Sometimes it is necessary to know which active TCP connections are open and running on a networked host. Netstat is an important network utility that can be used to verify those connections. Netstat lists the protocol in use, the local address and port number, the foreign address and port number, and the connection state.

Unexplained TCP connections can pose a major security threat, because they can indicate that something or someone is connected to the local host. Additionally, unnecessary TCP connections can consume valuable system resources, thus slowing down the host’s performance. Netstat should be used to examine the open connections on a host when performance appears to be compromised.

Many useful options are available for the netstat command. Click the buttons in Figures 1 through 5 to see the different information output from the netstat command.