Pages

Thursday, March 13, 2014

Netstat tips - Finding open ports

Netstat is a command that some Windows Server admins use every day, while others only use it when there is a problem. I fall into the latter category; I use netstat as a diagnosis tool when something has gone awry, or when I am trying to track something down.
The 10 parameters to the Windows netstat command can display scores of additional information for troubleshooting or everyday use. The most common iteration of netstat is to use the -a parameter, which displays all connections and listening ports. However, netstat displays useful information even without parameters. Here are some pointers on using the netstatcommand:
Fully qualified domain name: The -f parameter will display the fully qualified domain name (FQDN) of the foreign address in the netstat display. This will resolve names internally and externally if possible. Figure A shows the FQDN resolution within netstatFigure A
What process is running on the open port: Tracking down which process identifier (PID) has a port open is quite easy when netstat is run with the -a -n -o combination of parameters. Read my Windows Server 2008 tip on this sequence of commands, and see it in action in Figure B.Figure B
You can take this one step further with the implementation of friendly names for each process with the -b netstat parameter. This parameter requires administrative permissions and is shown in Figure CFigure C
Note that the remote addresses pointing to the 192.168.1.220:3261 address are the Windows iSCSI initiator service and display differently than the other services listed.
Display routing table: If you need to determine why one system has a different experience than another on the same network, netstat can display a route of the current system with the -rparameter. Figure D shows this in use (note the persistent routes section that would display any static routes added to the Windows Server). Figure D
These four netstat commands can greatly add to the troubleshooting efforts for Windows administrators. How else do you use netstat? Share your tips in the discussion.

No comments:

Post a Comment