Netstat is a command that some Windows Server admins use every day, while others only use it when there is a problem. I fall into the latter category; I use netstat as a diagnosis tool when something has gone awry, or when I am trying to track something down.
The 10 parameters to the Windows netstat command can display scores of additional information for troubleshooting or everyday use. The most common iteration of netstat is to use the -a parameter, which displays all connections and listening ports. However, netstat displays useful information even without parameters. Here are some pointers on using the netstat command:Fully qualified domain name: The -f parameter will display the fully qualified domain name (FQDN) of the foreign address in the netstat display. This will resolve names internally and externally if possible. Figure A shows the FQDN resolution within netstat. Figure A Read my Windows Server 2008 tip on this sequence of commands, and see it in action in Figure B. Figure B
Note that the remote addresses pointing to the 192.168.1.220:3261 address are the Windows iSCSI initiator service and display differently than the other services listed.Display routing table: If you need to determine why one system has a different experience than another on the same network, netstat can display a route of the current system with the -r parameter. Figure D shows this in use (note the persistent routes section that would display any static routes added to the Windows Server). Figure D
These four netstat commands can greatly add to the troubleshooting efforts for Windows administrators. How else do you use netstat? Share your tips in the discussion.
Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.