2

I know that netstat -s exists on Windows, but it displays way less informations than on Linux/OS X. It only gives 8 counters about TCP, while on Linux it's more than 50.

I'm looking for any TCP-related counters such as:

  • Linux: TCPDSACKOldSent, DelayedACKLocked, TCPOFODrop or TCPDSACKIgnoredNoUndo. You can get the whole set of counters via cat /proc/net/netstat.

  • BSD/OS X: rcvbyteafterwin, rcvduppack or rcvoobyte.

Is there a built-in tool to achieve this ? Or maybe there is a system call that would allow me to retreive such informations ?

jean-loup
  • 127
  • 2
  • 9

5 Answers5

3

No for built-in tool. Only way I can think of is to use the winpcap/npf library to build your own tool to make up stat that you need.

In windows the network stack is stripped compared to the Linux/BSD's side. Thus the need for winpcap&npf driver.

I would add that even the windows firewall is a pseudo-stateless firewall (layer 4 and it just check tcp traffic, no icmp inspection, etc.. (layer 3)), not a full stateful layer 3 firewall like a Linux or BSD's box can be. So it explain why the built-in tool list lot less data.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
1

Short of using a 3rd party product...

netstat -s -e

or you could use WMI

Such as:

wmic path Win32_PerfFormattedData_Tcpip_NetworkInterface

wmic path Win32_PerfFormattedData_Tcpip_TCPv4

wmic path Win32_PerfFormattedData_Tcpip_IPv4

the above will need to be used with the GET parameter to zero in on the objects you want, but you can run them as is to see what the choices are.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • `netstat -s -e` is way too general. I need many TCP error counters, and sequence number related counters. The WMI suggestion is better but not enough, I would need an extended version of that. – jean-loup Nov 15 '14 at 20:20
  • 1
    There's not one short of a 3rd party tool or possibly a complex PS script. If you want deep dive tracing something like Wireshark can be used. – TheCleaner Nov 16 '14 at 17:06
  • 1
    Wireshark is nowhere near equivalent to netstat -s. – jean-loup Nov 17 '14 at 11:10
1

netsh interfaces ipv4 show {tcp,ip,udp}stats gives you some additional information over netstat, but it might not be enough.

MS Technet article on netsh ipv4

Andrew Domaszek
  • 5,163
  • 1
  • 15
  • 27
1

Windows does not report on the TcpExt properties. The reason is because Windows does not TOE by default. You can verify this by running netstat -nt and the offload column will likely be InHost. In contrast, Linux uses TOE (TCP Offload Engine) by default and tools are built to query the TcpExt properties.

The data you're wanting is completely dependent on the driver built for the OS to expose that data. There also needs to be a Windows provider created so you can query the data (could be a driver assembly). In windows open up the Device Manager and check out the advanced tab of the properties to the Network Adapter. You can see there what types of data are supported for collection in windows and whether or not it's enabled.

I realize others have advised that Windows cannot do it by default and have recommended other tools (like pcap). Though I thought you'd want to know why.

Colyn1337
  • 2,397
  • 2
  • 23
  • 40
0

For anyone else that stumbles across this like I did, here are a couple more options

# List all TCP Connections
netstat -tanob
# List all Connections
netstat -anob

# List all TCP Connections with FQDN
netstat -tafob
# List all Connections with FQDN
netstat -afob

But I prefer a PowerShell way to get the information that is very helpful.

Get-NetTCPConnection |
    Where-Object {$_.State -eq "Listen"} |
    Sort-Object LocalPort |
    Format-Table -AutoSize `
        LocalAddress,
        LocalPort,
        RemoteAddress,
        RemotePort,
        State,
        @{l="Process/Application";e={$(Get-Process -PID $_.OwningProcess | Select-Object ID,ProcessName).ProcessName}}

There is a nice writeup about the PowerShell way at https://sysnetdevops.com/2017/04/24/exploring-the-powershell-alternative-to-netstat/

David Kittell
  • 101