What is netstat and how to use it

21.07.2020 6,575 0

For those of you, who want to know what netstat is, it is a software utility for network diagnostics with a command-line interface. You can get very precise data about your network and how your device communicates with the rest of the connected devices. It can show you Transmission Control Protocol (TCP) data, network interfaces, routing tables, and other network protocols (like UDP).

The great thing about netstat is that you can use it on many different operating systems. It is available for Windows (XP, Vista, 7, 8, and 10), macOS, Linux, and BSD.

Did we also mention that it is free?

Types of Statistics

The statistics that you will get with this command-line are:

  • Protocol – TCP or UDP
  • Local Address – The local computer’s IP and its port number.
  • Foreign Address – The remote computer’s IP and its port number.
  • State – The current state of the connection. For example, established, wait, closed, etc.

Syntax of netstat

This is what the netstat syntax looks like:

netstat [-a] [-e] [-n] [-o] [-p ] [-r] [-s] [<interval>]
Parameter Description
-a Shows all the active TCP connections, and ports (TCP and UDP) which the computer is using
-e Stands for Ethernet statistics. It shows packets and bytes sent and received. You can combine it with -s
-n Shows active TCP connections. The ports and addresses are shown just numerically without names.
-o Shows active TCP connections and the PID for each one. You can combine it with –a, -n, or –p.
-p <Protocol> Shows the connections for the selected Protocol (could be tcp, tcpv6, udp, udpv6, ip, ipv6, icmp, icmpv6). Can be combined with -s
-s Statistics for each of the protocols. You can combine it with -p
-r IP routing table content
<interval> Time in seconds that the information refreshes.
/? Calls out the help menu for additional information.
-f This one shows the FQDN (Fully Qualified Domain Name) for each of the foreign IPs.

There are some small differences, depending on your OS. Some of the options don’t work on all of them, and for some OSes, there are different options that perform the same action and additional options for other actions.

How to start netstat on different OSes?

It is really easy to start it, and it is actually built-in on most of the OSes. You probably won’t need to install it additionally.

Windows: If you are running Windows 10, you can open Run, type CMD and directly type in the Command Prompt.

macOS: For mac users, go to Applications, then Utilities, and open the Terminal there.

Linux and other OSes: in a very similar matter, you will need to open the Terminal.

Netstat examples

We have selected 6 examples of netstat commands for you. You can directly copy the commands and use them.

netstat -f

We could use this one to take a look at all the TCP connections and the FQDN, instead of just the IP addresses.

netstat -e -s

It will show statistics both for Ethernet and for all the protocols.

netstat -s -p tcp udp

Here we have specified the statistic for TCP and UDP only.

netstat -o 5

Here we use the option for showing the PIDs and also we specify a 5-second interval for a refresh.

netstat -n -o

Again we want to see the PIDs, but in a numerical form.

netstat -s -p icmpv6

This way you can see the statistic, but only for the protocol you want. In this case, it is the icmpv6.

You can also try different combinations on your own depending on your needs.


So, we hope you understood what netstat is. It is a very handy utility software for network diagnostics and troubleshooting. Now you can try it out and see if it suits your needs.

If you want us to explore another tool or utility, you can write it down in the comments. We can cover topics like Dig command, Ping command, Host command, NS lookup, Traceroute, and more.


Leave a Reply

Your email address will not be published.