Commands to Display TCP Network Connections on Windows and Unix/Linux

Which commands can be used to display TCP network connections?

To display TCP network connections, you can use several commands depending on your operating system. Here are some common commands for both Windows and Unix/Linux systems:

Windows

1. netstat

   • Command: netstat -an
   • This command displays all active TCP connections and listening ports, along with their IP addresses and port numbers.

2. Get-NetTCPConnection (PowerShell)

   • Command: Get-NetTCPConnection
   • This command provides detailed information about TCP connections in a more structured format.

3. TCPView

   • This is a Sysinternals tool that provides a graphical interface to view TCP and UDP connections. You can download it from the Microsoft website.

Unix/Linux

1. netstat

   • Command: netstat -tuln
   • This command shows all listening and established TCP connections. The -t flag is for TCP, -u for UDP, -l for listening, and -n for numeric addresses.

2. ss

   • Command: ss -tuln
   • This is a modern replacement for netstat that provides similar information but is faster and more efficient. The flags are similar to those used in netstat.

3. lsof

   • Command: lsof -iTCP -sTCP:LISTEN
   • This command lists open files and can be used to display TCP connections, specifically those that are in the LISTEN state.

4. iftop

   • Command: iftop
   • This command provides a real-time view of network traffic, including TCP connections, but requires root privileges.

5. tcpdump

   • Command: tcpdump -i <interface> tcp
   • This command captures and displays TCP packets on a specified network interface.

Summary

• For Windows, use netstat, Get-NetTCPConnection, or TCPView.
• For Unix/Linux, use netstat, ss, lsof, iftop, or tcpdump.

Make sure to run these commands with appropriate permissions (e.g., as an administrator or with sudo on Unix/Linux) to see all connections.