Syntax and switches
The command syntax is
netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [-v] [interval]
A brief description of the switches is given in Table I below. Some switches are only in certain Windows versions, as noted in the table..Note that switches for Netstat use the dash symbol "-" rather than the slash "/".
Switch Description
-a Displays all connections and listening ports
-b Displays the executable involved in creating each connection or listening port. (Added in XP SP2.)
-e Displays Ethernet statistics
-f Displays Fully Qualified Domain Names for foreign addresses. (In Windows Vista/7 only)
-n Displays addresses and port numbers in numerical form
-o Displays the owning process ID associated with each connection
-p proto Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6.
-r Displays the routing table
-s Displays per-protocol statistics
-t Displays the current connection offload state, (Windows Vista/7)
-v When used in conjunction with -b, will display sequence of components involved in creating the connection or listening port for all executables. (Windows XP SP2, SP3)
[interval] An integer used to display results multiple times with specified number of seconds between displays. Continues until stopped by command ctrl+c. Default setting is to display once,
Applications of Netstat
Netstat is one of a number of command-line tools available to check the functioning of a network. (See this page for discussion of other tools.) It provides a way to check if various aspects of TCP/IP are working and what connections are present. In Windows XP SP2, a new switch "-B" was added that allows the actual executable file that has opened a connection to be displayed. This newer capability provides a chance to catch malware that may be phoning home or using your computer in unwanted ways on the Internet. There are various ways that a system administrator might use the assortment of switches but I will give two examples that might be useful to home PC users.