Introduction to netstat

If you were going to ask me Mike you only get one networking tool.

What's it going to be.

Well I'd probably say pitching it but my second choice would be the popular net
stamp program one of the things that happens is that my computer is on a network
right now and actually on the Internet as well.

So there's all these connections going on at all times and I want to know who is my
computer connecting to at any given moment.

And that's what net stat does.

It is a text based command that allows you to see what connections are established
between your computer and other computers at any given moment.

So let's run that step to run that stat just get to a command prompt.

And type netstat

And these are the results that you're going to get.

So let's take a look what we're looking at.

First of all these are active connections that we have right now.

Each one of these is a separate connection.

So I've got wow about 15 connections going right now.

Most of them seem to be HTTPS so let's read it.

First of all it tells us what protocol it is TCP or UDP.

Then it says What's our local address which is pretty much always going to be our
own IP address.

The next value is your source port number that's always going to be an ephemeral
port there.

Then the foreign addresses who are we connected to.

So here's the name and then the protocol.

I don't like this so what we're gonna do is we're going to type net stat again.

So this time I'm going to use a dash n.

And when you do net stat dash n what that says is don't put nice words and stuff in
there.

Just give me the raw numbers.

So now it's telling me this is easier for me to read so I can see I've got a number
of other computers out in the world someplace and they're connected on port number
443.
Now the problem that you'll have with net stat when you first get used to it is
that you're not going to know what these port numbers are.

So remember you're going to be the client on this side and you know you're
connecting to this guy on 443.

So what is 443. (HTTPS)

Well that's where web browsers come into play pretty much guarantee it's my have
this web browser open as why it happened.

So what we'll do is we'll just do some research on port 443

So we take a look at port 443 and it tells us that it is HTTPS.

It's a secure connection.

So what what's really happening here is my web browsers open and I'm on secure web
sites now.

Just to let you know the browser that I run always will go to a secure Web site so
if I've got a choice at a particular spot to go to a regular web site it will
automatically is a security feature.

Go to HTTPS.

So all that's telling me right there is I've got a bunch of web stuff open.

Now you notice that I just close Chrome.

So over time if I keep running next stat around run it again you'll see that things
have gone from established down to time wait.

So what's basically happening here is that they've been closed but we're waiting
for the time out to kick in.

And this will eventually shut down completely.

Now after a while you'll start to notice that sometimes they don't close and that's
where things get a little bit interesting.

So one of the things you're often going to want to do is you're going to say OK
I've got all these programs running but you've got to keep in mind on your end
there is an executable program that's associated with every one of these.

So what I'm going to do is I'm going to run net stat again except this time I'm
going to do the minus B option.

Now watch what happens.

It says the requested program requires elevation.

What is neat.

What it's telling me is I have to run as an administrator.

So in Windows 8 I fire up a CMD right click and I hit Run as Administrator.

You're not going to be tested on how to set up run as administrator for different
OS but just be aware that that's there.

So it was a good read and stat might just be and it will show us who is making
these connections and right now this looks like to be a Windows connection itself.

So it's still running a little bit we're going to give him a moment.

OK.

So we can see we have a number of connections that we do be and he's seeking can
can donate different options and bunch of stuff shutting down.

So we basically only have one little connection left.

And I happen to know that that is a connection I have set up on one of my

applications and I want that to be there.

So that's good.

All right.

Now there's a couple of other options I want to run through.

You can type in o now when you type in o what that's going to give you is the
process ID.

Every program that's running on your computer has a process ID so I can hit task
manager
and I can use this to locate the process id that is is actually running that.

So let's take a look what do we got here.

1 3 2 8.

We go to task manager who's running 1 3 2 8 1 3 2 8 is Windows Explorer himself.

So again I've tested this when I know that this is a program that I want to run.

But any time you got something running and you're not sure what it is doing the net
stat o option will give you the process id and then you can actually go into Task
Manager if you have a more recent version of Windows.

And based on the process ID number you can figure out who exactly is doing all this
stuff to you.

There's a couple other things I want to show you.

For example one of the things is I'm actually running a web server on this
computer.

So I'm going to do a net stat except this time I'm going to do.

I'm going to do any because I like the numbers better than the letters and I'm
going to do a a means show me all active ports even the ones that I don't have
connections on right now.

And you get a big ugly list most of this stuff wait out here has to do with IPV V-6
which will cover in later episodes.
And he said double call and that's IPV six steps.

I'm going to ignore that for the time being.

But as you look through here here all these zillions of open ports you see this
there's nobody connected to it.

These ports are open so you can actually go through and look through all these Most
of this is stuff that comes with Windows for neighbor discovery and things like
that.

And we want them to be there it's good.

But every now and then you'll find something really interesting.

Like look great here.

See that 80.

That means your computer is listening on 80 nobody's connected to it but your

computer's listening on 80 which tells me that I'm running a web server and I
absolutely am it's really cool.

So these these are very powerful tools in terms of helping me watch what's open on
my computer.

You get good at it after a while 135 and for 45 that's naming convention 21 79 is
neighbor discovery and stuff like that.

But when in doubt all you do is go through here and start looking at this stuff to
understand what all of these mean.

There's one more tool.

One more flag I want to use and that's net stat

line so far.

Next step is are has absolutely nothing to do with net dead.

When you read that stat minus are the shows you your routing table.

So you can actually look at the routing table on your own individual computer just
by typing step minus our this is identical to typing in the command route net stat
is an amazingly powerful tool.

And I recommend you use it now for the record.

There is another tool it's not on the network.

But you ought to be aware of it.

It's called Process Explorer.

It's by Mark Russinovich with this cist internal site process explorer and TCP view
are two programs and he runs that are absolutely fantastic.

So anyway the important thing for the network plus is to appreciate that net stat
keeps track of all the connections we have.
And it also lets us know our listening ports whenever you run that stat always run
it with the mind is an option.

I like that because I like to see all the different port numbers because that's the
big clue to this.

Anytime you see a connection and you don't know what the port numbers are look it
up.

Nobody's got the stuff memorized.

The netstat command lists all open ports and network connections on a computer

Run netstat at the command prompt

Make sure to know the netstat switches displayed in this episode

-a -b -n -o -r