# how do you use the netstat command?



## huntert (Aug 17, 2005)

i read that you can use netstat -n to see trojan activity. The book said that you need to look to see what is listening on the ports but can't good things be listening too? How can you tell if whatever is listening is friend or foe? thanks


----------



## mlegg (Dec 11, 2005)

Go to Start > to Run > type cmd and it opens the command window

now type in netstat (here you put the end of the syntax), so eg; netstat -a

-a Displays all connections and listening ports. 
-e Displays Ethernet statistics. This may be combined with the -s option. 
-n Displays addresses and port numbers in numerical form. 
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP. 
-r Displays the routing table. 
-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default. 
interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once. 


Once run you will see the protocal used and a local or foreign address with the state (closed, listening, etc)


----------



## johnwill (Sep 26, 2002)

NETSTAT /?

Provides a help screen to document the parameters. :smile:


----------

