Use Netstat to check your Windows PC network traffic

Updated on February 21, 2020

In my article "Best Windows 7 Commands to get you started", I introduced the very basic starter Windows command line "cmd's" to persuade people to open the Windows cmd prompt and give it a try.

I then followed up with a another command line article, that dove a little deeper, but I left out a few, really good commands (quite a few, actually)....for a reason...

Most of the Windows cmd line commands available deserve an article to themselves, with a bit of explanation. The topic of this particular article is a good example of just that, and a good starting point. ...... the Windows command "Netstat".

Want to see who is connected to your PC right now? Grab that energy drink and let's get started!

First of all, open up your Windows Command prompt by typing "cmd" in the search window in the bottom right of your Windows 7 desktop.

Note: (I personally keep search off). I open the Run window by hitting the "Windows" key + "R" at the same time. Either way works for executables.

Then type "cmd" (without the quotes) and you'll see the Windows cmd prompt appear. (The black dos screen).

Next, within the cmd console, type "Netstat /?" (without the quotes) for a list of options and common usage.

You can read the list of options for yourself and experiment. In this article I'm going to cut right to the chase. In my world I use one set of parameters along with the Netstat cmd to see what connections my PC has.

Netstat -ano

  • Netstat -a will give you all of the connections and listening ports
  • Netstat -n will give you the foreign addresses in numerical form (critical for the next step in this article.... hint...hint)
  • Netstat -o will give you the process id associated with the connection, also good to know....

Combine the switches together ( -ano) with the Netstat command and you'll have a solid starting point to examine what network connections your PC currently has open.

Next, take a look at my screenshot below, see the column titled "Foreign Address"? That's the information we're looking for. We'll lookup these WAN IP's to see where and who they are coming from.

Under my "Foreign Address" column I see

The WAN IP is , the second part :80 , means "port 80" , or "http"

which is the port you mainly surf the web on.

So where does one go to find out WHO exactly IS? Read on my friends and I'll show you.

TIP: It's a good idea to familiarize yourself with common TCP\IP ports, such as 80, 25, 53, and so on. Some basic port knowledge can really go a long way in your digital lifetime.

The first website I'll use to check an IP address is THE authority (literally) on IP addresses: Internet Assigned Numbers Authority.

When it comes to IP addresses, IANA is "Them" or "They". The people literally responsible for "DNS Root, IP Addressing, and other internet protocol resources".

The link we're interested in is right in the middle of their page: "IP Addresses and AS Numbers". (see pic below).


TIP: you can also bookmark , which is the IP lookup site I'm about to show you....

On the "numbers" page you'll see a world map along with the 5 main IP Registry authorities from all over the world. The very first place I'll search for my IP address information is ARIN (North American Region).

Note: This is where I start first, because I live in the United States and most of my web traffic will be contained in this registry database. If you live elsewhere you may wish to start with the IP registry in your region.

Lets click on the ARIN registry, then search for information on our IP address --->

See the "Search WhoIs" box in the top right corner? We'll type the address (or paste) and hit enter and see what we get.

Note: If you get an address that's not in this registry, you will get referred to one of the other registry sites such as "Ripe" or "Lacnic". The layout on the sites vary a little bit, but on each you'll find a place to search for information on your address. I'll give you a table to reference below...

Tip: You may want to bookmark the numbers site, or, even better, add it to your IE "Favorites" Toolbar. In one of my latest articles I show you how to "Rock your IE favorites bar".

My iplookup on ARIN gave me google. AHA!
My iplookup on ARIN gave me google. AHA!

Easy right? Start looking at your IP addresses and you'll start to recognize certain ranges and patterns.

TIP: One of the first things I do as a network admin when a PC may be infected is pull it off the corporate network, put it on an external network, and use Netstat to check for activity.

Using Netstat and IANA, I can quickly check connections on a PC, as well as the ports being used and the associated Windows process ID (PID). I can then trace the WAN IP connection to a running process or program and go from there.....

Search Tips for the Registry Sites

Internet Registry
Where on page
Search WhoIS
Top Right
WhoIs Search
Top Right
Middle Right
Ripe Database Search
Bottom Right

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2013 Jeff Boettner


    0 of 8192 characters used
    Post Comment
    • howlermunkey profile imageAUTHOR

      Jeff Boettner 

      3 months ago from Tampa, FL

      It seems like this article is gaining some traction, and I'm glad for those who read it. Many years ago, I remember having a client machine call out across to the other side of the planet at 12 pm exactly every day at lunch, while my cowkrer was off eating lunch of course. My router (Watchguard) showed the traffic in a nice little GUI (the whole network).....(Great Router). I saw the connection to an WAN IP Range I was aware of, so I ran virus scan on the machine...nothing. Ran through the procedure in this article and solved the issue, by backtracking the process, file, registry. Turns out they werer trying to send DAT files...(but couldnt get through my firewall TY). So the traffic failed, but I saw the attempt befoe it became a serious issue. I ended up blocking the entire offending country entirely at the WAN level on the router...since we did ZERO business with them.)

      At any rate, for your client, one of the best way to start forecnsics on your home c, is to see who (and where) a computer is talking to. Then you look at the app running the connection (SYS Tools -- Process Explorer). Once removed, run Malwarebytes, install and run ccleaner....and last but not least.... don't surf internet as "administrator". ****This is one of the most important tips you'll ever here. the wrong link, and uploaded malware has admin access immediately. Create an account (non admin), and use it for surfing the internet only. From any OS, click "ctrl" and "R" (or use search bar) and type computer management. Select users and groups...create a new user (non admin).

      And, if you go out in public a lot, use a VPN!

      Thanks again for your interest and comments! - jb

    • howlermunkey profile imageAUTHOR

      Jeff Boettner 

      3 months ago from Tampa, FL

      Hey Richard, Thanks for the feedback! It seems this article is gaining traction lately, and I'm glad. Back when I was a network admin, it was surprising what you could find on a client machine. My favorite was a scheduled task that would run every day when my coworker went to lunch....his computer was automatically calling the other side of the planet every day at lunch...uploading dat files

    • profile image

      Richard Nyarko 

      3 months ago

      thanks for the sharing information ...

    • profile image


      9 months ago

      Thanks for good sharing information...

    • howlermunkey profile imageAUTHOR

      Jeff Boettner 

      9 months ago from Tampa, FL

      Hey Bill thanks for stopping by!

    • profile image

      Bill Nye the High Guy 

      9 months ago

      Very nice, I like.

    • profile image

      Mahendra Kumar 

      15 months ago

      Thanks for sharing your valuable information.

    • profile image


      15 months ago

      nice article it is very helpful

    • profile image


      2 years ago

      very good article.

    • profile image


      2 years ago

      thankyou very informative

    • profile image

      Stefan Lehmann 

      6 years ago

      Very helpful article. Alas the link is broken


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)