Netstat is used to display active TCP connections and related listening ports in the computer or system. Actually, there are more features provided by netstat like display statistics about network stack protocols, IPv4, IPv6, TCP, UDP, etc.

Netstat用于显示计算机或系统中的活动TCP连接和相关的侦听端口。 实际上， netstat提供了更多功能，例如有关网络堆栈协议，IPv4，IPv6，TCP，UDP等的显示统计信息。

netstat命令语法 (netstat Command Syntax)

The syntax of the netstat command is like below. Simply we can use the following options.

netstat命令的语法如下。 只需我们可以使用以下选项。

netstat OPTIONS

• OPTIONS will set different options and arguments about the netstat command behavior.选项将设置有关netstat命令行为的不同选项和参数。

显示带有侦听端口的所有TCP和UDP连接 (Display All TCP and UDP Connections with Listening Ports)

TCP is the most used protocol for the transmission of packets between different hosts. In a regular usage for a host, there will be a lot of TCP connections in different phases. We can display all these connections with -a option like below.

TCP是在不同主机之间传输数据包最常用的协议。 在主机的常规用法中，在不同阶段中将有许多TCP连接。 我们可以使用-a选项显示所有这些连接，如下所示。

> netstat -a

We can see that while listing listening ports following information about these ports is provided.

我们可以看到，在列出侦听端口时，提供了有关这些端口的信息。

• Proto is the protocol the listening port is running. Generally, TCP and UDP are used.

  Proto是侦听端口正在运行的协议。 通常，使用TCP和UDP。

• Local Address is the local or current system IP address and ports number. The IP address and the port number are delimited with the :. 0.0.0.0 means all local IP addresses or network interfaces where 127.0.0.1 means only localhost or current system.

  Local Address是本地或当前系统的IP地址和端口号。 IP地址和端口号以:分隔。 0.0.0.0表示所有本地IP地址或网络接口，其中127.0.0.1表示仅本地主机或当前系统。

• Foreign Address is the remote IP address which is initiated a connection. Like Local address, IP address and the port number are delimited with the :.

  Foreign Address是发起连接的远程IP地址。 像本地地址一样，IP地址和端口号用:分隔。

• State will provide the current status of the given port. A port can be listening which means accepting connections or CLOSED recently closed etc. More details about the port or TCP states can be found below.

  State将提供给定端口的当前状态。 端口可能正在侦听，这意味着接受连接或最近关闭的CLOSED等。有关端口或TCP状态的更多详细信息，请参见下面的内容。

netstat命令的TCP状态 (TCP States for netstat Command)

As we know TCP protocol provides reliable data transfer between hosts. TCP implements sessions to provide this reliability. From start to end there are different states in a TCP session. Here the sequence and meaning of TCP states.

众所周知，TCP协议可在主机之间提供可靠的数据传输。 TCP实现会话以提供这种可靠性。 从头到尾，TCP会话中有不同的状态。 这里是TCP状态的顺序和含义。

• LISTENING means the port is listening but do not have any connection with a remote host

  LISTENING表示该端口正在侦听，但与远程主机没有任何连接

• ESTABLISHED the connection established and communicating with the remote host

  ESTABLISHED连接并与远程主机通信

• TIME_WAIT the connection is in a wait situations

  TIME_WAIT连接处于等待状态

• CLOSE_WAIT the connection is the closing phase

  CLOSE_WAIT连接处于关闭阶段

• CLOSED the connection is closed

  CLOSED连接已关闭

• SYN_RECEIVED the sync flag received to start the connection

  SYN_RECEIVED收到sync标志以开始连接

显示以太网统计信息 (Display Ethernet Statistics)

Ethernet or MAC generally used for the same meaning. Ethernet is a Layer 2 protocol used to communicate in our LAN with other hosts and mostly with a gateway that is used to access other networks or the internet. We can list detailed information about the ethernet protocol. We will use -e option to list ethernet statistics.

以太网或MAC通常具有相同的含义。 以太网是第2层协议，用于在我们的LAN中与其他主机进行通信，并且大多数情况下与用于访问其他网络或Internet的网关进行通信。 我们可以列出有关以太网协议的详细信息。 我们将使用-e选项列出以太网统计信息。

> netstat -e

Following information about Ethernet Statistics will be provided.

将提供有关以太网统计信息的以下信息。

• Received column is used to specify the received sizes.

  Received列用于指定接收大小。

• Sent column is used to specify the sent sizes.

  Sent列用于指定发送的大小。

• Bytes is used successfully completed transfers.

  Bytes用于成功完成传输。

• Unicast packets generally related to the UDP protocol where there is no connection and session management.

  Unicast packets通常与没有连接和会话管理的UDP协议有关。

• Non-unicast

  Non-unicast

• Discards is the packets that are discarded because of the problems.

  Discards是由于问题而丢弃的数据包。

• Errors show the sizes of the packets where errors occurred.

  Errors显示发生错误的数据包的大小。

• Unknown protocols show the protocols currently unknown by the TCP/IP stack.

  Unknown protocols显示TCP / IP堆栈当前未知的协议。

显示端口和主机名的数字表示 (Display Numeric Presentation of Ports and Hostname)

Host and ports generally have numeric and text presentations. netstat command by default try to resolve the hostname and port name into text format. If we need to get the host and port numeric information like IP address and the port number we can use -n option.

主机和端口通常具有数字和文本表示形式。 默认情况下， netstat命令尝试将主机名和端口名解析为文本格式。 如果需要获取主机和端口的数字信息，例如IP地址和端口号，则可以使用-n选项。

> netstat -n

显示连接或端口进程ID(Display Connection or Ports Process ID)

All ports and connections are opened and managed by processes in the operating system. For example, Apache is a web server and uses TCP 80 for listening to HTTP requests. We can list processes id of given connection or port with -o option.

所有端口和连接均由操作系统中的进程打开和管理。 例如，Apache是​​Web服务器，并使用TCP 80侦听HTTP请求。 我们可以使用-o选项列出给定连接或端口的进程ID。

> netstat -o

We can see that also PID or Process ID is provided which is the current application process ID which listens given port and interface.

我们可以看到还提供了PID或Process ID ，这是侦听给定端口和接口的当前应用程序进程ID。

显示连接或端口进程名称 (Display Connection or Ports Process Name)

Like the previous example, we can list established connection or listening port process name with -b option. But this option requires Administrator privileges.

与前面的示例一样，我们可以使用-b选项列出已建立的连接或侦听端口进程的名称。 但是此选项需要管理员权限。

> netstat -b

We can see from the output that chrome.exe. established a connection with a remote host over https protocol.

从输出中我们可以看到chrome.exe. 通过https协议与远程主机建立连接。

显示完全合格的域名(Display Fully Qualified Domain Name)

Normally netstat will list hostnames in a simple manner and in a fast way. It can skip some domain names too. We can for netstat to print fully qualified domain names with -f option.

通常， netstat将以简单的方式快速列出主机名。 它也可以跳过某些域名。 我们可以让netstat使用-f选项来打印完全合格的域名。

> netstat -f

We can see that only resolved DNS names or fully qualified domain names are shown like oracle.com.

我们可以看到，仅显示解析的DNS名称或完全合格的域名，例如oracle.com 。

仅显示TCP协议 (Display Only TCP Protocol)

netstat command provides extensive filtering options according to protocols. We can provide a filter option with  -p and protocol name. In this example, we will filter and show only TCP protocol.

netstat命令根据协议提供了广泛的过滤选项。 我们可以提供带有-p和协议名称的过滤器选项。 在此示例中，我们将过滤并仅显示TCP协议。

> netstat -p tcp

As we can see there is no UDP protocol related port and connection information.

如我们所见，没有与UDP协议相关的端口和连接信息。

仅显示UDP协议 (Display Only UDP Protocol)

We can also filter and show only UDP protocol ports with -p udp option. Here we provided -a to list UDP too.

我们还可以使用-p udp选项过滤并仅显示UDP协议端口。 在这里，我们也提供了-a来列出UDP。

> netstat -p udp -a

As we can see there is no TCP related port or connection information in this example and all UDP ports are currently listening mode without a connection state. This is because the UDP protocol is a connectionless protocol that does not create a session for data transmission.

我们可以看到在此示例中没有与TCP相关的端口或连接信息，并且所有UDP端口当前都处于侦听模式，而没有连接状态。 这是因为UDP协议是不创建数据传输会话的无连接协议。

仅显示IPv4端口和套接字 (Display Only IPv4 Ports and Sockets)

We can use -p ip option to filter and show only IPv4 connections. This can be useful generally because the IPv6 protocol is not common.

我们可以使用-p ip选项来过滤和仅显示IPv4连接。 通常这会很有用，因为IPv6协议并不常见。

> netstat -p ip

仅显示IPv6端口和套接字 (Display Only IPv6 Ports and Sockets)

We can use -p ipv6 option to filter and show only IPv6 connections about the netstat command.

我们可以使用-p ipv6选项来过滤和显示有关netstat命令的IPv6连接。

> netstat -p ipv6

显示IPv4 ve IPv6统计信息 (Display IPv4 ve IPv6 Statistics )

netstat command provides a lot of statistical information about the network stack. These statistics provide detailed metrics about protocols. We can list this statistical information with -s option.

netstat命令提供了大量有关网络堆栈的统计信息。 这些统计信息提供有关协议的详细指标。 我们可以使用-s选项列出此统计信息。

> netstat -s

We can see that the following information about IPv4 and IPv6 protocol is provided.

我们可以看到提供了有关IPv4和IPv6协议的以下信息。

• Packets Received: The total IP packets received.

  Packets Received ：收到的IP数据包总数。

• Received Header Errors: The total number of headers errors of the received packets.

  Received Header Errors ：接收到的数据包的报头错误总数。

• Received Address Errors: The total number of address errors of the received packets.

  Received Address Errors ：接收到的数据包的地址错误总数。

• Unknown Protocols Received: The total number of protocols which is unknown.

  Unknown Protocols Received ： Unknown Protocols Received总数。

• Received Packets Discarded: The total number of packets that are discarded after received.

  Received Packets Discarded ： Received Packets Discarded的数据包总数。

仅显示TCP协议统计信息 (Display Only TCP Protocol Statistics)

We can only list TCP protocol-related statistics with -s -p tcp option.

我们只能使用-s -p tcp选项列出与TCP协议相关的统计信息。

> netstat -s -p tcp

As we can see from output there is the following information

从输出中可以看到以下信息

• Active Opens will list currently opened connection count. In this example, this is 104.

  Active Opens将列出当前打开的连接数。 在此的示例中是104。

• aPassive Opens will list open connections but not transferred any data recently. In this example, this is 15.

  “ Passive Opens将列出打开的连接，但最近未传输任何数据。 在此示例中，该值为15。

• Failed Connection Attempts will list connection tries or attempts not completed so there are no started connections which are 4.

  Failed Connection Attempts将列出连接尝试或未完成的尝试，因此不存在4个已启动的连接。

• Reset Connections will list connections that ended with the RST TCP flag.

  Reset Connections将列出以RST TCP标志结尾的连接。

• Current Connections will list currently opened connection count which is 5 in this example.

  Current Connections将列出当前打开的连接数，在此示例中为5。

• Segments Received will list the count of received TCP segments.

  Segments Received将列出收到的TCP段的数量。

• Segments Sent will list the count of sent TCP segments.

  Segments Sent数将列出已发送的TCP段数。

• Segments Retransmitted will list the count of retransmitted TCP segments.

  Segments Retransmitted将列出重传的TCP段的计数。

仅显示ICMP协议统计信息 (Display Only ICMP Protocol Statistics)

We can list only ICMP related statistics with -s -p icmp option.

我们只能使用-s -p icmp选项列出与ICMP相关的统计信息。

> netstat -s -p icmp

• Messages: ICMP Messages.

  Messages ：ICMP消息。

• Errors: ICMP Errors.

  Errors ：ICMP错误。

• Destination Unreachable: ICMP Destination Unreachable Messages.

  Destination Unreachable ：ICMP目标不可达消息。

• Echo Replies: ICMP Echo replies which are generally used for ping or ping command.

  Echo Replies ：ICMP回音回复，通常用于ping或ping命令。

显示路由表 (Display Routing Table)

Routing is used to set IP packets first-hop according to their destination. Our system route information can be listed with -r option.

路由用于根据IP数据包的目的地设置第一跳。 我们的系统路由信息可以使用-r选项列出。

> netstat -r

As we can see the default route is printed in the first line which IP address is 192.168.122.1 .

如我们所见，默认路由打印在第一行，其IP地址为192.168.122.1 。

交互式显示信息 (Display Information Interactively)

If we need to list given options output interactively to monitor the metrics we can use interactive mode. Interactive mode is enabled by providing interval value to print output. This feature does not needs any option we will only provide interval value which is 2 in this case.

如果我们需要以交互方式列出给定的选项输出以监视指标，则可以使用交互模式。 通过提供间隔值以打印输出来启用交互模式。 此功能不需要任何选项，在这种情况下，我们只会提供2间隔值。

> netstat -s -p tcp 2

翻译自: https://www.poftut.com/windows-netstat-command-tutorial-examples-list-network-ports-connections/