Netstat Commands - Network Administration Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hey guys hackersploit here back again with another video and in this video going to be taking a look at netstat and how to fully utilize it for network and system management or administration for that matter so for those of you who have not heard of netstat or what it does or how it can be useful netstat is essentially a command line a network utility tool that displays network connections for the tcp protocol uh routing tables and a number of other network interfaces and protocol statistics all right now for those of you who have used it before you can pretty much vouch for this or for any of the system administrators out there or network administrators you know that it is essential it is an essential tool for any of you to use if you are trying to monitor the active connections on a computer trying to uh sift through what connections are running what services are running etc you get the idea all right now netstat is pre-installed on windows and linux and using it is extremely simple and hopefully in this video i can cover uh some of the commands that make my life a whole lot easier and will help you sort through all the networking in regards to what's running on your computer all right so i'm just going to zoom in and you might have noticed that i'm running ubuntu here instead of windows for my current uh host operating system i'm not running this in a virtualized environment and i'll explain why in probably another podcast episode as the the story is quite interesting uh and what has happened over the last few days but i'll keep that out of this video so without any further ado let's get started now netstat as i mentioned is a very very simple tool to use but can be very compu confusing in regards to the results that you can enumerate uh so let's start off with the netstat command all right so if i'm just to hit netstat help and they'll bring up the help menu as you can see there's a lot of information that you can use and of course this is all in regards to a various networking functions and information that you can gather when we talk about all the arguments or parameters whatever you want to call them uh they can be sorted in various ways that will then give you a a very different representation of the data so uh by using both or any of these parameters together you you also can get a very very different uh bits of information together so we are not going to be looking at it from this i'll be simply showing you the commands and explaining what each of them does all right but you can definitely check out the manual uh four nets that if you want or you can just go through it through the help menu but the purpose of this video is to explain how to use it for uh network administration system administration etc you get the idea all right so let's start off with some of the basic commands that i think everyone should know the first one is the netstat ie command all right so the network the netstat ie command essentially displays all your network interfaces similar to what you'd have if you ran ifconfig or show ip addresses uh very very similar so you get all your interface that your interfaces that you currently have running so for example you have my ethernet 0 here i have my virtual uh my various virtual adapters here set up so you can definitely get a better idea of what network interfaces are running on the computer all right the other one that we have is the uh is the the r command or the r parameter that allows you to display your current routing table which is very very important because many of you really do not understand why a routing table is important so if i'm just to display uh use the netstat r command you can see that we have uh all the destination uh you have your destinations you have your gateway so you can essentially understand your gateway your gen mask and this is where i was explaining the various sizes of a network so uh by default you can see that the gateway is here in in regards i'll probably make another video explaining gateways but for now you can see that this is my current interface here i have the it's called enmp1so so don't worry about any of that right now i'll explain this later but for if you do want to display your current um routing table that's how you do it all right the other basic command that many of you use is the net stat uh the netstat c command the now the net start c command is going to print out a continuous output of information in regards to your current active connections whether it be tcp udp uh regardless of their state the the state could be uh listening established etc so if i'm just to hit enter you can see that it's just going to simply print out all the information that is currently available and it's not uh it's not going to stop there in regards to the current services that are that are active you can see that it's going to keep it running and irregardless of of their state it's simply just going to print them out so but you know sorting out the output of netstat is very simple to understand is and it's very intuitive so i'll definitely be going through this with you as well right now so what i'm going to do is i'm just going to a controller and c to terminate that and we can finally get started with the more interesting commands all right now if you want to list all connections that are currently connected uh you do that by typing in netstat uh a all right and that's that it will print out all your current uh active uh will not active all your current connections all right and i'll explain that right now so if we just go to the command right of e and look at the sorting out of data you have your protocol it can be tcp udp etc you have the local address where we have various ports running on my local address you can look at the foreign address which means these are currently running on my local host right now which makes sense because their state is set to listen so they've uh there is no current active connection but they are listening which means they're active they're waiting for a connection you then have the other state here which is established which uh is probably going to be my browser you can go ahead and take a look at the various ports you can see that the the foreign address is connecting to is via https so you can get a good understanding that this is connecting to a website all right so that will list all the active internet connections right over here and the established so it regardless of the state now i'll show you how to sift through this if you are looking for only particular states for example if you're looking for the listen state or the established state all right so let's get started with the other commands as well so that is how to sift through data now when you talk about the other information that was displayed here uh or i'll actually explain that when we talk about processes uh and the process ids all right now when you talk about sifting out data via protocol that can be either via tcp or udp that can be done again very very simply by typing in netstat and this is for tcp we use the active connections and we specify the protocol which is denoted by t in this case we are selecting tcp connections only so i'm going to enter and of course it's going to list out all the current active tcp connections and you can go and confirm that by looking at the protocol right over here so irregardless of the other bits of information here regardless of the state all we're focusing on now is the tcp uh is the tcp protocol all right so if we can do that for tcp we can definitely do it for udp so let's do that right now all right so we're going to just remove the t with the u command all right so u is u is meant to denote is actually denotes udp all right so i'm going to hit enter and these are the current udp connections right over here and of course the state is uh is non-existent because with udp you do not have a it's a connectionless protocol so i i'm pretty sure i explained that when i talked about the osi model in one of my earlier videos but you get the idea uh most of the connect connections you can see right over here are done via the net bios which makes a lot of sense as it does utilize udp all right so that is how to list all udp and tcp connections and now that i've explained how the data is sorted in regards to the various columns here you you have an understanding of how you can display the type of data you're looking for all right now if i'm talking about the state all right so let me just clear this up and i'll open up another tcp uh we'll say we want to uh the all the active tcp connections what i want to explain is if now we are focused on the state which is very interesting because if you are trying to look for various ports that could be open then you you you really need to know what ports are currently set to uh what ports have their state set to listen which means they do not have an established connection and they're simply listening so if you want to do that for tcp ports then all we need to do is type in netstat and we use the lp command all right and this will essentially be for uh well not lplt i'll get to that in a second this will essentially be for all the listening tcp ports all right so if i hit enter you can see it's going to sort it out very nicely for us and these are all the ports whose state is set to listen all right so this this can be very interesting and of course just generally speaking all are going to be running on my local host and this can give you a great idea of the services that are running on your computer now you can see one of the peculiar services that i have running regardless of the others is ssh and i'll explain uh how how you can actually search for various uh or particular protocols if that's the type of data you're looking for all the various ports that you're using you can essentially just pipe out your output and grep for the particular results but i'll get to that in a second so that is how to essentially look for all the listening tcp ports all right or how to display only the listening tcp ports now if you want to display the listening udp ports that is again can be done by typing netstat and we are looking for lu very very simple very intuitive all right and you hit enter and there are all the listening udp ports right over there so you can definitely get a better idea of what udp services are currently listening as well but as i mentioned this is not held to high regard because udp is a connectionless protocol so the state really does not matter for that now when you talk about process identification you can do that by typing in netstat p and i'll i'll explain what is happening right now so when i hit and let's start p you can see that um it's simply going to display all the current connections but with one exception it shows you the the current process which is very important you can see that in in addition to the state we now have the process id or the program that's running so we can now combine these various pieces of data by saying uh if i'm looking for all tcp connections but i also wanted to display um i only i also wanted to display the the process id i can do that by combining these two commands that we used earlier by saying and this is how this is really the power of net stats so if i'm looking for all tcp ports or all tcp connections uh but i also want to display the the process id i do that by typing in netstat and we use the ap for uh well well not ap 80 sorry 80 for all tcp connections and also we want to display their process id so i'm going to atp and i'm going to hit enter and it's going to display all their process ids right over here and of course uh you you you can get a better idea of the services that are running so you have firefox firefox we have synergy which is what i use as my mouse sharing my mouse and keyboard sharing solution so from this you're getting a better idea of what's going on now of these services that are running and you're understanding the power of netstat and how you can monitor what your computer is doing how it's connecting to the internet etc etc and what services are running all right so that is how to combine uh two of these commands and of course you can use them in in regards to whatever type of information you're trying to get all right now when we're when we're talking about um displaying the service name as i've already mentioned uh you can also use the netstat atp command so if i'm just to clear this up uh atp and you can see it's also going to display the same for us right over here so there we are you get uh this essentially displays all uh just as we did before but this is the correct way of typing it out and you get the various services with your process id running etc you get the idea all right now if you're looking as i've mentioned again for the uh you're looking for listening uh the listening connections for tcp that is uh uh in in in regards to the state okay so you're looking for only listening connections that can be done by typing in netstat uh and that's that tnl if i if i'm correct and there we are we do get only the listening connections or all the these uh we only get the services that are currently set to whose state is set to listen and you can get a better idea of what services are running so we have port 139 we have port 443 it's currently listening we have the ssh port open here and we have a better idea of what's going on here all right now this can also be done for udp and you do that by typing in unl now of course this is the official syntax or the preferred way of typing out these commands so unl and there you are that is for utp all right now some of the other commands or essentially uh as i've mentioned before you can actually look for specific port or service and this can be sorted out very very simply now when you're talking about list uh essentially looking for a custom port that can be done by using you can pipe on and grip and that's exactly what we're going to do so i'm just going to clear this out so if we are looking for a particular port all right so let's say i'm looking for port and if i'm to list the other the tcp connections right away you can see that we have ssh running and if i was looking for ssh only instead of running that command i can essentially write a simple script or simple command here so netstat and i can say nlp so nlp and i can pipe that and grip and i'm looking for port 22 i'm going to hit enter and there you are so it does show you all the various services that are running ssh or if you are running a so we have uh the tcp and ipv6 there as well so uh that is excellent so we can pretty much sort the data again i can do this for 443 sorry 443 and there we are it does give us the results that we're looking for so that is how to look for how to list connections that are active for a particular port now of course if ssh was not running [Applause] and let me just enter my password here and we run the previous command right over here with port 22. you can see that will not have any process running which is awesome and you can again see the power of netstat now it can be used you know to understand what's currently running on your computer all right uh you can also use uh another way of doing it which is uh what i also like using so netstat and of the reason i'm telling you all these other ways is so that you have a variety of options that you can use whatever you feel comfortable with or whatever is intuitive for you so i can grab this and i can i use the port 22 once more and hit enter and that doesn't display anything so let me just start the ssh service one more time enter my password here and we run that and there we are so that also displays the same information as well so that is how to essentially use netstat if you are a system administrator or network administrator and hopefully i've covered all of the important commands that will give you access or or give you an understanding of how you can use netstat to understand what current uh what's going on on your computer what connections are are currently active on your computer you get the idea so uh that's going to be it for this video guys thank you so much for watching if you have any questions or suggestions let me know in the comments section on my social networks on my website and i'll be seeing you in the next video peace [Music]

Info

Channel: HackerSploit

Views: 87,308

Rating: undefined out of 5

Keywords: hackersploit, hacker exploit, netstat, netstat command, netstat explained, netstat linux, netstat -a, netstat -ano, netstat mac, netstat -b, netstat.exe, netstat -r, netstat ano, command, linux, tutorial, useful windows commands you should know, useful windows networking commands, comand prompt, hacking, kali linux, 10 cool command prompt tricks you should know, tricks, network administrator, network admin

Id: bxFwpm4IobU

Channel Id: undefined

Length: 16min 19sec (979 seconds)

Published: Fri Feb 01 2019