A Beginner’s Guide to - netstat
Whether you are troubleshooting a slow internet connection, checking for unauthorized access, or just curious about what your computer is doing behind the scenes, netstat is the ultimate “Swiss Army Knife” for network diagnostics.
What is netstat?
The name stands for network statistics. It is a command-line utility available on almost every major operating system, including Windows, macOS, and Linux.
In simple terms, netstat shows you all the active connections your computer has with the outside world (and itself). It reveals which “ports” are open, who is talking to your machine, and how much data is being moved.
What Does It Actually Do?
Think of netstat as a security guard with a clipboard at the entrance of a building. It tracks:
- Active Connections: Every website or cloud service you are currently connected to.
- Listening Ports: Applications waiting for an incoming “phone call” (connection).
- Routing Tables: The internal maps your computer uses to decide where to send data.
- Interface Statistics: How many packets of data were sent or received (and if any were dropped/corrupted).
How to Use netstat
To use it, you don’t need to download anything. Just open your Command Prompt (Windows) or Terminal (Mac/Linux).
1. See All Active Connections
The most basic command shows you what’s happening right now.
- Command:
netstat -a - What it does: Lists all active TCP and UDP connections, as well as the ports your computer is “listening” on.
2. Show Numerical Addresses
By default, netstat tries to turn IP addresses into names (like google.com). This can be slow.
- Command:
netstat -n - What it does: Forces the output to show raw IP addresses and port numbers, making the command run much faster.
3. Identify the “Who” (The PID)
If you see a suspicious connection, you’ll want to know which app is responsible.
- Command (Windows):
netstat -o - Command (Linux):
netstat -p - What it does: Displays the Process ID (PID). You can then look up this ID in your Task Manager or Activity Monitor to find the specific app (e.g., Chrome, Spotify, or a virus).
Real-World Examples
Scenario A: Checking for “Phone Home” Malware
You notice your computer is sending data even when you aren’t using the browser. You run:
netstat -ano
You see a connection to an unknown foreign IP address on port 4444. You check the PID in Task Manager and find it belongs to a “Free Weather Tool” you downloaded yesterday. Time to uninstall!
Scenario B: Troubleshooting a Web Server
You’re a developer trying to run a local website, but it says “Port 8080 is already in use.” You run:
netstat -ano | findstr :8080 (Windows)
This tells you exactly which process is “hogging” the port so you can kill it and start your work.
Scenario C: Performance Check
If your internet feels sluggish, you can check for errors at the hardware level.
- Command:
netstat -e - What it does: Displays interface statistics. If you see a high number of Errors or Discards, you might have a bad Ethernet cable or a failing Wi-Fi card.
Common Flags Cheat Sheet
| Flag | Description |
|---|---|
-a |
Displays all connections and listening ports. |
-n |
Displays addresses and port numbers numerically. |
-p |
Shows the protocol (TCP, UDP, etc.) or program (on Linux). |
-r |
Displays the routing table (how your PC finds the gateway). |
-s |
Displays per-protocol statistics (how many bytes sent/received). |