NETSTAT Question
Hi,
If I do the following:
Check who is ports/connected:
1. Open START>RUN>CMD
2. Type this: "netstat -a" and Press ENTER
3. To Save who is connected, you could save to a text file: netstat -an
|find /i "listening" > c:\currentcons.txt
...then I get a result list like below....what lines tell me who is connected to the computer? I want to use this command on an IIS server to see who is connected. What tells me who is connected or if anyone is connected?
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP thaltin-p-mkt:4294 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:4306 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:4576 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:4827 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:dex_dev1 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:ms-sql-s localhost:1151 TIME_WAIT
TCP thaltin-p-mkt:1437 localhost:1151 TIME_WAIT
TCP thaltin-p-mkt:1440 localhost:1151 TIME_WAIT
TCP thaltin-p-mkt:netbios-ssn thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:netbios-ssn dexdenp01.dex.uswest.com:4
TCP thaltin-p-mkt:3044 denpds01.dexmedia.com:402 ESTABLISHED
TCP thaltin-p-mkt:4290 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:4290 denpvps02.dexmedia.com:net
TCP thaltin-p-mkt:4294 dexdenpdc06.dexmedia.com:1
UDP thaltin-p-mkt:401 *:*
UDP thaltin-p-mkt:402 *:*
UDP thaltin-p-mkt:407 *:*
UDP thaltin-p-mkt:microsoft-ds
UDP thaltin-p-mkt:isakmp *:*
UDP thaltin-p-mkt:1026 *:*
UDP thaltin-p-mkt:1027 *:*
UDP thaltin-p-mkt:1028 *:*
UDP thaltin-p-mkt:4609 *:*
UDP thaltin-p-mkt:4633 *:*
UDP thaltin-p-mkt:ntp *:*
UDP thaltin-p-mkt:netbios-ns *:*
UDP thaltin-p-mkt:netbios-dgm *:*
UDP thaltin-p-mkt:1900 *:*
C:\>THANKS!!
If I do the following:
Check who is ports/connected:
1. Open START>RUN>CMD
2. Type this: "netstat -a" and Press ENTER
3. To Save who is connected, you could save to a text file: netstat -an
|find /i "listening" > c:\currentcons.txt
...then I get a result list like below....what lines tell me who is connected to the computer? I want to use this command on an IIS server to see who is connected. What tells me who is connected or if anyone is connected?
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP thaltin-p-mkt:4294 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:4306 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:4576 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:4827 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:dex_dev1 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:ms-sql-s localhost:1151 TIME_WAIT
TCP thaltin-p-mkt:1437 localhost:1151 TIME_WAIT
TCP thaltin-p-mkt:1440 localhost:1151 TIME_WAIT
TCP thaltin-p-mkt:netbios-ssn thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:netbios-ssn dexdenp01.dex.uswest.com:4
TCP thaltin-p-mkt:3044 denpds01.dexmedia.com:402 ESTABLISHED
TCP thaltin-p-mkt:4290 thaltin-p-mkt.dex.dexmedia
TCP thaltin-p-mkt:4290 denpvps02.dexmedia.com:net
TCP thaltin-p-mkt:4294 dexdenpdc06.dexmedia.com:1
UDP thaltin-p-mkt:401 *:*
UDP thaltin-p-mkt:402 *:*
UDP thaltin-p-mkt:407 *:*
UDP thaltin-p-mkt:microsoft-ds
UDP thaltin-p-mkt:isakmp *:*
UDP thaltin-p-mkt:1026 *:*
UDP thaltin-p-mkt:1027 *:*
UDP thaltin-p-mkt:1028 *:*
UDP thaltin-p-mkt:4609 *:*
UDP thaltin-p-mkt:4633 *:*
UDP thaltin-p-mkt:ntp *:*
UDP thaltin-p-mkt:netbios-ns *:*
UDP thaltin-p-mkt:netbios-dgm *:*
UDP thaltin-p-mkt:1900 *:*
C:\>THANKS!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Inter,
what OS are you referring to here?
what OS are you referring to here?
RenitlahHelp,
Oops. Sorry. Too used to Win XP. However the explantion of the Established and Time_Wait statements in the output are still the same.
The Time_Wait state will exist for 4 minutes. This can be adjusted in the registry.
Oops. Sorry. Too used to Win XP. However the explantion of the Established and Time_Wait statements in the output are still the same.
The Time_Wait state will exist for 4 minutes. This can be adjusted in the registry.
**************************
Netstat
Displays protocol statistics and current TCP/IP network connections. This command is available only if the TCP/IP protocol has been installed.
netstat [-a] [-e] [-n] [-s] [-p protocol] [-r] [interval]
Parameters
-a
Displays all connections and listening ports. Server connections are normally not shown.
-e
Displays Ethernet statistics. This may be combined with the -s option.
-n
Displays addresses and port numbers in numerical form (rather than attempting name look-ups).
-s
Displays per-protocol statistics. By default, statistics are shown for TCP, UDP, ICMP, and IP. The -p option can be used to specify a subset of the default.
-p protocol
Shows connections for the protocol specified by protocol; protocol can be tcp or udp. If used with the -s option to display per-protocol statistics, protocol can be tcp, udp, icmp, or ip.
-r
Displays the contents of the routing table.
interval
Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+B to stop redisplaying statistics. If this parameter is omitted, netstat prints the current configuration information once.
**************************