Bill Detwiler: Netstat is a command that some Windows Server admins use every day, while others only use it when there is a problem.
Well, I'm Bill Detwiler, and during this episode of TR Dojo, I'll show you four netstat tricks that every Windows admin should know.
The netstat or "network statistics" command-line tool can help you gather a wide-range of network-related information -- like incoming and outgoing connection, the amount of traffic on a network, and the content of the IP routing table.
It's available on Unix, Linux, and Windows system. But, today, I'm focusing on the Windows version. Also, some of these tips will only work on Windows Vista and Windows Server 2008 or newer versions - and some require administrative permissions.
Now, you can use the netstat command by itself or with a parameter. There are 10 parameters for the Windows version of the netstat command. Each is used to display different information.
For example, the -a parameter displays all active TCP connections and TCP and UDP listening ports.
To help Windows admins get the most from the netstat tool, TechRepublic blogger Rick Vanover put together a list of four netstat parameter combinations that every Windows admin should know how to use.
The first is the netstat -f parameter combination.
When executed, this command will display the fully qualified domain name (FQDN) of the foreign address in the netstat display. This will resolve names internally and externally if possible.
Second is the netstat -a -n -o combination. This command will show you which process identifier (PID) has a specific port open. This can be a handy way to monitor traffic patters from one server to another. For more information on using this particular netstat combination, check out Rick's related article. I'll link to it from the TR Dojo blog.
Now, you can take your process investigation one step further by using the netstat -b combination. This will display the friendly name for each process that's created a connection or listening port.
And if you're wondering why the last two entries in this example look a bit different form the other, it's because these relate to the Windows iSCSI initiator service, and they're displayed differently than the other services.
The last parameter combination on our list of tricks can help you determine why one system may have a slower network connection than a similar machine on the same network.
Using the -r parameter with the netstat tool displays the current system's routing table. Having this information can help you determine if network traffic is being routed efficiently. Also, some malware can manipulate a local host's routing table. So, it's a good idea to regularly check its servers.
Well, that does it for this episode. For more Windows server tips ands tricks, check out TechRepublic's Servers and Storage blog or subscribe to our Servers and Storage newsletter. I'll link to both in the TR Dojo blog.
And as always, for more teachings on your path to becoming an IT Ninja, visit trdojo.techrepublic.com, or you can follow me on Twitter at twitter.com/billdetwiler.
Thanks for visiting the TR Dojo.
