New? Well some options are not that new really. Others are however!
Sometimes it is the little things in life that can help immensely. Take our venerable friend, netstat! Even though it has been around for many moons folks often get into the habit of using only certain options, switches or parameters. For reference purposes, the Windows XP Netstat options are documented here. Unsurprisingly Windows 7 has more options than Windows XP. Unsurprising Windows 10 has more options than Windows 7.....
The below is from a Windows 7 SP1 machine, which shows the options that are familiar to many. Though there are a couple of options in there that may have squeeked by….
For reference purposes, the options present in newer versions of Windows are covered at the bottom of this post. There are some nice new additions, so read all the way to the end to review.
How I Typically Roll Nowadays
Typically I will be using netstat -anob when reviewing what services are currently listening. For example on an Exchange 2010 CAS server to ensure that the static port assignment for RPC Client Access and the Address Book is as expected.
As shown below, the process names are directly available when running netstat. A couple were highlighted to illustrate this in the image below:
How I Used To Roll
The below is an example of old way of getting process information. If we run netstat –ano we will get the PID, but then have to do additional steps to obtain the process information.
In task manager, we can sort the PID column to then identify the process. If the PID column is not present, you will have to add it. Note that in current versions of Windows this is done by right clicking the column header along the top. This is the yellow highlighted area below. The big red arrow indicates the PID. Unsurprisingly since we were looking at what was listening on TCP 25, it is Front End Transport (FET).
Alternatively we can use tasklist.exe or Get-Process
tasklist /FI "PID eq 13804"
Get-Process -Id 13804
Either way, that is a lot of overhead - it may be easier just to add the -b option....
What’s New Pussycat
<courtesy link to Sir * Tom Jones>
This is a brief recap of what’s new and improved with the recent builds of Windows.
What’s new in Windows 7 that I might not have used?
-b Displays the executable involved in creating each connection or listening port. This was not present back with Windows XP RTM, it was added later in the build cycle. Thanks to Dima for noting that!
What’s new in Windows 2012 builds?
-x Displays NetworkDirect connections, listeners and shared endpoints
-y Displays the TCP connection template for all connections. Cannot be combined with the other options.
For these new options the below is a brief explanation:
NetworkDirect NetworkDirect is widely used for high-performance computing (HPC) applications in which computational workloads are distributed to large numbers of servers for parallel processing. In addition, various financial markets trading workloads also require extremely low latency and extremely high message rates, which RDMA can provide.
The New-NetTransportFilter cmdlet allows you to map specific connections to specific profiles based on either port numbers or IP address. The SettingName parameter can be set to:
- Internet
- Datacenter
- Compat
- Custom
What’s new in the Window 10/ 2012 R2 builds?
-q Displays all connections, listening ports, and bound nonlistening TCP ports. Bound nonlistening ports may or may not be associated with an active connection.
This command is very useful as it allows you to see if you are out of dynamic ports (ephemeral ports) and running into port exhaustion issues.
Reference Screenshots
Windows Server 2012
Windows 2012 R2
Windows 10 Anniversary Edition
Windows 2000 Pro
Windows XP RTM
Windows XP SP3
Cheers,
Rhoderick
* – Yes, the Sir needs to be included!
