The netstat command displays the network connections that have been established, the port's which these connections are using, the routing table, the statistics related to an interface(eth0 etc) and statistics for a particular protocol(ipv4,ipv6,icmp). You can use it to see whether a trojan or a backdoor connection is established with your pc acting as a server to a client (remote pc).
The netstat command and its options are explained below:-
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a :It displays all the connections and listening ports(the server listens for a connection to be established).
-b : It displays the program(executable) that is used for establishing connection.
-e: It displays the packet statistics at ethernet level. One often uses it along with the -s option.
-n: It displays the addresses in the numerical form(ip addresses) rather than using their names.
-o: It displays the owning process id that is a process id of the process that is using the connection. The process id's obtained can be used to check whether the process is malicious or not. You can check it by using the tasklist command with /SVC switch or can use process monitor to do the same and then by comparing the PID of the output with the output of the tasklist command, you can see whether the process is a malware and if it is the case then you should immediately check your computer for trojans and backdoors and try and terminate the process manually.
-p protocol: It displays the connection's that are established for the protocol mentioned. The protocol can be IPV4,IPV6,TCP,UDP etc.
-r : It displays the routing table. A routing table shows the interfaces, active routes under which it shows the gateway, the destination address, the subnet mask etc.
-s :It displays the statistics that are listed for each protocol seperately
-v: It is used along with -b and shows the sequence of components (ie dll's) used to establish connection.
interval: It displays the statistics after the seconds specified by the interval.
1) netstat -b -v : It shows the sequence of components used to establish connection for the processes listed by b option.
2) netstat -e -s: It displays the total bytes that are sent or received and the per protocol statistics.
Ramandeep Singh Nanda
- I am Ramandeep Singh Nanda; I have a bachelor's degree in computer science engineering. have worked for Oracle in Fusion Middleware and IDM domain in the past. I am a self starter and like to explore new technologies and to blog about them. I am currently pursuing a Masters degree in Information Systems from New York University.
The following are the simple steps that show how you can use telnet to configure your router/modem or to connect to a remote host and how to...
In the last post , I had explained how you can use Retrofit API to consume Feedly’s feed search API. In this post, I will cover the int...
This tutorial provides you with tips on how to get a consistent 100fps or round about that. Prerequisites: a graphics card external b...
You might run into a scenario where you might require conditional authentication with Retrofit 2.0. This post provides an example of int...