The netstat command displays the network connections that have been established, the port's which these connections are using, the routing table, the statistics related to an interface(eth0 etc) and statistics for a particular protocol(ipv4,ipv6,icmp). You can use it to see whether a trojan or a backdoor connection is established with your pc acting as a server to a client (remote pc).

The netstat command and its options are explained below:-

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

The options:-

-a :It displays all the connections and listening ports(the server listens for a connection to be established).

-b : It displays the program(executable) that is used for establishing connection.

-e: It displays the packet statistics at ethernet level. One often uses it along with the -s option.

-n: It displays the addresses in the numerical form(ip addresses) rather than using their names.

-o: It displays the owning process id that is a process id of the process that is using the connection. The process id's obtained can be used to check whether the process is malicious or not. You can check it by using the tasklist command with /SVC switch or can use process monitor to do the same and then by comparing the PID of the output with the output of the tasklist command, you can see whether the process is a malware and if it is the case then you should immediately check your computer for trojans and backdoors and try and terminate the process manually.

-p protocol: It displays the connection's that are established for the protocol mentioned. The protocol can be IPV4,IPV6,TCP,UDP etc.

-r : It displays the routing table. A routing table shows the interfaces, active routes under which it shows the gateway, the destination address, the subnet mask etc.

-s :It displays the statistics that are listed for each protocol seperately

-v: It is used along with -b and shows the sequence of components (ie dll's) used to establish connection.

interval: It displays the statistics after the seconds specified by the interval.

Example usages:

1) netstat -b -v : It shows the sequence of components used to establish connection for the processes listed by b option.

2) netstat -e -s: It displays the total bytes that are sent or received and the per protocol statistics.