How to analyze network conditions through netstat command

windows In the system DOS Of netstat command , It can display the current communication status in great detail . This command is used to count the traffic , And finding abnormal programs , All play a very important role .

Use netstat -r Check the current system Routing table

netstat -ano  enter . You can view all open ports on this computer .

-a Show all socket, Including what's being monitored .

-n Show address and port number in digital form .

-r Show core routing table , Same format “route -e”.

-t Displays the current connection offload status .

-v Show work in progress .

-p proto Show proto Specified protocol connection .

-b Shows the executables involved in creating each connection or listening port .

-e Display Ethernet statistics . This option can be used with -s Combination of options .

-f Displays the fully qualified domain name of the external address (FQDN).

-o Show the processes associated with each connection that you have PID.

-q Show all connections 、 Non listening for listening ports and binding TCP port .

-s Show statistics for each protocol .

-x Show NetworkDirect Connect 、 Listeners and shared endpoints .

-y Show all connected TCP Connection template . Cannot be used with other options .

1. Carry out orders netstat -a, It can show all current connections and open listening ports . These connections include those in progress , And the connection ready to be released .

   

2. 2

   If the external address of the above command is displayed in the host name, it is not convenient to view , Can execute the command netstat -n. So the external address will be in the form of IP Address to show .

   

3. 3

   Carry out orders netstat -b, You can query what application has established the current connection . This command , It is often used to troubleshoot abnormal programs ; For example, a Trojan horse has established an abnormal connection , Through this command, you can query the existence of the Trojan horse program .

   

4. 4

   You can also use the parameters following the command at the same time , In this way, the information displayed is more comprehensive , More conducive to practical analysis .

   

5. 5

   Carry out orders netstat -es Can show IPv4 and IPv6 And ICMP Network communication of . such as TCP Statistics of sent packets ,TCP Received packet statistics and other information .

   

6. 6

   If you just want to see TCP The situation of , Can execute the command netstat -ps TCP. Empathy UDP and ICMP The same is true .