the remote address
You cannot use
-f as one will compromise the other. The option
-f is for FQDN where
-n is for only numeric.
Look for a Specific Port or Process ID using FINDSTR [ equivalent to grep ]
How to make sure a Specific port is listening in windows
The windows netstat command output is so large and if you are looking for a precise port or process or PID. you can use findstr , a windows equivalent for Linux grep command
netstat -afb |findstr 8080
in the preceding snapshot you can see that findstr was used to check if port 8080 is open and tomcat is listening
Using Netstat in Script with Sleep interval. Monitor a Port status with Netstat
Let's suppose you want to monitor if a port is listening at a constant interval. Windows netstat command can accept sleep interval.
You can use any netstat command with a specific interval. The command will run in a loop with a Specified interval and it can be stopped with CTRL+C
netstat -abo 5|findstr 8080
here the interval is 5 seconds,
netstat -abo command would run every 5 seconds until interrupted or stopped with CTRL+C
Various other Windows Netstat commands and their usage
netstat has more to offer and here I have listed some of the command snippets and their usage as quick gist.
Display Routing table
Display only UDP connections
netstat -abp udp -ab
Display only TCP connections
netstat -abp tcp -ab
Display Detailed Ethernet and Connection Usage Statistics
Hope it helps
Follow me on Linkedin My Profile Follow DevopsJunction onFacebook orTwitter For more practical videos and tutorials. Subscribe to our channel
Signup for Exclusive "Subscriber-only" Content