Command Prompt Tutorial 7 – Netstat made simple

Posted on 14/10/2009 by


Hey everyone, i know that it has been quite a while since i have posted on anarchia and i do apologize for that. My lack of online activity is due to an enormous pile of work
that has been piling up (who doesn't procrastinate!!! :) ). Anyway, since i've finally been able to get some free time (as you would notice) i figuerd that this would be a great
oppurtunity to talk about netstat and its uses (which i will post later). 

Netstat is a versatile tool that is used through the command prompt in the windows OS (also linux). As stated earlier, to access comand prompt it is necessary to search for
'cmd.exe'in the start menu and then run the program. This 'netstat command allows one to obtain a brief overview of active ports and their status on your PC. This enables one to find
out which ports are open, closed and have incoming connections. It also depicts the vunerability of your PC from attacks through these ports. For example a Hacker would be able to
attack you through the net by using simple command prompts (including net prompts) that track your IP and ports.

To begin using it you will have to open cmd.exe and then type netstat when the command prompt opens. Normally the file extension would already exist, if not, then type C:\Users\Username.
You should be able to get an output similar to the following


This output shows the ports open to your system. By observing the numbers on the left you can acquire your PC name, your TCP/IP protocols, local address , foreign address and status
of connection. The list under Proto shows the protocol type, at the moment its only TCP which means that the PC and the remote host are using TCP to communicate to each other.
Local address show your position in the network and are randomnly generated every time you connect. The foreign address depicts the remote host name and the port that is being used
as a connection. The state list on the right-most side shows the state of the connection itself. 

Established means that both hosts are connected.
Closing means that your remote host has accepted that you want to close a connection.
Listening means that your computer is waiting to receive a new/incoming connection.
SYN_RCVD means that a remote host wants to connect to your pc
SYN_SENT means that your pc has accepted to start a connection to a remote host.
LAST_ACK means that your pc needs to delete packets before closing the connection with the remote host.
Close_wait means that the remote host is trying to close the connection with your computer.
Fin_WAIT 1 A client is closing its connection
FIN_WAIT 2 Both hosts are going to close the connection.

Since i'm running out of time i guess that i'll have to leave it at that. However this should be enough as a starting point for a newbie to find out his/her ports and IP address.
Will add again soon.

Performance and Power

Picture courtesy Ezzk07
Posted in: Command Prompt