Working with the NETSTAT Command
When Windows has trouble communicating over a TCP/IP network, the common fix in the past was to use TCP/IP utilities such as PING and TRACERT to diagnose the problem. However, Windows XP takes network troubleshooting to a new level. While all of the standard TCP/IP troubleshooting utilities still exist in Windows XP, Microsoft has been kind enough to throw in several new troubleshooting utilities. In this article, we'll discuss one such utility -- the NETSTAT command.
The NETSTAT command is designed to help you quickly determine whether or not TCP/IP is working correctly. If TCP/IP is having problems, then NETSTAT can help you to determine where the problem is.
NETSTAT is a command line utility. To use this utility in its most basic form, you need only open a command prompt window and enter the command. When you do, NETSTAT will display a list of the current TCP/IP connections. The information presented on this screen includes the protocol (usually TCP), the local address (the MAC address), the foreign address (the IP address), and the connection state.
Entering the NETSTAT command with the -A switch causes the program to display all connections and listening ports. The result is a list that tells you which TCP and UDP ports that the machine is aware of, and which of those ports that the computer is presently listening to.
Sometimes, when you're troubleshooting a network problem, you may have questions as to whether any packets are flowing in or out of the machine at all. The NETSTAT command lets you quickly make such determinations when you enter the NETSTAT command with the -E parameter. The -E parameter tells NETSTAT to report the system's Ethernet statistics. You'll see information such as the number of bytes, unicast packets, non-unicast packets, discards, and errors that have been sent and received.
The cool thing about this utility is that it doesn't force you to treat TCP/IP as a single entity. TCP/IP is made up of many sub-protocols. If you enter the NETSTAT command with the -E and -S parameters, you can see a list of Ethernet statistics based on protocol. This means that you'll see the same list of sent and received bytes, unicast packets, etc., but this time, the list will be subdivided into categories such as IPv4, ICMPv4, TCP, and UDP.
The NETSTAT command even allows you to examine a single sub protocol by using the -P switch. Simply append the -P switch and the protocol name to any of the other command line switches, and the results will be based solely on the protocol that you specified. Your choices are TCP, UDP, TCPv6, UDPv6. When the -P switch is used in conjunction with the -S switch, you may also specify the IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6 protocols.
One of the biggest concepts in TCP/IP networking is routing. NETSTAT allows you to examine a computer's routing tables by following the NETSTAT command with the -R parameter. For each active route, NETSTAT will display the destination address, the net mask, the gateway, the interface, and the metric. Beneath this information, NETSTAT will display persistent routes seperately, NETSTAT also differentiates between the routes associated with each network interface on multihomed machines.
One other noteworthy thing that NETSTAT can do is to use an interval. Earlier, we looked at using this utility to look at the number of bytes that had been sent and received. When used in this manner, you see a static display of a value that's very dynamic. Therefore, you can use the INTRAVAL switch to specify how often NETSTAT should generate a new report. When you use the INTRAVAL switch, NETSTAT will continuously loop until you press CTRL+C.
As you can see, NETSTAT is a great utility for helping you to diagnose and repair TCP/IP problems.
Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense.