Use Netstat to check your Windows PC network traffic

Updated on October 18, 2016

In my article "Best Windows 7 Commands to get you started", I introduced the very basic starter Windows command line "cmd's" to persuade people to open the Windows cmd prompt and give it a try.

I then followed up with a "Command Line part 2" hub, that dives a little deeper, but I left out a few, really good commands (quite a few, actually)....for a reason...

Most of the Windows cmd line commands available deserve an article to themselves, with a bit of explanation. The topic of this particular article is a good example of just that, and a good starting point. ...... the Windows command "Netstat".

Want to see who is connected to your PC right now? Grab that energy drink and let's get started!

First of all, open up your Windows Command prompt by typing "cmd" in the search window in the bottom right of your Windows 7 desktop.

Note - (I personally keep search off). I open the Run window by hitting the "Windows" key + "R" at the same time. Either way works for executables.

Then type "cmd" (without the quotes) and you'll see the Windows cmd prompt appear. (The black dos screen).

Next, within the cmd console, type "Netstat /?" (without the quotes) for a list of options and common usage.

You can read the list of options for yourself and experiment. In this article I'm going to cut right to the chase. In my world I use one set of parameters along with the Netstat cmd to see what connections my PC has.

Netstat -ano

  • Netstat -a will give you all of the connections and listening ports
  • Netstat -n will give you the foreign addresses in numerical form (critical for the next step in this article.... hint...hint)
  • Netstat -o will give you the process id associated with the connection, also good to know....

Combine the switches together ( -ano) with the Netstat command and you'll have a solid starting point to examine what network connections your PC currently has open.

Next, take a look at my screenshot below, see the column titled "Foreign Address"? That's the information we're looking for. We'll lookup these WAN IP's to see where and who they are coming from.

TIP -- You can read about WAN vs LAN IP addresses here.

Under my "Foreign Address" column I see 74.125.26.106:80

The WAN IP is 74.125.26.106 , the second part :80 , means "port 80" , or "http"

which is the port you mainly surf the web on.

So where does one go to find out WHO exactly 74.125.26.106 IS? Read on my friends and I'll show you.


TIP - It's a good idea to familiarize yourself with common TCP\IP ports, such as 80, 25, 53, and so on. Some basic port knowledge can really go a long way in your digital lifetime.

The first website I'll use to check an IP address is THE authority (literally) on IP addresses:

www.IANA.org --- Internet Assigned Numbers Authority.

When it comes to IP addresses, IANA is "Them" or "They". The people literally responsible for "DNS Root, IP Addressing, and other internet protocol resources".

The link we're interested in is right in the middle of their page -- "IP Addresses and AS Numbers". (see pic below).

Source

TIP - you can also bookmark www.iana.org/numbers , which is the IP lookup site I'm about to show you....

On the "numbers" page you'll see a world map along with the 5 main IP Registry authorities from all over the world. The very first place I'll search for my IP address information is ARIN (North American Region).

Note -- This is where I start first, because I live in the United States and most of my web traffic will be contained in this registry database. If you live elsewhere you may wish to start with the IP registry in your region.

Lets click on the ARIN registry, then search for information on our IP 74.125.26.106 address --->

See the "Search WhoIs" box in the top right corner? We'll type the address (or paste) and hit enter and see what we get.


Note --- If you get an address that's not in this registry, you will get referred to one of the other registry sites such as "Ripe" or "Lacnic". The layout on the sites vary a little bit, but on each you'll find a place to search for information on your address. I'll give you a table to reference below...

Tip - You may want to bookmark the numbers site, or, even better, add it to your IE "Favorites" Toolbar. In one of my latest articles I show you how to "Rock your IE favorites bar".

My iplookup on ARIN gave me google. AHA!
My iplookup on ARIN gave me google. AHA!

Easy right? Start looking at your IP addresses and you'll start to recognize certain ranges and patterns.

TIP - One of the first things I do as a network admin when a PC may be infected is pull it off the corporate network, put it on an external network, and use Netstat to check for activity.

Using Netstat and IANA, I can quickly check connections on a PC, as well as the ports being used and the associated Windows process ID (PID). I can then trace the WAN IP connection to a running process or program and go from there.....

Search Tips for the Registry Sites

Internet Registry
Link
Where on page
AFRINIC
Search WhoIS
Top Right
APNIC
WhoIs Search
Top Right
LACNIC
WhoIs
Middle Right
RIPE
Ripe Database Search
Bottom Right

Questions & Answers

    Comments

      0 of 8192 characters used
      Post Comment

      working

      This website uses cookies

      As a user in the EEA, your approval is needed on a few things. To provide a better website experience, turbofuture.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

      For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://turbofuture.com/privacy-policy#gdpr

      Show Details
      Necessary
      HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
      LoginThis is necessary to sign in to the HubPages Service.
      Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
      AkismetThis is used to detect comment spam. (Privacy Policy)
      HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
      HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
      Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
      CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
      Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
      Features
      Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
      Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
      Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
      Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
      Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
      VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
      PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
      Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
      MavenThis supports the Maven widget and search functionality. (Privacy Policy)
      Marketing
      Google AdSenseThis is an ad network. (Privacy Policy)
      Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
      Index ExchangeThis is an ad network. (Privacy Policy)
      SovrnThis is an ad network. (Privacy Policy)
      Facebook AdsThis is an ad network. (Privacy Policy)
      Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
      AppNexusThis is an ad network. (Privacy Policy)
      OpenxThis is an ad network. (Privacy Policy)
      Rubicon ProjectThis is an ad network. (Privacy Policy)
      TripleLiftThis is an ad network. (Privacy Policy)
      Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
      Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
      Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
      Statistics
      Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
      ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
      Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)