Another gem of a tool, netstat.exe can provide some useful information when troubleshooting a connection issue.  As a rudimentary packet watcher you can see when a connection has been made or is having trouble being made.  If you simply run the command without any arguments the help information will be displayed.  I usually run the command using the syntax “netstat –na” producing something like the following:

The useful information here is that I can see a connection with a server 131.107.1.71 over TCP 443.  The State being Established tells me that the connection is working and everything is fine.  No need for a network monitoring tool (WireShark) to see if my connection has been made or not…  There are a couple of State values that can be reported, each providing valuable information.

I can also see from this output that my computer is listening on TCP 3389.  This lets me know that the RDP service is configured to accept Terminal Service connections.  Again, a good place to check to see if a service and/or application has opened up a port that it should/shouldn’t have.  You can also use the command “netstat –nab” and see the executable that opened up the port in question:

Another excellent use is to see if you are having connection issues with another server.  For example, suppose you have recently installed Windows Server 2003 SP2.  Included in this Service Pack is a Scalable Networking Pack that is supposed to improve the network speed.  On some clients this seems to have a negative effect on the communication between client and server.  During my testing of a recent issue I used netstat and noticed that one of the connection states was SYN_SEND instead of ESTABLISHED.  This seemed odd to me and I worked closer with the firewall guys to see that my destination server was responding to the client connection attempt.  Being time to do a deeper inspection I opened up WireShark on my client and immediately noticed the Syn Ack coming back from the server was not being accepted by the client.  A little digging and I found several articles describing issues with Windows SP2 related to network connectivity.  After following some workarounds on the Technet pages I was able to get the connection to work again.

So the next time you are trying to see if a network connection has been successfully established you can do a quick “netstat –na” to see if the session has actually established.

One other thing…  In order to make life easier you can combine Netstat with Findstr to see only the results you want to see.  For example, suppose you wanted to see all 443 traffic to/from your computer.  You could use the syntax netstat –na 5 | findstr “:443” and the output would display only traffic over port 443, refreshing every 5 seconds.