Display current TCP/IP network connections and protocol statistics.
Syntax NETSTAT [options] [-p protocol] [interval]
-a Display All connections and listening ports. -e Display Ethernet statistics. (may be combined with -s) -n Display addresses and port numbers in Numerical form. -r Display the Routing table. -o Display the Owning process ID associated with each connection. -b Display the exe involved in creating each connection or listening port.* -v Verbose - use in conjunction with -b, to display the sequence of
components involved for all executables. -p protocol Show only connections for the protocol specified; may be any of: TCP, UDP, TCPv6 or UDPv6. If used with the -s option then the following protocols may also be specified: IP, IPv6, ICMP,or ICMPv6. -s Display per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; (The v6 protocols are not available under 2k and NT4) The -p option may be used to display just a subset of these. interval Redisplay statistics, pausing interval seconds between each display. (default=once only) Press CTRL+C to stop.
* Where available this will display the sequence of components involved in creating the connection or listening port. (Typically well-known executables which host multiple independent components.) This option will display the executable name in [ ] at the bottom, with the component it called on top, repeated until TCP/IP is reached. The -b option can be time-consuming and will fail unless you have sufficient permissions.
"Once you're on the network, you can do a command called NetStat - Network Status - and it lists all the connections to that machine. There were hackers from Denmark, Italy, Germany, Turkey, Thailand ..." ~ Gary McKinnon
Dommon.exe - GUI Domain Monitor
BROWSTAT - Get domain, browser and PDC info
ROUTE - Manipulate network routing tables.
PATHPING - IP trace utility
PING - Test a network connection
Equivalent bash command (Linux): trace - Find the IP address of a remote host