Blog

At the middle of February will be released a new version of NetStat Agent.

In this version will be improved only netstat tool. We plan to add a filter for a quick search as we already have in Handy Uninstaller software.

Also we plan to increase the price per NetStat Agent unit with new version release. So you have a good chance to by per life license for only 29.95 USD!

In NetStat Agent 3.1 we added an ability to run batch scripts (in previous versions only executable files could be run). And because a launched third party program can show a window, we added new properties to user interface: program parameters (such as process name, remote ip, etc.) and an option to show\hide a program window.

On current moment the program supports the following parameters:

Continue reading Run batch scripts with NetStat Agent

Sometimes it is useful to know your external IP address. For example, when you share HTTP/FTP server and you do not know or forgot your IP address. In this case, if you use NetStat Agent 3.0 every time, it will be very easy for you! Because you do not need to open the Internet browser and search for a special service.

To find your IP address you must open IPConfig tool and press External IP button. After a few seconds you will see your external IP address. You may copy it to a clipboard (the right mouse click).

Question

“I have logged NetStat acitivity for a couple of days. I am analyzing the log now. I cannot find a definition of what can be recorded in the Event Column. What exactly does changed mean? What exactly does new mean? What exactly does removed mean?”

Answer

Event Columns means a log record status, for example:
1) You click on file in your browser and the browser opens a TCP connection to download file.
2) At this moment NetStat Agent (NA) found that your browser opened a new connection, so because it is a new connection, NA sets a record status as “New”.
3) But when your browser downloaded a file, it closes the opened connection and at this moment NA writes to log file that connection is closed and sets a record status as “Removed”.

A record status “Changed” means that connection state (see column “Status” in NetStat window) is changed, for example:
1) Let assume you run Skype and connected to Skype server.
2) In this case NA will find a TCP connection with status - “ESTABLISHED”.
3) Then you decide to close Skype (disconnect).
4) It means that your PC (Skype application) will send a FIN packet (a TCP signal to close connection) to a remote host (Skype server).
5) For your PC it means a changing connection status from ESTABLISHED to FIN_WAIT1.
6) So when NetStat Agent detects connection status changes it writes to log file what connection is changed and sets a record status as “Changed” to event column.

I was asked by email how to monitor only one local port, so decided to answer in blog.

Let assume that we have a HTTP server (Apache) on local port 80 and we want to monitor all HTTP connections. With installed NetStat Agent it is very easy to do.

After running NetStat you will see a lot of connections (click to see the large picture):

So we need to create a filter in “Monitor” tab to hide unwanted connections:

1. In the context menu (right click) select “Clear” to clear all fields.
2. Set the name of filter: “hide all”.
3. Set action as “Hide”.
4. Check on the box “Enabled”.
5. Press “Add” button to add a new filter.

The result you may see on the screenshot:

After adding this filter all connections are invisible. So we need another one to show only wanted connections:

1. In the context menu (right click) select “Clear” to clear all fields.
2. Set the name of filter: “show http”.
3. Set the local port: 80.
4. Check on “Select” action only.
5. Press “Add”.

See screenshot:

Now if you select “Connections” tab again, you will see only HTTP connections:

With NetStat Agent you may monitor HTTP visitors in real-time mode!