What is Netstat Command: Functions, Usage & Network Insights

The netstat command, short for network statistics, is an indispensable tool for network administrators, professionals, and enthusiasts alike. It unveils a wealth of information about network connections, allowing users to troubleshoot and optimize their systems for better performance.

In this article, we will delve into the intricacies of the netstat command, exploring its purpose, utility, and various options at your disposal.

What is Netstat Command?

The netstat (short for network statistics) command is a command-line tool used for monitoring and managing network connections, interfaces, and routing tables on computer systems.

It displays valuable information related to network connections, listening ports, routing tables, and interface statistics for various network protocols such as TCP, UDP, and ICMP.

Netstat works on all major operating systems, including Windows, Linux, and macOS.

System administrators and network professionals use the netstat command to diagnose and troubleshoot network-related issues, monitor network performance, and identify potential security risks. By using different options with the netstat command, you can customize the output to display specific information relevant to your needs.

How to use netstat on Windows, Linux, and Mac systems?

To use the netstat command on Windows, Linux, and macOS systems, open the command prompt or terminal on your respective operating system and enter the netstat command followed by the desired options.

Here’s a brief overview of how to access the command prompt or terminal on each operating system:

  1. Windows:
    • Press Win + R to open the Run dialog.
    • Type cmd and press Enter to open the Command Prompt.
  2. Linux:
    • Press Ctrl + Alt + T to open the Terminal (this may vary depending on the Linux distribution).
  3. macOS:
    • Press Cmd + Space to open Spotlight Search.
    • Type Terminal and press Enter to open the Terminal app.

After opening the command prompt or terminal, you can use the netstat command with various options to obtain network-related information. The options differ slightly between operating systems.

Please note that for some commands, administrative privileges may be required. In such cases, open the command prompt or terminal with administrator/root privileges.

  • On Windows, right-click on the Command Prompt in the Start menu and choose “Run as administrator.”
  • On Linux and macOS, prepend the command with sudo and provide your password when prompted.

Keep in mind that the netstat command and its options may vary slightly between operating systems, so it’s essential to refer to the specific documentation for your system.

You can also use netstat --help (Linux/macOS) or netstat /? (Windows) to view the available options and their descriptions.

What is Netstat command

Netstat Command Syntax and Options

General Syntax

The netstat command generally follows the syntax of “netstat [option]” or “netstat [option] [interval]”, allowing users to view real-time network statistics with ease.

Common Options

There are several options available with the netstat command, each providing distinct insights into network activity. Some common options include:

  • -a: Lists all active connections and listening ports.
  • n: Displays numerical addresses instead of resolving hostnames.
  • -p: Shows the process ID (PID) associated with each connection.
  • -r: Displays the system’s routing table.
  • -s: Provides network protocol statistics.

What does Netstat do? – Practical Applications of the Netstat Command

The netstat command is used to print network connections, routing tables, interface statistics, and other network-related information on Linux and Windows systems.

Some of the main functions of netstat include:

  • Displaying active TCP/UDP connections, raw IP sockets, and listening ports. This allows you to see what connections are currently established on your system and what local ports are listening for incoming connections.
  • Showing network interface statistics such as the number of bytes and packets sent and received. This can be useful for basic network monitoring and performance analysis.
  • Displaying the routing table, which provides details on network routes and gateways being used for outbound connectivity.
  • Identifying the PROCESS ID (PID) and program name associated with each active network connection. This is important for detecting unauthorized connections or troubleshooting network issues related to a specific application.
  • Monitoring incoming and outgoing traffic for specific network interfaces. The netstat bandwidth monitoring options can provide basic insight into how your network bandwidth is being utilized.
  • Detecting potential malware or intrusions by displaying connections to unknown hosts or unusual listening ports. Netstat is often used as a first step in investigating anomalous network activity on a system.
  • Analyzing your network configuration by displaying information on IP addresses, ports, protocols, and connection states. Netstat output provides a view into how your network settings are applied at an operating system level.
  • Troubleshooting connectivity issues by identifying refused connections, timeouts, or high volumes of retransmissions and errors. Netstat can be a useful tool for pinpointing network problems.
FunctionLinux/macOS CommandWindows Command
Display active TCP and UDP connectionsnetstat -anetstat -a
Show interface statisticsnetstat -e or netstat -inetstat -e
Display the routing tablenetstat -rnetstat -r
Identify the PID and process name for connectionsnetstat -apnetstat -o
Monitor bandwidth usage for a specific network interfacenetstat -e or netstat -inetstat -e
Detect unauthorized connectionsnetstat -anpnetstat -anbo
Analyze your network configurationnetstat -ae or netstat -ainetstat -aeb
Troubleshoot connectivity issuesnetstat -snetstat -s

Some additional examples (for Windows):

  • Display TCP and UDP connections on port 80 (HTTP):
    netstat -ano | findstr “:80” –> This command uses findstr, for searching files and strings, to filter the output of netstat -ano for lines containing the “LISTEN” state.
  • Show only listening ports:
    netstat -ano | findstr “LISTEN”
  • Monitor inbound and outbound traffic on interface Wi-Fi (powershell command):
    PowerShell “Get-NetAdapterStatistics -Name ‘Wi-Fi'”
  • Sort connections by the number of bytes transmitted:
    netstat -anbo | sort c
  • Continuously refresh netstat output every 5 seconds:
    netstat -ano 5
  • Save netstat output to a file:
    netstat -an > connections.txt
  • Combine multiple options to filter and sort connections from a specific process:
    netstat -ano | findstr “PID_GOES_HERE” | sort c
  • You can use the following command to spot connections with an unusually high number of established connections, which could indicate a potential issue:

For Mac and Linux:

netstat -ant | awk ‘/ESTABLISHED/ {print $5}’ | cut -d: -f1 | sort | uniq -c | sort -rn

For Windows:

Get-NetTCPConnection | Where-Object { $_.State -eq “Established” } | Group-Object -Property RemoteAddress | Sort-Object -Property Count -Descending

To run this command in your command prompt, type powershell and press Enter to switch to the PowerShell environment. Then, copy and paste the command above and press Enter to execute it.

This command retrieves TCP connections, filters them only to show those with an “Established” state, groups the results by the remote address, and sorts the output in descending order based on the count of connections per remote address.

These are just a few examples to demonstrate the useful applications of the netstat command on Windows.

Netstat Alternatives and Complementary Tools

Netstat Alternatives

While netstat remains a widely-used utility, other tools, such as ss (socket statistics) and iproute2, offer similar functionality with additional features and improved performance.

Netstat Complementary Tools

Netstat can be supplemented with utilities like tcpdump, Wireshark, and nmap to provide a more comprehensive understanding of network activity and security.


The netstat command is an invaluable resource for anyone seeking to understand, troubleshoot, or optimize their network connections. With its multitude of options and detailed output, netstat offers a powerful means of assessing network health and identifying potential issues. In a world increasingly reliant on connectivity, mastering the netstat command can be the key to maintaining a secure, efficient, and responsive network environment.


What does the netstat command show?

The netstat (network statistics) command is a versatile networking tool that provides information about network connections, routing tables, interface statistics, and other network-related information. Here’s a brief overview of the information that netstat can show:

  1. Active connections: The netstat command displays active TCP and UDP connections on your system, including the local and remote addresses, port numbers, and connection states (e.g., ESTABLISHED, LISTEN, CLOSE_WAIT).
  2. Listening ports: Netstat can show you a list of TCP and UDP ports on which your system is listening for incoming connections. This can help you identify open ports and services running on your system.
  3. Interface statistics: Netstat can display statistics for network interfaces, such as the number of packets sent and received, errors, and dropped packets. This information can be useful for monitoring network performance and identifying issues.
  4. Routing table: The netstat command can show the routing table, which contains information about network routes and gateways used by your system for outbound connectivity. This can help you understand how your system is routing traffic and identify potential misconfigurations.
  5. Process information: Netstat can display the process ID (PID) and program name associated with each active network connection. This information can help you identify which processes are using network resources and detect unauthorized connections.
  6. Network protocol statistics: Netstat can also display statistics for various network protocols, such as TCP, UDP, and ICMP. This can provide insights into network performance and help identify potential issues or misconfigurations.

Leave a Reply

Your email address will not be published. Required fields are marked *