Microsoft has a tendency to hide useful utilities, so they're not always visible to users. Netstat is one of those utilities. This command is used to get information about the open connections on your system (ports, protocols being used, etc.), incoming and outgoing data and also the ports of remote systems to which you are connected. The Netstat command gets all this networking information by reading the kernel routing tables in the memory. Netstat is basically a program that accesses network related data structures within the kernel, then provides an ASCII format at the terminal. It can provide users with reports on their routing tables, TCP connections, TCP and UDP "listens", and protocol memory management.
The ASCII format at the terminal is arranged as follows:
Protocol: This can be TCP, UDP, or sometimes even, IP.
Local System Name: This is our machine name.
Remote System This is the non-numerical form of the system we are connected to.
Remote Port: This is the port of the remote system we are connected to.
State of the Connection: This is the state of your connection.
Netstat can also be useful tool to help detect Trojans, because it lists the ports being used. For example, if Netstat returns a port number of 12345(TCP) or 31337(UDP), you can be sure that you are being infected because 12345(TCP) is the port number used by the Netbus Trojan, and 31337(UDP) is the port number used by the Back Orifice Trojan. So you see this can be a very helpful tool.
This was first published in May 2001