Hidden tools: Netstat

Microsoft has a tendency to hide useful utilities, so they're not always visible to users. Netstat is one of those utilities. This command is used to get information about the open connections on your system (ports, protocols being used, etc.), incoming and outgoing data and also the ports of remote systems to which you are connected. The Netstat command gets all this networking information by reading the kernel routing tables in the memory. Netstat is basically a program that accesses network related data structures within the kernel, then provides an ASCII format at the terminal. It can provide users with reports on their routing tables, TCP connections, TCP and UDP "listens", and protocol memory management.

The ASCII format at the terminal is arranged as follows:

Protocol: This can be TCP, UDP, or sometimes even, IP.

Local System Name: This is our machine name.

Remote System This is the non-numerical form of the system we are connected to.

Remote Port: This is the port of the remote system we are connected to.

State of the Connection: This is the state of your connection.

Netstat can also be useful tool to help detect Trojans, because it lists the ports being used. For example, if Netstat returns a port number of 12345(TCP) or 31337(UDP), you can be sure that you are being infected because 12345(TCP) is the port number used by the Netbus Trojan, and 31337(UDP) is

Requires Free Membership to View

the port number used by the Back Orifice Trojan. So you see this can be a very helpful tool.

This was first published in May 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.