Netstat Explained | Everything you need to know

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

netstat is a really useful command line tool used to show network connections netstat stands for Network statistics and it can be used to identify open ports and different connections with remote hosts netstat is available on pretty much every operating system including Windows Mac OS and Linux so what does netstat actually do well computers are always making maintaining and closing connections these connections could be with printers other computers on the network web servers over the Internet or any number of things and by using the netstat command we can view the details of these connections let's look at this example this computer has opened certbros.com when it did that it made a connection to the web server hosting that page if we open a command line and run the netstat command we will see this connection the First Column shows the transport protocol being used so either TCP or UDP the second column shows the computer's local IP address and the port number being used then we have the foreign address this is the IP address of the remote host for this connection in this case the cert Bros web server this also shows the foreign Port being used and in this case is a web server so we're connecting using https which is the port number 443 and the last column shows the state of this connection now there are several possible States but the main ones are established for active connections such as this one listen for computers that are waiting for a connection and time weight which is a temporary state after a connection has closed now let's add some more connections here we have a few more web connections on Port 443 a printer connection and a network attached storage or Nas device as more connections are added we see more entries in our netstat output so as you're going through this video hopefully you're taking some notes if you're not what are you doing write this stuff down now there are many ways to take notes from Old School pen and paper to the various web tools such as Google Docs Evernote and OneNote now the one I personally use and the sponsor of this video is notion notion is in my opinion the best note taken app by far and it's completely free to use when I'm learning a new topic or command like netstat for example I write it all down in notion I can even use the power of AI to help me write my notes with the AI tool I can automatically write blog posts summarize my existing notes or my favorite AI feature automatically create outlines for my notes so I can go back and fill in once added I can access these notes from any device anywhere in the world this is perfect if I need to look up commands or notes when I'm at home at work or even on the road not only can you create notes but you have the power to create entire Wiki Pages you can manage your work and personal projects and the list goes on and on notion recently announced projects a fully fledged project management system that you can use to manage your work projects study plans goals or anything else that you want to keep track of I've been using this to build my own professional roadmap to keep track of everything that I want to achieve this year I have topics I want to learn the technical certificates I want to achieve some personal branding stuff and the soft skills I want to improve here I can add due dates priorities next steps and other columns to help keep me on track so if you're not already using notion to manage your notes and to track your tasks and goals click the link in the description remember it's completely free to use the only exception to this is if you want to add more AI than the free allowance in which case you can upgrade to the notion AI for just eight dollars a month they also have paid plans for those looking to use notion to run their businesses with large teams but that will not apply to most of you okay back to the video okay so that was the general idea of netstat now let's jump into my computer and take a closer look so it's worth pointing out that even though netstat is available on Windows Mac and Linux that the commands can differ slightly and in this example I'm going to be using Windows so I'm going to start by opening up the command line and I'm going to run that as administrator because some of these commands will require the permission so I'm going to right click run as admin except the prompt move that over here then I'm going to Simply type netstat and press enter now it's going to start to populate all of our connections this will take a moment so sometimes you need to be patient here as we can see we have some connections here even though the computer doesn't seem to be doing anything now this is a lab computer with nothing really running so yours will likely have a hell of a lot more than what we see here now this is because even though nothing obvious is running on this computer connections are constantly being made in the background an example of this could be the update services so this is netstat and its most basic form to be honest though we don't often run netstat like this and this is because it's incredibly slow to run the reason for the slowness is because netstat is trying to look up the hostname for each individual host address this lookup takes time and often we're not really bothered with it anyway so to solve this we can use command options to customize our output for example if we wanted to see all the results of netstat but without having to convert the IP addresses to host names we just type netstat dash n n stands for numeric meaning we only want to see the IP addresses not the translated host names so if I press enter here as we can see that was a lot quicker and now we only have the IP addresses not the hostnapes there are loads of options we can add when it comes to netstat to customize the output now let's look at the a option so we'll type netstat Dash a Dash a shows all connections and the ports this computer is listening on for incoming connection requests by default netstat only shows active TCP connections using the dash a option shows us everything so if I press enter here now we can see a lot more than before now we're seeing UDP and the port numbers we're listening on now let's say that instead of showing all connections or just the active TCP connections we want to filter this by protocol to do this we can use the dash Peak command so I'll type netstat click over here netstat Dash p and the dash P lets us specify a protocol to include in our output such as TCP UDP TCP V6 or UDP V6 so if I typed netstat Dash p oh TCP press enter is going to show me all of the TCP connections perfect and if I press up on the Arrow key and change that to UDP I'll be able to see any UDP connections and if I enter either TCP V6 or UDP V6 it will show us the IPv6 connections so another great option is the dash B command so if I go netstat Dash B this option adds the name of the executable to the output so if I were to press enter here we can now see the program names under each connection so there's lots of search app.exe here this is great if we're trying to figure out which programs are responsible for which connections and there is another option similar to the B command which is Dash o so if I type netstat Dash o instead of showing us the executable file names for each connection it shows us the unique process ID also known as the PID for this connection so if I press enter we will see all of our connections and their process IDs this is great if you're trying to troubleshoot a problem with a specific connection because you might have multiple connections that are using these same executable such as Google Chrome for example because the process ID is unique you can pinpoint this exact connection and maybe even stop it if you want to so if we were to look at one of these established connections so 2600 if I open up the task manager go over to the details Tab and we look for that number we will see quick order SVC host is the one causing that connection so if I were to close that that would disappear from this list but we won't do that now options are great because they let us customize our output however what makes them really powerful is when we combine the options for example if we wanted to see all connections we can run netstat Dash a as we saw before but we don't want this output to take forever so we can add our trustee dash n command to make sure that we're not trying to translate those host names but you don't actually need to type it out like this we can instead go Dash a n for all and numeric so if I press enter here again we're going to see all of the connections but this time is a lot quicker because we're not trying to translate those host names so let's try another example let's say we want to list all of the connections including the executable names and the unique process IDs so we run netstat Dash B for the executable names we can add o to include the process IDs and let's not forget our trusty end command to make sure this doesn't take forever again I'll press enter and now we have a very quick command that shows not only the executable name but also the local process IDs as well this really is where netstat commands become really useful and really powerful okay so I want to give you one last command example now this one is a bit of an extra bonus because it's not like the others if I clear off some of this now I say that because we're not actually looking at connections this time and this option is very different from the rest the option I'm talking about is the dash R option so if I type netstat Dash r this is going to show us the routing table of this machine so let me show you this if I press enter here we can see the routing table of this computer now this is really handy if you're a network engineer if you're trying to troubleshoot a networking problem now at the top if we scroll up we see the interfaces for this machine then we see the ipv4 table the First Column shows the destination address then the destination mask the Gateway which is where to send the data to and then we have the interface to send the data out of as we can see right at the top we have a destination address of 0.0.0.0 which means any address this is our default route the Gateway is 192.168.1.254 which is my router's IP address and the interface is my local interface below the ipv4 routing table we have the IPv6 table as well okay so they are some of the most common command options and examples on how to use them there are however more options that you can use with netstat to find a complete list of options you can type netstat forward slash question mark on Windows to show the help information or man netstat on Linux to see the help manual including the different options available so that is netstat a great little command to use to view all of your computer's connections if you like this video don't forget to give it a thumbs up leave a comment and subscribe and be sure to sign up for your free notion account down below other than that thank you for watching thank you [Applause] [Music]

Info

Channel: CertBros

Views: 16,483

Rating: undefined out of 5

Keywords: netstat, netstat command, netstat -r, netstat -a, netstat tutorial, networking

Id: c9sQqGilTjU

Channel Id: undefined

Length: 14min 38sec (878 seconds)

Published: Tue Jun 27 2023