In the article “NETSTAT base parameters can help you troubleshoot TCP/IP problems,” I introduced you to the NETSTAT command line utility and explained how to use its base parameters to investigate TCP/IP connections, as well as how to interpret the information that it displays. Since that time, I’ve received several requests from readers asking if I could create an HTML Application (HTA) interface for Windows XP’s version of the NETSTAT command like the ones I’ve created for other command line utilities.

I recently decided to embark on such an endeavor and have created an HTA that uses Windows Script Host and VBScript to give the NETSTAT command line tool a GUI front end. I call this HTA the NetStat Tool.

In this Daily Feature, I’ll introduce you to my NetStat Tool HTA and show you how to use it. As I do, I’ll show you how to take advantage of a new parameter added to Windows XP’s version of the NETSTAT command.

The Windows XP version

Earlier versions of the NETSTAT command had seven parameters. Windows XP’s version of the NETSTAT command has an additional parameter, -o, which I’ll describe later in this article. My NetStat Tool is designed for Windows XP, but will work in all versions of the Windows operating system. When using it in other Windows operating systems, just remember that the versions of the NETSTAT command in these earlier operating systems do not support this additional parameter.

A quick overview
As you may know from firsthand experience, one of the biggest problems in troubleshooting TCP/IP connectivity on a Windows network is filtering through all the different connections and services on a particular system. The goal of the NETSTAT command line utility is to help you identify the status of all the connections and determine which services are running.

This is the syntax for the NETSTAT command:
netstat [–a] [–e] [–n] [–s] [–p protocol] [–r] [interval]

You replace protocol with the specified protocol (either UDP or TCP) and replace interval with a specified interval in seconds.

To do its job, the NETSTAT utility uses the following parameters:

  • –a displays all active connections and listening ports
  • –e displays Ethernet statistics
  • –n displays addresses and port numbers in numerical form instead of using friendly names
  • –o displays all active connections along with the process ID (PID)
  • –s displays statistics categorized by protocol: TCP, UDP, ICMP, and IP
  • –p protocol shows connections for the specified protocol, either TCP, UDP, TCPv6, or UDPv6
  • –r displays the contents of the routing table
  • interval displays selected statistics, pausing interval seconds between each display

Downloading and installing the NetStat Tool
You can download the NetStat Tool by following this link or by clicking on the Downloads link in the navigation bar at the top of this page.

Once you download the archive file, manually installing the application on your hard disk is easy. To do so, create a folder called NetStat Tool. Then, unzip the archive file and copy the netstat.ico and NetStatTool.hta files to the NetStat Tool folder. The netstat.ico file provides the NetStat Tool with the icon that it uses for the control menu and taskbar. The NetStatTool.hta file is the main HTML application; simply double-click it to run the NetStat Tool program.

Using the NetStat Tool
Now that the NetStat Tool is installed on your system, let’s take a look at how you can save yourself both time and frustration by using the graphical user interface to easily configure and use the NetStat command.

To launch the NetStat Tool, simply double-click on the HTA file. When you do, you’ll see its main dialog box, as shown in Figure A. As you can see, the NetStat Tool contains a check box for each one of the NetStat command’s parameters. There are also text boxes in which you can type the appropriate protocol and interval values.

Figure A
The NetStat Tool’s dialog box has a check box for each one of the NETSTAT command’s parameters, as well as text boxes to allow you to enter the values for the protocol and interval parameters.

To see how you go about using the NetStat Tool as an interface to the NETSTAT command line utility, let’s take a look at a couple of examples. If you wanted to display all active TCP connections and available UDP ports, use numeric addresses instead of friendly names, but want to limit the protocol to only TCP, you’d simply select the first, third, and sixth check boxes and type TCP in the text box, as shown in Figure B. As you can see, filling in the NetStat Tool’s dialog box is much easier than typing on the DOS-based command line.

Figure B
To configure your NETSTAT command line, you simply select the check boxes associated with the appropriate parameters.

Once you fill in the dialog box, just click OK. When you do, you’ll see what basically amounts to a confirmation dialog box, which shows you the exact command line that you’ve configured via the NetStat Tool and prompts you to execute it, as shown in Figure C.

Figure C
The NetStat Tool shows you the exact command line that you’ve configured and prompts you to execute it.

When you click OK in the confirmation dialog box, you’ll see the Command Prompt window appear on top of the NetStat Tool dialog box, and you’ll see the results of the NETSTAT command, as shown in Figure D.

Figure D
The NetStat Tool opens a Command Prompt window and runs the DOS-based NETSTAT command for you.

When you close the Command Prompt window, you’ll once again see the Route Utility dialog box. This makes it easy to check your entry in case the results are not what you expected.

If the NETSTAT command displayed in the confirmation dialog box isn’t exactly what you wanted, you can click Cancel and return to the main NetStat Tool dialog box. When you do, you’ll see that everything is as you left it and you can modify your NETSTAT command line without having to start from scratch. Of course, you can remove any parameter by clearing the check box and pressing [F5] to refresh the dialog box, or you can simply choose an additional parameter by selecting a check box.

Getting assistance

If you need more details on any one of the NETSTAT command’s parameters, just click the Help button at the bottom of the dialog box. When you do, the Command Prompt window will open and display the command line help for the NETSTAT command.

In addition, you can find a more detailed explanation of the NETSTAT command’s parameters in the Windows XP Help And Support system, as well as on Microsoft’s Windows XP Web site.

If want to display all active TCP connections and available UDP ports, use numeric addresses instead of friendly names, and include the process ID (PID) for each connection, you’d simply select the first, third, and fourth check boxes as shown in Figure E.

Figure E
Using the new parameter in Windows XP’s NETSTAT command, you can track TCP connections by their process IDs.

The results displayed by the –o parameter are shown in Figure F.

Figure F
The last column in this display shows the PIDs associated with each TCP connection.

If you need to continue troubleshooting, you can then track various TCP connections in Windows Task Manager by associating their PIDs, as shown in Figure G. As you can imagine, this can be extremely valuable information when diagnosing TCP/IP problems.

Figure G
You can then link various TCP connections to their associated processes in Windows Task Manager.