Blog

Question

“I have logged NetStat acitivity for a couple of days. I am analyzing the log now. I cannot find a definition of what can be recorded in the Event Column. What exactly does changed mean? What exactly does new mean? What exactly does removed mean?”

Answer

Event Columns means a log record status, for example:
1) You click on file in your browser and the browser opens a TCP connection to download file.
2) At this moment NetStat Agent (NA) found that your browser opened a new connection, so because it is a new connection, NA sets a record status as “New”.
3) But when your browser downloaded a file, it closes the opened connection and at this moment NA writes to log file that connection is closed and sets a record status as “Removed”.

A record status “Changed” means that connection state (see column “Status” in NetStat window) is changed, for example:
1) Let assume you run Skype and connected to Skype server.
2) In this case NA will find a TCP connection with status - “ESTABLISHED”.
3) Then you decide to close Skype (disconnect).
4) It means that your PC (Skype application) will send a FIN packet (a TCP signal to close connection) to a remote host (Skype server).
5) For your PC it means a changing connection status from ESTABLISHED to FIN_WAIT1.
6) So when NetStat Agent detects connection status changes it writes to log file what connection is changed and sets a record status as “Changed” to event column.

I was asked by email how to monitor only one local port, so decided to answer in blog.

Let assume that we have a HTTP server (Apache) on local port 80 and we want to monitor all HTTP connections. With installed NetStat Agent it is very easy to do.

After running NetStat you will see a lot of connections (click to see the large picture):

So we need to create a filter in “Monitor” tab to hide unwanted connections:

1. In the context menu (right click) select “Clear” to clear all fields.
2. Set the name of filter: “hide all”.
3. Set action as “Hide”.
4. Check on the box “Enabled”.
5. Press “Add” button to add a new filter.

The result you may see on the screenshot:

After adding this filter all connections are invisible. So we need another one to show only wanted connections:

1. In the context menu (right click) select “Clear” to clear all fields.
2. Set the name of filter: “show http”.
3. Set the local port: 80.
4. Check on “Select” action only.
5. Press “Add”.

See screenshot:

Now if you select “Connections” tab again, you will see only HTTP connections:

With NetStat Agent you may monitor HTTP visitors in real-time mode!

We are happy to announce the third version of NetStat Agent! This version was planned to release in summer, but unfortunately we have the problems with our offline DSP projects. OK, so what’s the difference between version 2.1 and 3.0?

• Feature added: user interface can be translated to other languages.
• Feature added: pathping mode for trace route.
• Feature added: country flags are shown now.
• Feature added: you may find your external IP.
• Feature added: IP-to-country database is updated.

Also we changed the license key and every registered user will get a new key soon.

Hope you like new version of NetStat Agent!

Good news for all NetStat Agent fans!

Today we released the final beta version of NetStat and the next version will be 3.0! So, what is new:

Continue reading NetStat Agent 3.0 Beta 3

A good day to all of you (the one’s who take the time just to read my story).

My reaction for NetStat Agent is as follows.

I just use it for monitoring and logging my server, it’s finally a good tool I came accross for reading and understanding in normal human being language about whats going on in your system, with port usage, external adresses and more.
Okey, I know all commands by hand also, but this is just a good tool for doing a job easier!

Thats my reaction on NetStat Agent!

Greetings,
Peter Lazaroms
http://alienhost.nl