find established connections from windows server

D_wathi used Ask the Experts™
Dear Experts

In windows server where the application server (CRM system)  is deployed this application which connects to multiple integrations like website , CTI, also configured office 365 smtp, the application logs are not giving us enough data hence from the windows server level how to find or get the log report , when the CRM application runs logic based on scheduler it triggers emails to the customers to check this from windows server level what to do please suggest, in linux think we can use netstat - tulnp, In windows server how to find the application which is running is it establishing connection to the remote services like smtp configured. for example
1.  would like to run the command where it lists  only the running smtp connections established
2. would like to run the command where it lists all the connections established to web server.
also is it possible to append to text file
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Outside of PowerShell, the command line to use would be NETSTAT:
netstat -a -b -e -f -n -o -r -s
- OR -
netstat -a -b -e -f -n -o

Open in new window

NETSTAT's usage is:
Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

  -a            Displays all connections and listening ports.
  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
  -e            Displays Ethernet statistics. This may be combined with the -s
  -f            Displays Fully Qualified Domain Names (FQDN) for foreign
  -n            Displays addresses and port numbers in numerical form.
  -o            Displays the owning process ID associated with each connection.
  -p proto      Shows connections for the protocol specified by proto; proto
                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
                option to display per-protocol statistics, proto may be any of:
                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  -r            Displays the routing table.
  -s            Displays per-protocol statistics.  By default, statistics are
                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
                the -p option may be used to specify a subset of the default.
  -t            Displays the current connection offload state.
  interval      Redisplays selected statistics, pausing interval seconds
                between each display.  Press CTRL+C to stop redisplaying
                statistics.  If omitted, netstat will print the current
                configuration information once.

Open in new window

You can add "> c:\FolderName\textfile.txt" to the end and it will recreate the text file each time it runs.

If you use the "interval" option then I would use the ">> c:\FolderName\textfile.txt" option to append to a text file rather than create a new one each time.

I would experiment with this command (especially the "-p proto" switch) to see if it gives  you what you need. If it doesn't, you may need some advanced tools either in PowerShell, VBA or something native to the CRM package to get what you need.


thanks for the reply, can you please help me understand outside of PowerShell means should I have to go to command prompt and run the below
netstat -a -b -e -f -n -o

request to please explain the steps in windows server , I would like to capture output of netstat -a -b -e -f -n -o to c:\FolderName\textfile.txt", please
1. Create a folder on your C-drive (or any local drive). In this case I will assume a folder named "NetStatOutput" on the root of the C-drive.
2. Go to the command prompt and run (I removed the -e, my fault, it shouldn't have been in there):
   netstat -a -b -f -n -o > C:\NetStatOutput\NSOutput.txt
3. Open the folder, double-click on NSOutput.txt and you will see the output in the text file
4. At this point, you have all output in a file and can search for SMTP then go from there ...

Hope that clarifies it for you (I apologize for my initial error with the -e)!

If you run the command again and want to append it to the original file, use the following and it will add the output of the second, third and subsequent runs to the same file:
   netstat -a -b -f -n -o >> C:\NetStatOutput\NSOutput.txt

> means redirect the output to a NEW file
>> means redirect and append the output to an EXISTING file

This is a very basic way to start troubleshooting.

You could also use a free utility from Microsoft; ... NetStat is a built-in command to get you started to see if you need something more sophisticated.
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.


this really a great help, how to execute netstat -a -b -f -n -o > C:\NetStatOutput\NSOutput.txt  for continuous 04 hours to capture entire log during this time period, the CRM application executes the  windows scheduler and performs the tasks for remote services. for example at 2.00pm to 4.00pm CRM system runs the scheduler and kicks the tasks where it connects to the remote services like website/email server for sending bulk mail etc and I would like to capture netstat report on all this connectivity,
1.  please help me how to frame the above netstat command to run continuously for some time period (from 2.00pm to 4.00pm) think this should happen background ,  can you help me this on windows server how to and also linux server how to please.
Linux, I do not know.

Windows: You could put this command (with the append statement) in a batch file and run via Windows Scheduler every X minutes then review the output ... to start. If you need something in a better format for something creating a more permanent record (beyond troubleshooting, then PowerShell / VBA may be the next step. Do you need assistance with (1) creating a batch file and (2) setting the schedule task?


yes please, it will be a great help if you can help me creating the batch file.
Easiest way is to open Notepad, paste in the netstat command with the >> statement in it and then save as something like "CRMNetStat.bat"

Rather than rewriting what a batch file can do, good explanations are:
1. Overall understanding -
2. Overall understanding with more detail -
3. Detailed understanding -

The Windows Scheduler can then be configured to run this command every so often - see with another odd but interesting batch file explanation at

I briefly searched Experts Exchange but don't see anything with a basic explanation of either of these items.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial