Solved

NETSTAT Question

Posted on 2004-09-14
4
1,440 Views
Last Modified: 2008-02-01
Hi,

If I do the following:

Check who is ports/connected:
1.  Open START>RUN>CMD
2.  Type this: "netstat -a" and Press ENTER
3.  To Save who is connected, you could save to a text file: netstat -an
|find /i "listening" > c:\currentcons.txt

...then I get a result list like below....what lines tell me who is connected to the computer?  I want to use this command on an IIS server to see who is connected.  What tells me who is connected or if anyone is connected?

C:\>netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State

  TCP    thaltin-p-mkt:4294     thaltin-p-mkt.dex.dexmedia.com:0  LISTENING
  TCP    thaltin-p-mkt:4306     thaltin-p-mkt.dex.dexmedia.com:0  LISTENING
  TCP    thaltin-p-mkt:4576     thaltin-p-mkt.dex.dexmedia.com:0  LISTENING
  TCP    thaltin-p-mkt:4827     thaltin-p-mkt.dex.dexmedia.com:0  LISTENING
  TCP    thaltin-p-mkt:dex_dev1  thaltin-p-mkt.dex.dexmedia.com:0  LISTENING
  TCP    thaltin-p-mkt:ms-sql-s  localhost:1151         TIME_WAIT
  TCP    thaltin-p-mkt:1437     localhost:1151         TIME_WAIT
  TCP    thaltin-p-mkt:1440     localhost:1151         TIME_WAIT
  TCP    thaltin-p-mkt:netbios-ssn  thaltin-p-mkt.dex.dexmedia.com:0  LISTENING
  TCP    thaltin-p-mkt:netbios-ssn  dexdenp01.dex.uswest.com:4706  ESTABLISHED
  TCP    thaltin-p-mkt:3044     denpds01.dexmedia.com:402  ESTABLISHED
  TCP    thaltin-p-mkt:4290     thaltin-p-mkt.dex.dexmedia.com:0  LISTENING
  TCP    thaltin-p-mkt:4290     denpvps02.dexmedia.com:netbios-ssn  ESTABLISHED
  TCP    thaltin-p-mkt:4294     dexdenpdc06.dexmedia.com:17047  ESTABLISHED
  UDP    thaltin-p-mkt:401      *:*
  UDP    thaltin-p-mkt:402      *:*
  UDP    thaltin-p-mkt:407      *:*
  UDP    thaltin-p-mkt:microsoft-ds  *:*
  UDP    thaltin-p-mkt:isakmp   *:*
  UDP    thaltin-p-mkt:1026     *:*
  UDP    thaltin-p-mkt:1027     *:*
  UDP    thaltin-p-mkt:1028     *:*
  UDP    thaltin-p-mkt:4609     *:*
  UDP    thaltin-p-mkt:4633     *:*
  UDP    thaltin-p-mkt:ntp      *:*
  UDP    thaltin-p-mkt:netbios-ns  *:*
  UDP    thaltin-p-mkt:netbios-dgm  *:*
  UDP    thaltin-p-mkt:1900     *:*

C:\>THANKS!!
0
Comment
Question by:RenitlahHelp
  • 2
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
InteraX earned 500 total points
ID: 12056015
Hi RenitlahHelp,

Anything with established at the end of the line is a current connection.
Anything with time_wait at the end of the line is a recent connection.
Anything listening is not connected.
If you type netstat -a -o it will tell you which PID owns the connection aswell.

You can then type tasklist /svc to see which processes and dll's are creating the connections.

Good Luck
;-)
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12056034
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/cnet/cnbd_trb_dnke.asp

******************************************************************
Netstat
Displays protocol statistics and current TCP/IP network connections. This command is available only if the TCP/IP protocol has been installed.

netstat [-a] [-e] [-n] [-s] [-p protocol] [-r] [interval]

Parameters

-a

Displays all connections and listening ports. Server connections are normally not shown.

-e

Displays Ethernet statistics. This may be combined with the -s option.

-n

Displays addresses and port numbers in numerical form (rather than attempting name look-ups).

-s

Displays per-protocol statistics. By default, statistics are shown for TCP, UDP, ICMP, and IP. The -p option can be used to specify a subset of the default.

-p protocol

Shows connections for the protocol specified by protocol; protocol can be tcp or udp. If used with the -s option to display per-protocol statistics, protocol can be tcp, udp, icmp, or ip.

-r

Displays the contents of the routing table.

interval

Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+B to stop redisplaying statistics. If this parameter is omitted, netstat prints the current configuration information once.

******************************************************************
0
 
LVL 8

Expert Comment

by:RevelationCS
ID: 12056166
Inter,

what OS are you referring to here?
0
 
LVL 16

Expert Comment

by:InteraX
ID: 12056221
RenitlahHelp,

Oops. Sorry. Too used to Win XP. However the explantion of the Established and Time_Wait statements in the output are still the same.

The Time_Wait state will exist for 4 minutes. This can be adjusted in the registry.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
XP pro; manually run services in registry? 15 28
Windows WEb Server sp2 13 523
Mystery using IF with Concatenate using MS Excel 10 716
Windows Services - Run a Program Grey Out 3 86
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question