Netstat command windows - Usage and Examples


Like Linux, Windows does have a netstat command and it can come handy when you are in need of network-related monitoring and troubleshooting.

Consider you have any of the following requirement

  • How to find who or which process owns the port in Windows Server
  • To see how many  HTTP/DB connections opened by IIS/Any other App server runs on windows.
  • To make sure the port is open and listening for incoming calls in Windows Server
  • How many connections are open from IIS to Database in WIndows server
  • How many Connections are open from Application Server like Tomcat running on Windows Server
  • Connection leaks to the database from windows server etc

Netstat command windows have the following syntax and options support.

Windows Netstat command

using this various options given in the preceding picture you can derive many useful commands to help you in your endeavour

Windows Netstat Command Examples

  1. Find all the ESTABLISHED and WAITING TCP connections
  2. Get Detailed info of TCP and UDP connections
  3. List of Connections and Ports open with Process information - Find Who Owns the port
  4. Find Who owns the port with Process ID and Process Name
  5. Get Fully Qualified remote address on the open connections
  6. How to Grep for a Specific port with windows netstat command
  7. Execute Windows Netstat commands in interval


Here we have given some of the most used and quick netstat command snippets. You can choose one or you can frame one using the options shown in the preceding picture


To find all the Established and Waiting for TCP connections.

This is a Simple Netstat command it would result the simple list of TCP connections Established on the server




To get Detailed info on Ports Open, Ports Listening, Connections Established for TCP/UDP connections

netstat -a command would give the extended result of ports opened on the server and established connections and their current state for both TCP and UDP connections.

this command can be used to check if your application server (Tomcat,Weblogic,IIS) or any process running on the windows server has opened and listening on a certain port.

netstat -a

You can also use the netstat -an command to get faster results as netstat -a would take longer time in the name resolution of the remote foreign address

netstat -an

So, What is the Difference between netstat -a and netstat -an why the latter one is faster

Simply put, netstat -an command would only show the remote server IP addresses where netstat -a would try to resolve the name for that IP address. Thus netstat -an would be faster than the netstat -a


How to get the Process name [service name] along with connections - Who owns the port

Consider that you have any of the tomcat ,weblogic, websphere, Apache HTTPD, IIS, MSSQL server, Oracle DB  product running on the windows server

During issues, It might be necessary for you to validate which process owns which port. or would have wanted to know how many connections are currently open or established.

In Such cases, you can use the following command which would result in the great detailed info along with the process name (or) the binary name which opened the port or the connection.

You have to run the command prompt as Administrator [ Run as Administrator ] before running this command

netstat -ab

If you do not want the the Domain Name be displayed in the Foreign Address and OK with the numeric IP information. You can use netstat -anb as said earlier, adding an -n option makes the command faster

windows netstat command


Get the Process ID and Process Name of the Ports and Connections Open

In the previous example, with netstat -ab we were only getting the Process name who owns the port. not the Process ID.

Getting a Process ID of the process who owns the port would also be helpful in most of the cases.

To get the PID information you need to use -o option along with -ab

netstat -abo

Netstat windows command



Using -f option to get Fully Qualified Domain Names (FQDN) or Remote Address

With any preceding command, you can use the  -f option  to get the Fully Qualified Domain Names (FQDN)  of the remote address

netstat -afb

You cannot use -n with -f as one will compromise the other. The option-f is for FQDN where -n is for only numeric.


Look for a Specific Port or Process ID using FINDSTR [ equivalent to grep ]

How to make sure a Specific port is listening in windows

The windows netstat command output is so large and if you are looking for a precise port  or process or PID. you can use findstr , a windows equivalent for Linux  grep command

netstat -afb |findstr 8080

in the preceding snapshot you can see that findstr was used to check if port 8080 is open and tomcat is listening



Using Netstat in Script with Sleep interval. Monitor a Port status with Netstat

Let's suppose you want to monitor if a port is listening at a constant interval. Windows netstat command can accept sleep interval.

You can use any netstat command with a specific interval. The command will run in a loop with a Specified interval and it can be stopped with CTRL+C

netstat -abo 5|findstr  8080

here the interval is 5 seconds,

The netstat -abo command would run every 5 seconds until interrupted or stopped with CTRL+C

windows netstat command



Various other Windows Netstat commands and their usage

netstat has more to offer and here I have listed some of the command snippets and their usage as quick gist.

Display Routing table

netstat -r

Display only UDP connections

netstat -abp udp  -ab

Display only TCP connections

netstat -abp tcp  -ab

Display Detailed Ethernet and Connection Usage Statistics

netstat -es



Hope it helps

Sarav AK

Follow me on Linkedin My Profile
Follow DevopsJunction onFacebook orTwitter
For more practical videos and tutorials. Subscribe to our channel

Buy Me a Coffee at

Signup for Exclusive "Subscriber-only" Content