INITIATING NETWORK ACTIVITY IN WINDOWS USING NETSTAT
DOI:
https://doi.org/10.35546/kntu2078-4481.2025.3.2.6Keywords:
netstat, network, monitoring, Windows, computer network diagnostics, computer network security, cybersecurityAbstract
The purpose of the article. The aim of the article is to create a complex approach to the initiation and analysis of network activity in the windows operating system with the help of the netstat utility with references to the current demands related to tracking of the system and guaranteeing the opportunity to interpret the findings of diagnostic activities in the most effective way. The work will also try to standardize the use of Netstat, complement it with other tools to automate the analysis of the data and translate its proposals into concrete recommendations for the system administrators and the cybersecurity experts. Specific applications for identifying network connections, anomaly detection and load analysis also play a crucial role in the stability and security of information systems in a dynamic network environment.Scientific novelty. The scientific novelty of the research is the creation of a classification of TCP connection states on the basis of data obtained using netstat that permits effective interpretation of the information about network activity in the context of system diagnostics. The architecture of the monitoring system proposed in this work, which features four major components: primary data collection, processing, analysis, and notification about anomalies, extends classical approaches to the usage of Windows utilities. The combination of netstat together with modern automation and data analysis techniques, especially with time series and logging, provides new possibilities for trend and anomaly detection.Results. As part of the study, the functionality of netstat was explored in detail, particularly the -a, -n, -o, -s and -r options, which give a complete listing of active connections, IP address, process ID, statistics for network protocols and routing tables. The classification table of TCP connection states (LISTENING, ESTABLISHED, TIMEWAIT, CLOSEWAIT) with description of diagnostic values and recommendations was created, according to which problematic states can be identified, for example, long CLOSE_WAIT. The results obtained from the network sessions with IP addresses 127.0.0.1 and 192.168.0.161 and ports 161:4147-4149, shown in Figure 2, provide information related to the intensity of the activity of the web applications, system processes and also the existence of potential anomalies. Ways for scripting to automate the data collection and connection with logging systems for building time series are suggested.Conclusions. The study has proven that netstat is efficient for starting and monitoring the network activity in windows and is a useful tool with its advanced command-line parameters and organized method to capture the data for diagnostics. The resulting monitoring architecture and connection state classification provides the foundations for integration of traditional utilities with modern technologies such as machine learning. Future work opportunities: development of algorithms for automatic anomaly detection, integration with cloud systems, development of adaptive alerting systems, with practical consequences in the field of security and optimization of network resources (cybersecurity).
References
Бойко В. Д., Бевза В. І., Слатвінська В. М. Використання штучного інтелекту для оптимізації коду на Python з інтеграцією інструментів налагодження PDB / В. Д. Бойко, В. І. Бевза, В. М. Слатвінська // Наука і техніка сьогодні: Серія «Техніка». 2025. № 7 (48). С. 1258–1271. DOI: https://doi.org/10.52058/2786-6025-2025-7(48)-1258-1271
Бевза В. І., Слатвінська В. М. Вплив збою Crowdstrike на мега-витік паролів: чи є зв’язок? Ч. 1 / В. І. Бевза, В. М. Слатвінська // Вісник Хмельницького національного університету. Серія: Технічні науки. 2024. № 4. С. 332–338. DOI: https://doi.org/10.31891/2307-5732-2024-339-4-52 URL: https://heraldts.khmnu.edu.ua/index.php/heraldts/article/view/257
Бевза В. І., Слатвінська В. М. Вплив збою Crowdstrike на мега-витік паролів: чи є зв’язок? Ч. 2 / В. І. Бевза, В. М. Слатвінська // Вісник Хмельницького національного університету. Серія: Технічні науки. 2024. Том 341. № 5. С. 248–259. DOI: https://doi.org/10.31891/2307-5732-2024-341-5-36 URL: https://heraldts.khmnu.edu.ua/index.php/heraldts/article/view/300
Zhong Y., Zhang Y., Zhang J., Wan L. Research on resilience measurement and optimization of networked command information system / Y. Zhong, Y. Zhang, J. Zhang, L. Wan // Reliability Engineering & System Safety. 2025. Vol. 261. Art. 111048. DOI: https://doi.org/10.1016/j.ress.2025.111048 URL: https://www.sciencedirect.com/science/article/pii/S0951832025002492
Romero M. L., Suyama R. Towards Network Data Analytics in 5G Systems and Beyond (Version 1) / M. L. Romero, R. Suyama // arXiv. 2025. DOI: https://doi.org/10.48550/ARXIV.2506.04860 URL: https://arxiv.org/abs/2506.04860v1
Beltiukov R., Bhattaram K., Cheng E., Kanigicherla V., Singh A., Thampiratwong K., Gupta A. Leveraging Large Language Models to Contextualize Network Measurements (Version 2) / R. Beltiukov, K. Bhattaram, E. Cheng, V. Kanigicherla, A. Singh, K. Thampiratwong, A. Gupta // arXiv. 2025. DOI: https://doi.org/10.48550/ARXIV.2505.19305 URL: https://arxiv.org/abs/2505.19305v2
Jiang W., Zhang B., Zhu Q., Liao C., Wang W. A Real Network Environment Dataset for Traffic Analysis / W. Jiang, B. Zhang, Q. Zhu, C. Liao, W. Wang // Scientific Data. 2025. Vol. 12, No. 1. DOI: https://doi.org/10.1038/s41597-025-04876-2 URL: https://www.nature.com/articles/s41597-025-04876-2
Balakrishnapillai J., Ajayan A. K. P., Kurian A., Sabu A., Majeed A. Network intrusion detection using novel DSSTE / J. Balakrishnapillai, A. K. P. Ajayan, A. Kurian, A. Sabu, A. Majeed // AIP Conference Proceedings. 2025. Vol. 3260. Art. 020044. DOI: https://doi.org/10.1063/5.0259047 URL: https://is.gd/A27Mrf
Brindha S., Dhamayanthi A. Network Based Intrusion Detection using Convolutional Neural Network / S. Brindha, A. Dhamayanthi // International Journal of Scientific Research in Engineering and Management. 2025. Vol. 09, No. 03. P. 1–9. DOI: https://doi.org/10.55041/ijsrem42812 URL: https://is.gd/JMt6yI
Nam S., Jeong E., Hong J. W. Log‐TF‐IDF and NETCONF‐Based Network Switch Anomaly Detection / S. Nam, E. Jeong, J. W. Hong // International Journal of Network Management. 2025. Vol. 35, No. 1. DOI: https://doi.org/10.1002/nem.2322 URL: https://onlinelibrary.wiley.com/doi/10.1002/nem.2322
Lv Q., Chang Y., Li T., Ge J. Betastack: Enhancing base station traffic prediction with network-specific Large Language Models / Q. Lv, Y. Chang, T. Li, J. Ge // Computer Networks. 2025. Vol. 270. Art. 111557. DOI: https://doi.org/ 10.1016/j.comnet.2025.111557 URL: https://www.sciencedirect.com/science/article/abs/pii/S1389128625005249
