Netstat command windows - Usage and Examples

Updated on:

Introduction

Like Linux, Windows does have a netstat command and it can come handy when you are in need of network-related monitoring and troubleshooting.

Consider you have any of the following requirement

  • How to find who or which process owns the port in Windows Server
  • To see how many  HTTP/DB connections opened by IIS/Any other App server runs on windows.
  • To make sure the port is open and listening for incoming calls in Windows Server
  • How many connections are open from IIS to Database in WIndows server
  • How many Connections are open from Application Server like Tomcat running on Windows Server
  • Connection leaks to the database from windows server etc

Netstat command windows have the following syntax and options support.

Windows Netstat command

using this various options given in the preceding picture you can derive many useful commands to help you in your endeavour

Windows Netstat Command Examples

  1. Find all the ESTABLISHED and WAITING TCP connections
  2. Get Detailed info of TCP and UDP connections
  3. List of Connections and Ports open with Process information - Find Who Owns the port
  4. Find Who owns the port with Process ID and Process Name
  5. Get Fully Qualified remote address on the open connections
  6. How to Grep for a Specific port with windows netstat command
  7. Execute Windows Netstat commands in interval

 

Here we have given some of the most used and quick netstat command snippets. You can choose one or you can frame one using the options shown in the preceding picture

 

To find all the Established and Waiting for TCP connections.

This is a Simple Netstat command it would result the simple list of TCP connections Established on the server

netstat

 

 

To get Detailed info on Ports Open, Ports Listening, Connections Established for TCP/UDP connections

netstat -a command would give the extended result of ports opened on the server and established connections and their current state for both TCP and UDP connections.

this command can be used to check if your application server (Tomcat,Weblogic,IIS) or any process running on the windows server has opened and listening on a certain port.

netstat -a

You can also use the netstat -an command to get faster results as netstat -a would take longer time in the name resolution of the remote foreign address

netstat -an

So, What is the Difference between netstat -a and netstat -an why the latter one is faster

Simply put, netstat -an command would only show the remote server IP addresses where netstat -a would try to resolve the name for that IP address. Thus netstat -an would be faster than the netstat -a

 

How to get the Process name [service name] along with connections - Who owns the port

Consider that you have any of the tomcat ,weblogic, websphere, Apache HTTPD, IIS, MSSQL server, Oracle DB  product running on the windows server

During issues, It might be necessary for you to validate which process owns which port. or would have wanted to know how many connections are currently open or established.

In Such cases, you can use the following command which would result in the great detailed info along with the process name (or) the binary name which opened the port or the connection.

You have to run the command prompt as Administrator [ Run as Administrator ] before running this command

netstat -ab

If you do not want the the Domain Name be displayed in the Foreign Address and OK with the numeric IP information. You can use netstat -anb as said earlier, adding an -n option makes the command faster

windows netstat command

 

Get the Process ID and Process Name of the Ports and Connections Open

In the previous example, with netstat -ab we were only getting the Process name who owns the port. not the Process ID.

Getting a Process ID of the process who owns the port would also be helpful in most of the cases.

To get the PID information you need to use -o option along with -ab

netstat -abo

Netstat windows command

 

 

Using -f option to get Fully Qualified Domain Names (FQDN) or Remote Address

With any preceding command, you can use the  -f option  to get the Fully Qualified Domain Names (FQDN)  of the remote address

netstat -afb

You cannot use -n with -f as one will compromise the other. The option-f is for FQDN where -n is for only numeric.

 

Look for a Specific Port or Process ID using FINDSTR [ equivalent to grep ]

How to make sure a Specific port is listening in windows

The windows netstat command output is so large and if you are looking for a precise port  or process or PID. you can use findstr , a windows equivalent for Linux  grep command

netstat -afb |findstr 8080

in the preceding snapshot you can see that findstr was used to check if port 8080 is open and tomcat is listening

 

 

Using Netstat in Script with Sleep interval. Monitor a Port status with Netstat

Let's suppose you want to monitor if a port is listening at a constant interval. Windows netstat command can accept sleep interval.

You can use any netstat command with a specific interval. The command will run in a loop with a Specified interval and it can be stopped with CTRL+C

netstat -abo 5|findstr  8080

here the interval is 5 seconds,

The netstat -abo command would run every 5 seconds until interrupted or stopped with CTRL+C

windows netstat command

 

 

Various other Windows Netstat commands and their usage

netstat has more to offer and here I have listed some of the command snippets and their usage as quick gist.

Display Routing table

netstat -r

Display only UDP connections

netstat -abp udp  -ab

Display only TCP connections

netstat -abp tcp  -ab

Display Detailed Ethernet and Connection Usage Statistics

netstat -es

 

 

Hope it helps

Thanks
Sarav AK

Follow me on Linkedin My Profile
Follow DevopsJunction onFacebook orTwitter
For more practical videos and tutorials. Subscribe to our channel

Buy Me a Coffee at ko-fi.com

Signup for Exclusive "Subscriber-only" Content

More from Middleware Inventory

  • How to Start Weblogic
    How to Start Weblogic Admin and Managed Server in Command Line

    The Objective In this post, we are going to see how to Start the Weblogic Admin and managed server in the command line. Presumably,  most of the weblogic servers in the industry is running in LINUX Operating System and So this article is designed for the Linux as well. Prerequisite…

  • vagrant up command stuck at checking if box is up to date - How to solve

    The Objective How to solve the situation where the vagrant up command gets stuck while checking if box is up to date . By default when you bring up the virtual machine provisioned with vagrant using vagrant up command.vagrant will look for the updates associated with the box and make…

  • Ansible Command
    Ansible Command Module Examples

    Ansible Command Module Introduction Ansible Command module is used to execute commands on a remote node. The Command module, is used mostly to run simple Linux commands on a remote node/server which is part of a host group or Stand alone server mentioned in the host group. If you want…

  • Ansible AD HOC Command Examples - Ansible Cheat Sheet | Devops Junction

    Ansible ad hoc commands are one-liners designed to achieve a very specific task they are like quick snippets and your compact swiss army knife when you want to do a quick task across multiple machines. To put simply, Ansible ad hoc commands are one-liner Linux shell commands and playbooks are…

  • Ansible Playbook Examples
    Ansible Playbook Examples - Sample Ansible Playbooks | Devops Junction

    In this post, we are going to see examples of Ansible playbook and various different modules and playbook examples with various modules and multiple hosts. We will start with a basic Ansible playbook and learn what is task and play and what is playbook etc. What is Ansible Playbook It…