The netstat command is a command line utility tool that is used to show the network status. The netstat command displays the TCP/IP network protocol statistics and information. The netstat command is used to display about how your computer is communicating with other computers or network devices. It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement. It is available on Unix-like operating systems including macOS, Linux, Solaris, and BSD, and is available on Windows NT-based operating systems including Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10.

Note: The availability of certain netstat command switches and other netstat command syntax may differ from operating system to operating system.

Netstat command syntax:

Netstat command will show the local IP address (your computer), the foreign IP address (the other computer or network device), along with their respective port numbers, as well as the TCP state.


-a = This switch displays active TCP connection with listening and display UDP port.

-b = This switch is like -o but instead of displaying the PID, will display the process actual file name. Using -b over -o might seem like it’s saving you a step or two but using it can sometimes greatly extend the time and it takes netstat to fully execute.

-e = This command is used to show network connection statistics. It shows the following details such as bytes, unicast packets, non-unicast packets, discards, errors, and unknown protocols.

-f = This switch is used to display the Fully Qualified Domain (FQDN) for each foreign IP address when possible.

-n = This switch can prevent network status from attempting to determine host names for a foreign IP address. This switch could considerably reduce the time it takes for netstat to fully execute depending on the current network.

-o = This switch option is for many troubleshooting tasks, the -o switch displays the process identifier (PID) associated with each displayed connection.

-p = This switch is used to display particular protocol connection.

-r = This switch is used to show the routing table.

-s = This switch is used to show detailed statistics by protocol and you can limit the statistics shown to a particular protocol by using -s option but use -s before -p protocol when using the switches together.

-t = This switch is used to show the current TCP chimney offload state in place of the typically displayed TCP state.

-x = This switch shows Network Direct listeners, connection and shared end points.

-y =This switch shows the TCP connection templates for all connection. You can’t use the -y with any other netstat option.

/? = This switch is used to show the details about the network status command’s several options.

time_interval = This is the time, in seconds, in which the netstat command re-executes automatically, and can be stopped by using Ctrl-C to end the loop.