Internet connectivity has revolutionised our daily lives, but sometimes internet connections can fail. This results in loss of internet service for personal users, and hosted service outages for businesses, with both a great inconvenience. In most cases, this is due to broadband or mobile network failures out of our control. Sometimes, however, the configuration of your internal network or devices can cause this outage.

Whether it's a broadband issue or a localised misconfiguration issue, Command Prompt utilities like netstat can be used to diagnose connection problems. When using netstat, you can monitor the quantity of traffic passing through a network over both TCP and UDP ports. This monitoring will apply to all discoverable devices on your home local area network (LAN) that connect to your device, and all inbound or outbound traffic to your device.

Let us explore netstat, and how you can use it to diagnose and remediate common internet connectivity problems on Windows.

Getting started with netstat

Please note that this guide was created using Windows 10 v2004.

The netstat tool only operates within a command line interface (CLI) and does not natively offer a graphical user interface (GUI). Microsoft has released another program called TCPView which provides similar functionality to netstat, but with a native GUI. You can find out more about TCPView here.

To get started, open a Command Prompt window. You can do this by pressing the Windows Key + R on your keyboard, which will open a run window. From here, type cmd and press Enter on the keyboard.

In the Command Prompt window, type netstat. You should see something similar to this appear:

Active Connections
Proto Local Address Foreign Address State

Notice that netstat keeps running, and will list any network activity in real-time.

Now let's dissect this information.

Under Active Connections, we have Proto, Local Address, Foreign Address, and State.

Proto is short for protocol. This shows the type of networking protocol being used by the corresponding connection. In this case, all connections thus far are using Transmission Control Protocol (TDP).

Next, you can see the local address, which is set to the default Next to this IP address are the local network ports being used by the corresponding entries.

Now we have the Foreign Address. This is the external device that is connecting to the Local Address. For most of these entries, the Local Address will be your router. The Foreign Address also lists the ports in use. For example, Port 80 is used for HTTP web traffic, and Port 443 is used for HTTPS traffic, but netstat lists these instead as :HTTP or :HTTPS.

Finally, we have the State. This is the current state of the connection. In our example, we can see that the connection is ESTABLISHED, meaning the connection is working, and network traffic is flowing back and forth correctly. This happens when a SYN (synchronise) signal is received by the destination server and accepted, establishing the connection.

Advanced netstat usage

Let's try adjusting the parameters of the netstat command to display more nuanced information relating to our network connection.


You likely left the netstat utility running while reading this guide, so go back to the window and type the following:

netstat | findstr ESTABLISHED

This command filters through the netstat entries as they are created, disposing of anything that does not have the State value ESTABLISHED. The result; you see only ESTABLISHED results.

You can find the string value (findstr) for a variety of things. In specific relation to the State value, common values could include:

• CLOSED – This indicates that the connection has closed, due to the sending of an ACK signal from the client to the server. ACK stands for acknowledge.

• CLOSE_WAIT – This indicates the connection is in the midst of closing, as the server has received the first FIN signal from the client. This FIN signal tells the server there is no more data to be sent. This would be followed by a CLOSED signal, confirming that the connection has closed.

• TIME_WAIT – This indicates to the local device that it should wait for the maximum segment lifetime (MSL) to pass. If passed, the local device will go to CLOSED, but the wait gives time to receive an ACK packet from the remote device.

Some entries more relevant to server monitoring include:

• FIN_WAIT_1 – A connected client device that isn't transmitting data may have this State. If the server (or reverse with the client) wants to close the connection, it will send a FIN packet. This indicates the server is waiting for ACKnowledgement of the FIN packets from a client, or vice versa with a client closing the connection.

• FIN_WAIT_2 – This indicates the local device is waiting for a connection termination request from the remote device. As an example, the server wants to close a connection with no activity and has sent a FIN packet. It received an ACK packet and is now waiting for the client to close the connection.

Show PID used by a port number

Process identifier (PID) is a way for the OS to identify an active process. If you Right-Click the taskbar, select Task Manager, and then go to the Details tab, you can see a list of PIDs.

netstat uses this to identify port conflicts between active processes.

Let's try filtering in netstat to display only HTTPS (port 443) traffic.

Type the following:

netstat -ano | find ":443"

For this command -a tells netstat to display all connections and listening ports.

Then, -n forces netstat to display all addresses and port number in numerical form.

Finally -o tells netstat to display the PID's for each connection.

| find ":443" tells netstat to only show entries which contain the alphanumeric characters :443, also known as the HTTPS port.

Build your network with Fasthosts

Network management can be an arduous task, but Fasthosts has the answer. Our 24 hour, 7 days a week, 365 days a year support provision is unmatched in quality. That means if you encounter any problems, at any time, we are there to help. In addition, our extensive self-service portal offers a knowledge base full of documentation to help you understand and resolve numerous cloud hosting problems.

To make your move to the cloud, get in touch with our sales team on 0808 1686 777, or email us at