New Netstat Options


New?  Well some options are not that new really.  Others are however!

Sometimes it is the little things in life that can help immensely.  Take our venerable friend, netstat!  Even though it has been around for many moons folks often get into the habit of using only certain options, switches or parameters.   For reference purposes, the Windows XP Netstat options are documented here.  Unsurprisingly Windows 7 has more options than Windows XP.  Unsurprising Windows 10 has more options than Windows 7.....

The below is from a Windows 7 SP1 machine, which shows the options that are familiar to many.  Though there are a couple of options in there that may have squeeked by….

Windows 7 SP1 Netstat Options

For reference purposes, the options present in newer versions of Windows are covered at the bottom of this post.  There are some nice new additions, so read all the way to the end to review.

 

How I Typically Roll Nowadays

Typically I will be using netstat -anob when reviewing what services are currently listening.  For example on an Exchange 2010 CAS server to ensure that the static port assignment for RPC Client Access and the Address Book is as expected.

As shown below, the process names are directly available when running netstat.    A couple were highlighted to illustrate this in the image below:

Using Netstat To Show Process Names

 

How I Used To Roll

The below is an example of old way of getting process information.  If we run netstat –ano  we will get the PID, but then have to do additional steps to obtain the process information.

Using Netstat To Show Process IDs

In task manager, we can sort the PID column to then identify the process.  If the PID column is not present, you will have to add it.  Note that in current versions of Windows this is done by right clicking the column header along the top.  This is the yellow highlighted area below.  The big red arrow indicates the PID.  Unsurprisingly since we were looking at what was listening on TCP 25, it is Front End Transport (FET).

Using Task Mangler To Show Process Names

 

Alternatively we can use tasklist.exe or Get-Process

tasklist /FI "PID eq 13804"

Using Tasklist to Get Process Name From A PID

Get-Process -Id 13804

Using PowerShell's Get-Process To Get Process Name From a PID

Either way, that is a lot of overhead - it may be easier just to add the -b  option....

 

What’s New Pussycat

<courtesy link to Sir * Tom Jones>

This is a brief recap of what’s new and improved with the recent builds of Windows.

 

What’s new in Windows 7 that I might not have used?

-b  Displays the executable involved in creating each connection or listening port.   This was not present back with Windows XP RTM, it was added later in the build cycle.  Thanks to Dima for noting that!

 

What’s new in Windows 2012 builds?

-x Displays NetworkDirect connections, listeners and shared endpoints

-y  Displays the TCP connection template for all connections.  Cannot be combined with the other options.

 

For these new options the below is a brief explanation:

NetworkDirect NetworkDirect is widely used for high-performance computing (HPC) applications in which computational workloads are distributed to large numbers of servers for parallel processing. In addition, various financial markets trading workloads also require extremely low latency and extremely high message rates, which RDMA can provide.

The New-NetTransportFilter cmdlet allows you to map specific connections to specific profiles based on either port numbers or IP address.  The SettingName parameter can be set to:

  • Internet
  • Datacenter
  • Compat
  • Custom

What’s new in the Window 10/ 2012 R2 builds?

-q  Displays all connections, listening ports, and bound nonlistening TCP ports. Bound nonlistening ports may or may not be associated with an active connection.

 

This command is very useful as it allows you to see if you are out of dynamic ports (ephemeral ports) and running into port exhaustion issues.

 

 

Reference Screenshots

 

Windows Server 2012

Windows 2012 Netstat Options

 

Windows 2012 R2

Windows 2012 R2 Netstat Options

Windows 10  Anniversary Edition

Windows 10 Anniversary Edition Netstat Options

 

Windows 2000 Pro

Windows 2000 Pro Netstat Options

 

Windows XP RTM

Windows XP RTM Netstat Options

 

Windows XP SP3

Windows XP SP3 Netstat Options

 

 

Cheers,

Rhoderick

 

* – Yes, the Sir needs to be included!

Comments (4)

  1. Dima says:

    Hi Rhoderick,
    Unfortunately the option “-b” persists in the XP system, so don’t rely on the official documentation on 100% 🙂
    Sorry about Cyrillic text, cause I can’t find English XP anywhere, and a friend of mine help me with it taken picture from an old HP notebook.
    https://fromreallife.files.wordpress.com/2016/12/netstat.jpg

    1. Hi Dima,

      Yes – that is correct, it does! Though it was not present at RTM — was added at a later point in the build cycle. I dusted off at 15 year old ISO to have a play with this.

      Oh the memories…… I’m going to play the Windows XP setup music all night in honour of this!

      Cheers,
      Rhoderick

      1. Dima says:

        Yes, the memories… Thank you for your post, it’s cool as always. I bet this changes happened at SP2, when we get firewall enabled by default and many more juicy network changes. Anyway, without this page I would not touch those memories!

        Best regards,
        Dima

        1. Ys – that would be my assumption as well Dima. I felt dirty enough installing Windows 2000 Pro, XP RTM and XP SP3 so that can wait for another day 🙂

          Cheers,
          Rhoderick

Skip to main content