How to use netstat to monitor your current connections
Friday, 24 April 2009 09:47 | 
All Windows systems have implemented native tool allowing us to monitor current network connections as well as control what ports we have currently opened and what applications are listening on each port. We can use this simple tool for various purposes such as network connection troubleshooting, trojan and other backdoor application detection and security audits.
In this tutorial I will show you how to use netstat to monitor your current connections and how to make simple batch job to perform this monitoring task online.
First of all lets have a look what sort of options are offered by netstat:1. Go to menu Start>Run, type in cmd and press Enter or just press WINDOWS+R, type in cmd and press Enter.
2. Command prompt should pop up on your screen and next type in netstat /? and press Enter.
 |
| Pic. 01. |
To check what ports are open we will use command: netstat -a -n which shows us all open TCP and UDP ports. Some of this ports may be at established state that means there is already connection established to the remote host or may be at listening state which means that port is currently open and there is an application listening for incoming connections.
 |
| Pic. 02. |
In this case we can simply troubleshoot network connections for example: if we have DNS server running on our host but client machines cannot obtain DNS answers for their request, we can check if port 53 is opened and is at listening state by issuing netstat -a -n command. In this way we may check if there are any other ports open which could sugges that we have got some unwanted software installed such as trojan horses, key loggers or other backdoor applications.
To find out what application is listening on each port we can use netstat -b -v -n command. In this way netstat shows us what executables are involved in creating each connection.
 |
| Pic. 03. |
All commands above certainly shows us connection state at the time they have been issued. To perform simple online monitor which shows us connection state by probing port's states every second we can create very simple batch job script:
1. In command prompt type in: edit netstatmon.bat and press Enter.
2. Now we should be in editor's window with blue background, please input such batch code:
:start
cls
netstat -b -n
ping localhost -n 2 >NUL
goto start
3. Press Alt key and choose Save and than Exit.
 |
| Pic. 04. |
In this case I have used ping command to make small delay between each probe so we can observe how our connections are changing. Now put the window with command prompt next to IE window as shown on picture below.
 |
| Pic. 05. |
1. In command prompt launch our monitor by typing in: netstatmon.bat and press Enter.
2. Try to access any website in IE and observe how the connection is initiated in your command prompt window.
3. To stop running batch job press Ctrl+C and then confirm ending by inputing Y when asked to do that.
Last Updated ( Friday, 24 April 2009 12:00 )
Comments
I am from United and bad know English, give please true I wrote the following sentence: "Executive summary of object desktop 2007 object desktop is a layout of headline extraction sales divided to correct microsoft windows to begin a inventory of automatic manuals."
With respect :-(, Dogpiles stock ticker symbol.
Thank you for sharing. Will give it as a reference
link to this page on my blog. I am sure my visitors will find that very useful.
Thank you for sharing with us.
Very well information, lots of thanks to the author. It’s puzzling to me now, but in common, the helpfulness and significance is overpowering. Very much thanks again and best of luck!