/ _ \ \_\(_)/_/ more on JOHLEM.NET _//"\\_ / \ 0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0 ================================================================================ NETSTAT CHEAT SHEET ================================================================================ 1. Command: netstat -a Description: Displays all active connections and listening ports. Example: netstat -a Expected Result: Lists all ports that are currently open or in use on the machine. 2. Command: netstat -b Description: Shows binaries (executables) associated with active connections. Example: netstat -b Expected Result: Displays the executables involved in creating each connection or listening port. 3. Command: netstat -e Description: Displays Ethernet statistics, like sent and received packets. Example: netstat -e Expected Result: Shows detailed network statistics for Ethernet connections. 4. Command: netstat -f Description: Displays Fully Qualified Domain Names (FQDN) for foreign addresses. Example: netstat -f Expected Result: Lists active connections with domain names instead of IP addresses. 5. Command: netstat -i Description: Shows network interfaces and their statistics. Example: netstat -i Expected Result: Provides statistics for each network interface on the system. 6. Command: netstat -n Description: Displays addresses and port numbers in numerical form. Example: netstat -n Expected Result: Shows all active connections with IP addresses and port numbers without resolving names. 7. Command: netstat -o Description: Shows active connections and includes the process ID (PID) for each connection. Example: netstat -o Expected Result: Lists active connections along with the PID of the process that owns each connection. 8. Command: netstat -p protocol Description: Shows connections for a specific protocol (TCP, UDP, TCPv6, or UDPv6). Example: netstat -p TCP Expected Result: Displays only TCP connections. 9. Command: netstat -r Description: Displays the routing table. Example: netstat -r Expected Result: Shows the network routing table, including interfaces, metrics, and destinations. 10. Command: netstat -s Description: Provides statistics by protocol (TCP, UDP, ICMP, IP). Example: netstat -s Expected Result: Detailed statistics for each protocol. 11. Command: netstat -t Description: Shows TCP connections only. Example: netstat -t Expected Result: Lists all active TCP connections. 12. Command: netstat -u Description: Shows UDP connections only. Example: netstat -u Expected Result: Lists all UDP connections. 13. Command: netstat -v Description: Provides verbose output. Example: netstat -v Expected Result: Displays additional details for connections and statistics. 14. Command: netstat -w Description: Displays raw network statistics. Example: netstat -w Expected Result: Shows raw network interface statistics. 15. Command: netstat -x Description: Shows Unix domain sockets. Example: netstat -x Expected Result: Lists active Unix domain sockets if applicable. 16. Command: netstat -C Description: Shows the routing table cache. Example: netstat -C Expected Result: Detailed information from the routing table cache. 17. Command: netstat --listen Description: Displays only listening sockets. Example: netstat --listen Expected Result: Lists sockets that are listening for incoming connections. 18. Command: netstat --statistics Description: Shows detailed network statistics. Example: netstat --statistics Expected Result: Detailed statistics for all protocols. 19. Command: netstat --tcp Description: Shows TCP protocol connections. Example: netstat --tcp Expected Result: Lists all active TCP connections. 20. Command: netstat --udp Description: Shows UDP protocol connections. Example: netstat --udp Expected Result: Lists all active UDP connections. 21. Command: netstat -c Description: Continuously displays network statistics (Linux). Example: netstat -c Expected Result: Updates and displays network statistics every second. 22. Command: netstat -l Description: Shows only the listening sockets. Example: netstat -l Expected Result: Lists sockets currently in listening state. 23. Command: netstat -q Description: Displays all multicast group memberships. Example: netstat -q Expected Result: Shows multicast group information. 24. Command: netstat -g Description: Displays multicast group membership information (Linux). Example: netstat -g Expected Result: Lists multicast group memberships for interfaces. 25. Command: netstat -m Description: Displays memory statistics (BSD systems). Example: netstat -m Expected Result: Shows statistics about network memory usage. 26. Command: netstat -s -p tcp Description: Displays detailed TCP protocol statistics. Example: netstat -s -p tcp Expected Result: Shows TCP protocol-specific statistics. 27. Command: netstat -s -p udp Description: Displays detailed UDP protocol statistics. Example: netstat -s -p udp Expected Result: Shows UDP protocol-specific statistics. 28. Command: netstat -s -p icmp Description: Displays detailed ICMP protocol statistics. Example: netstat -s -p icmp Expected Result: Shows ICMP protocol-specific statistics. 29. Command: netstat -W Description: Avoids truncating IP addresses (Linux). Example: netstat -W Expected Result: Displays full IP addresses without truncation. 30. Command: netstat --wide Description: Displays wider output for readability (Linux). Example: netstat --wide Expected Result: Outputs in a wider format for better readability. 31. Command: netstat --numeric Description: Shows numerical addresses instead of resolving hostnames. Example: netstat --numeric Expected Result: Lists connections with numerical IP addresses. 32. Command: netstat --numeric-hosts Description: Shows numerical host addresses. Example: netstat --numeric-hosts Expected Result: Displays host addresses in numerical form. 33. Command: netstat --numeric-ports Description: Shows numerical port numbers. Example: netstat --numeric-ports Expected Result: Displays port numbers numerically. 34. Command: netstat --numeric-users Description: Shows numerical user IDs. Example: netstat --numeric-users Expected Result: Displays user IDs numerically. 35. Command: netstat --protocol=inet Description: Shows statistics for inet protocol family. Example: netstat --protocol=inet Expected Result: Lists connections for IPv4. 36. Command: netstat --protocol=inet6 Description: Shows statistics for inet6 protocol family. Example: netstat --protocol=inet6 Expected Result: Lists connections for IPv6. 37. Command: netstat --route Description: Shows kernel routing information. Example: netstat --route Expected Result: Displays the kernel routing table. 38. Command: netstat --unix Description: Shows Unix socket information. Example: netstat --unix Expected Result: Lists active Unix domain sockets. 39. Command: netstat --verbose Description: Provides more detailed information. Example: netstat --verbose Expected Result: Displays verbose output including errors and other messages. 40. Command: netstat --interfaces eth0 Description: Displays statistics for a specific interface (e.g., eth0). Example: netstat --interfaces eth0 Expected Result: Shows detailed statistics for the specified network interface. 41. Command: netstat -an Description: Shows all connections and listening ports numerically. Usage in Security: Useful for identifying unauthorized or suspicious connections. Example: netstat -an Expected Result: Lists all connections and listening ports without resolving names, which helps in quickly spotting unusual foreign addresses. 42. Command: netstat -ano Description: Shows all connections with the process ID (PID) numerically. Usage in Security: Helps in correlating network activities with specific processes, crucial for identifying malicious processes. Example: netstat -ano Expected Result: Displays all active connections with corresponding PIDs, aiding in process-level security analysis. 43. Command: netstat -s Description: Displays per-protocol statistics (TCP, UDP, ICMP, IP). Usage in Security: Useful for diagnosing DDoS attacks or other network anomalies. Example: netstat -s Expected Result: Provides detailed statistics for each protocol, helping in identifying unusual traffic patterns. 44. Command: netstat -r Description: Shows the routing table. Usage in Security: Essential for checking if there are any unexpected or malicious routes that could redirect traffic. Example: netstat -r Expected Result: Reveals the network routing table, highlighting any anomalous or unauthorized routes. 45. Command: netstat -plnt Description: Shows listening ports with process names (Linux). Usage in Security: Identifies services that are listening on the network, which could be potential security risks. Example: netstat -plnt Expected Result: Lists all listening TCP ports with the process name, aiding in uncovering unauthorized services or open ports. 46. Command: netstat -b (Windows) Description: Shows binaries associated with each connection. Usage in Security: Helps in identifying which executable files are initiating network connections. Example: netstat -b Expected Result: Links network activity to specific executable files, crucial for detecting malware communications. 47. Command: netstat -tuln Description: Lists active listening ports numerically (Linux). Usage in Security: Useful for quickly identifying open ports on the system. Example: netstat -tuln Expected Result: Displays listening TCP and UDP ports, crucial for spotting unauthorized open ports. 48. Command: netstat -w 1 (Linux) Description: Displays network statistics refreshed every second. Usage in Security: Helps in real-time monitoring of network traffic. Example: netstat -w 1 Expected Result: Continuously updates network statistics, useful for live monitoring during a security incident. 49. Command: netstat -i Description: Shows network interfaces and their statistics. Usage in Security: Useful for identifying abnormal data packets transmitted or received by network interfaces. Example: netstat -i Expected Result: Provides statistics for each network interface, helping in detecting unusual network activity or data breaches. 50. Command: netstat --ip (Linux) Description: Displays IP statistics. Usage in Security: Helps in analyzing IP-level communications and detecting irregularities. Example: netstat --ip Expected Result: Shows detailed statistics about IP-level traffic, useful for diagnosing network layer attacks or anomalies. 51. Command: netstat -su Description: Shows UDP statistics. Usage in Security: Useful for detecting unusual UDP traffic which could indicate a DDoS attack or reconnaissance activity. Example: netstat -su Expected Result: Provides UDP traffic statistics, aiding in spotting abnormal UDP activities. 52. Command: netstat -sp ip Description: Displays IP statistics per protocol. Usage in Security: Helps in detailed analysis of IP-level security issues. Example: netstat -sp ip Expected Result: Shows detailed IP protocol statistics, crucial for in-depth network security analysis. 53. Command: netstat -c (Linux) Description: Continuously update and display the network statistics. Usage in Security: Ideal for real-time network monitoring during security investigations. Example: netstat -c Expected Result: Real-time update of network statistics, useful for live monitoring and quick detection of anomalies. 54. Command: netstat -o Description: Shows active connections with the owning process ID. Usage in Security: Crucial for linking network activity to specific processes, particularly in identifying rogue processes. Example: netstat -o Expected Result: Active connections are displayed along with their process IDs, aiding in identifying potentially malicious processes. 55. Command: netstat --tcp --listening Description: Lists all TCP sockets in listening state. Usage in Security: Helps in identifying open TCP ports which could be potential entry points for attackers. Example: netstat --tcp --listening Expected Result: Displays TCP ports that are currently listening for incoming connections. 56. Command: netstat --udp --listening Description: Lists all UDP sockets in listening state. Usage in Security: Useful for spotting open UDP ports which might be exploited in a network attack. Example: netstat --udp --listening Expected Result: Shows UDP ports waiting for incoming connections. 57. Command: netstat -v Description: Provides verbose output. Usage in Security: Offers more details, helpful in deep analysis of network issues. Example: netstat -v Expected Result: Detailed and extended information about network connections and statistics. 58. Command: netstat -pan (Linux) Description: Shows all network connections, listening ports, and process names. Usage in Security: Comprehensive overview of all network activities, crucial for a complete security audit. Example: netstat -pan Expected Result: Detailed list of all network connections and listening ports along with associated process names. 59. Command: netstat -s -p icmp Description: Displays detailed ICMP protocol statistics. Usage in Security: Important for analyzing ICMP traffic which could be used in network scanning or ping-based DDoS attacks. Example: netstat -s -p icmp Expected Result: Detailed ICMP statistics, essential for analyzing ICMP-related network security events. 60. Command: netstat --protocol=inet6 Description: Shows connections for IPv6. Usage in Security: Essential for monitoring IPv6 traffic, which is often overlooked in network security. Example: netstat --protocol=inet6 Expected Result: Lists IPv6 connections, aiding in the security analysis of IPv6 traffic. Note: The functionality of these commands can vary based on the operating system and version. Always ensure compatibility with your specific system. ================================================================================