Netstat

I have been researching info on a utility called netstat. There is surprisingly not much said about it, other than the multiple options that it support. Netstat is short for network statistics. It is a command line program. It actually comprises of many tools rolled into one. The main and default usage is to show active TCP/IP network connections. It includes incoming and outgoing connections. It will tell you the local and remote IP addresses, the port, the protocol, state of the connection, and optionally the program that opened the connection.

Netstat can show both TCP and UDP traffic. It can show the routing table. It also can show statistics for network protocols like Ethernet. The program was written by Fred Baumgarten. It is widely available on operating systems like UNIX, Windows, and Macintosh. The netstat program is allegedly replaced by the ss program on Linux machines.

One thing that might require some explaining is the state of the connection that the program displays. Here are the types of states and a description of each:
  • listening - waiting for reply from host
  • established - connection has been made
  • close_wait - the foreign host closed the connection, but you are still waiting for data
  • time_wait - you closed the connection, but it is still in a waiting state
The netstate program might show weird results if the underlying socket is changing. A good way to see what is going on is to repeatedly run netstat, possibly from a scripting program. I had mentioned that netstat can show the program that opened the connection. You can do that with the "netstat -b" option. However on Windows that requires elevated privileges.