Netstat is a command that some Windows Server admins use every day, while others only use it when there is a problem. I fall into the latter category; I use netstat as a diagnosis tool when something has gone awry, or when I am trying to track something down.
The 10 parameters to the Windows netstat command can display scores of additional information for troubleshooting or everyday use. The most common iteration of netstatis to use the -a parameter, which displays all connections and listening ports. However,netstat displays useful information even without parameters. Here are some pointers on using the netstat command:
Fully qualified domain name: The -f parameter will display the fully qualified domain name (FQDN) of the foreign address in the netstat display. This will resolve names internally and externally if possible. Figure A shows the FQDN resolution withinnetstat.
What process is running on the open port: Tracking down which process identifier (PID) has a port open is quite easy when netstat is run with the -a -n -o combination of parameters. Read my Windows Server 2008 tip on this sequence of commands, and see it in action in Figure B.
You can take this one step further with the implementation of friendly names for each process with the -b netstat parameter. This parameter requires administrative permissions and is shown in Figure C.
Note that the remote addresses pointing to the 192.168.1.220:3261 address are the Windows iSCSI initiator service and display differently than the other services listed.
Display routing table: If you need to determine why one system has a different experience than another on the same network, netstat can display a route of the current system with the -r parameter. Figure D shows this in use (note the persistent routes section that would display any static routes added to the Windows Server).