Beruflich Dokumente
Kultur Dokumente
Netstat is a versatile tool catered for the windows platform by means of the MS-DOS (now a days referred to as
"Command Prompt") command line.
The main use of this command is for the quick overview of active ports on your machine and their status, i.e. listening
and connected ports, types of ports, and on UNIX, any open streams and a lot of other useful information. This helps
the user by notifying he/she which ports are open, which are closed and/or listening for incoming connections which
can give you an accurate assumption of how vulnerable your PC is to attacks on the respective ports.
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
and so forth until TCP/IP was reached. Note that this option
permissions.
option.
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
Active Connections
BLISHED
HED
ers.com:58955 FIN_WAIT_1
The first switch, a, is used as the syntax below:
p
This command lists all active connections including listening ports
Active Connections
[YahooMessenger.exe]
TCP Nida:1029 localhost:1028 ESTABLISHED 276
[YahooMessenger.exe]
[registrybooster.exe]
[registrybooster.exe]
[chrome.exe]
[chrome.exe]
[chrome.exe]
[chrome.exe]
[chrome.exe]
[registrybooster.exe]
TCP Nida:10435 localhost:1096 ESTABLISHED 1152
[registrybooster.exe]
[AvastSvc.exe]
[AvastSvc.exe]
[AvastSvc.exe]
[AvastSvc.exe]
[AvastSvc.exe]
BLISHED 456
[Skype.exe]
c:\windows\system32\WS2_32.dll
c:\windows\system32\WINHTTP.dll
[svchost.exe]
[Skype.exe]
1492
[AvastSvc.exe]
[AvastSvc.exe]
HED 1492
[AvastSvc.exe]
[Skype.exe]
[Skype.exe]
[AvastSvc.exe]
TCP Nida:1416 ww-in-f102.1e100.net:http CLOSE_WAIT 1492
[AvastSvc.exe]
p TIME_WAIT 0
Switch e
C:\Documents and Settings\Home>netstat /e
Interface Statistics
Received Sent
Discards 0 0
Errors 0 0
Unknown protocols 30
u
The e switch is a bit more complicated, this lists the statistics of your internet connection, including how many packets
were sent, recieved or how many bytes were recieved for example.
Switch n
C:\Documents and Settings\Home>netstat /n
Active Connections
The characters under the title "Proto" indicate the protocol type, in this case the only connections present include
TCP which means that you and the remote host are communicating via TCP.
The local address specifies the name of your computer on the network along with the port number you are using to
recieve connections which is randomly generated.
The foreign address lists the remote host's name and the port they are using to initiate the connection.
The state of the connection indicates exactly what it says, the state of the connection between a remote system and
yours. Below lists all of the possible states of connection.
The n switch is also fairly easy to understand, this lists all connections and remote computers in numerical form, this
being in IP form. For example if you are connected to IRC and you would like to view the server in numerical form, for
whatever reason that may be, you can use the n switch and it will transform the web address of it into an IP.
R
This switch lists active connections, combined with its PID (Process Identification Number)
R
Active Routes:
===========================================================================D
The r switch lists information for your ethernet card, netmask, gateway, network destination, etc.
Switch s
IPv4 Statistics
Datagrams Forwarded =0
Routing Discards =0
Reassembly Required =0
Reassembly Successful =0
Reassembly Failures =0
Fragments Created =0
ICMPv4 Statistics
Received Sent
Messages 606 36
Errors 0 0
Time Exceeded 14 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echos 0 35
Echo Replies 22 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Current Connections = 15
No Ports =2
Receive Errors =0
Switch v
Active Connections
Proto Local Address Foreign Address State
BLISHED
HED
C
interval
þ
The interval switch allows you to give your computer a specific time, or interval, inbetween netstat probings of your
active connections.