The output table includes the protocol,
local address, foreign address, state, and Process Identifier (PID). The PID includes both the
number and the translated application name in square brackets ([]). Using this feature can be
time consuming and usually fails unless you??™re part of the Administrators group. The most useful
way to work with this switch is in combination with the ??“a switch. Type NetStat -a -b and
press Enter to see a connection-by-connection listing of who created a particular connection (see
Figure 11.4), which is very useful in pinning down unauthorized connections.
Figure 11.4
Discover precisely
who created each
connection on a server
by combining the
-a and -b switches.
-e Displays the Ethernet statistics, which include the amount of data sent and receive for general
data bytes, unicast packets, non-unicast packets, discards, errors, and unknown protocols.
You can combine this command line switch with the -s switch to receive a complete picture of
the Ethernet status.
-f Displays the Fully Qualified Domain Names (FQDN) for foreign addresses, which means
you have better access to other domain information.
GETTING NETWORK STATISTICS WITH THE NETSTAT UTILITY 301
-n Displays addresses and port numbers in numerical form.
Pages:
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727