Description: In this video He will shows us what we can do using netstat and what our device is doing.
netstat :- netstat is a command line tool that displays incomming and outgoing network connections, routing tables, number of interface.
You can use netstat in unix, Windows, Openrating systems.
Parameters
Parameters used with this command must be prefixed with a hyphen (-) rather than a slash (/).
-a : Displays all active connections and the TCP and UDP ports on which the computer is listening.
-b : Displays the binary (executable) program's name involved in creating each connection or listening port. (Windows XP, 2003 Server and newer Windows operating systems (not Microsoft Windows 2000 or other non-Windows operating systems)) On Mac OS X when combined with -i, the total number of bytes of traffic will be reported.
-e : Displays ethernet statistics, such as the number of bytes and packets sent and received. This parameter can be combined with -s.
-f : Displays fully qualified domain names <FQDN> for foreign addresses (only available on Windows Vista and newer operating systems).
-g : Displays multicast group membership information for both IPv4 and IPv6 (may only be available on newer operating systems)
-i : Displays network interfaces and their statistics (not available under Windows)
-m : Displays the STREAMS statistics.
-n : Displays active TCP connections, however, addresses and port numbers are expressed numerically and no attempt is made to determine names.
-o : Displays active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. This parameter can be combined with -a, -n, and -p. This parameter is available on Microsoft Windows XP, 2003 Server (and Windows 2000 if a hotfix is applied).[2]
-p Windows and BSD: Protocol : Shows connections for the protocol specified by Protocol. In this case, the Protocol can be tcp, udp, tcpv6, or udpv6. If this parameter is used with -s to display statistics by protocol, Protocol can be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6, or ipv6.
-p Linux: Process : Show which processes are using which sockets (similar to -b under Windows) (you must be root to do this)
-P Solaris: Protocol : Shows connections for the protocol specified by Protocol. In this case, the Protocol can be ip, ipv6, icmp, icmpv6, igmp, udp, tcp, or rawip.
-r : Displays the contents of the IP routing table. (This is equivalent to the route print command under Windows.)
-s : Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP protocols. If the IPv6 protocol for Windows XP is installed, statistics are shown for the TCP over IPv6, UDP over IPv6, ICMPv6, and IPv6 protocols. The -p parameter can be used to specify a set of protocols.
-t Linux: Displays only TCP connections.
-v : When used in conjunction with -b it will display the sequence of components involved in creating the connection or listening port for all executables.
Interval : Redisplays the selected information every Interval seconds. Press CTRL+C to stop the redisplay. If this parameter is omitted, netstat prints the selected information only once.
-h (unix) /? (windows): Displays help at the command prompt.
Source :- http://en.wikipedia.org/wiki/Netstat
Tags: netstat , monitor , network ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
fantastic tutorial. good explanation netstat series of command.
Yeh This Netstat Is very useful tool. specially you want to monitor the traffic incoming and outgoing traffic ! powerful tool :)