Did You Know?

How Can We Help?

Special Offer

Deploy your Cloud Server now and get $100 in Free Credits!

Get Started

How to use telnet, netstat and wireshark in Windows

Table of Content


  • Windows OS with administrator privileges
  • Access to the command prompt
  • An IP address/domain and port to test


Telnet (teletype network) is a network protocol for two-way text-based communication through a CLI, allowing remote access. Telnet is a client-server protocol predating the TCP protocol. The Telnet protocol creates a communication path through a virtual terminal connection. The data distributes in-band with Telnet control information over the transmission control protocol (TCP). How to use telnet, netstat and wireshark in Windows

Enable Telnet on Windows

In Windows, Telnet is disabled by default. To check if Telnet is already activated, open your command line, and run telnet:

Option 1: Enable Telnet using GUI

Go to Server Manager,click on Add Roles and Features

Telnet Client installed.

Option 2: Enable Telnet Using Command Prompt

To activate the Telnet client from the command prompt:

1. In the command prompt, run: pkgmgr /iu:"TelnetClient"

Restart the command prompt and run telnet to open the Microsoft Telnet Client.

run telnet and test if installed.

Telnet installed.

Run "quit" to exit telnet.

Use Telnet in Windows to Test Open Ports

Run cmd as Administrator

The Telnet syntax for testing open ports is:

telnet <address> <port number>

telnet 80

The command accepts both symbolic and numeric addresses.

For example: telnet xyz.com 23

After running the command, one of the following two options happen:

1. The command throws an error, indicating the port is not available for connection:

2. The command goes to a blank screen, indicating the port is open:

The blank screen indicates that the port we have telnet (443 in this case), is indeed open for the tested domain/IP.


The netstat command, meaning network statistics, is a Command Prompt command used to display very detailed information about how your computer is communicating with other computers or network devices.

Specifically, it can show details about individual network connections, overall and protocol-specific networking statistics, and much more, all of which could help troubleshoot certain kinds of networking issues. You can use the network tool for Windows, Linux, and macOS conveniently via the command line.

Microhost recommends you to regularly check the ports opened by your system as the anonymous opened ports offer third parties the opportunity to sneak malware into your system.

How to use telnet, netstat and wireshark in Windows

The command netstat will show list of all active TCP connections along with their respective port numbers.

The command netstat -a will show list of all active TCP/UDP ports.

The command netstat -e will show statistics about your network connection (received and sent data packets, etc.).

The command netstat -n will show numerical display of addresses and port numbers.

The command netstat -p TCP will show the connections for the specified protocol, in this case TCP (also possible: UDP, TCPv6, or UDPv6).

The command netstat -q will show all connections, all listening TCP ports, and all open TCP ports that are not listening.

The command netstat -r will show the IP routing table.

The command netstat -s will show statistics about the important network protocols such as TCP, IP, or UDP.

The command netstat -s -p icmpv6 will only show the statistics on the ICMPv6 protocol.

The command netstat -ano will show all open ports and active connections (numeric and process ID included).

The command netstat -x will show all NetworkDirect listeners, connections, and shared endpoints.

The command netstat -y will show the TCP connection template for all connection..


Wireshark is a network packet analyzer, or an application that captures packets from a network connection. A network packet analyzer presents captured packet data in as much detail as possible. Data packets can be viewed in real-time or analyzed offline. Wireshark supports dozens of capture/trace file formats, including CAP and ERF. Integrated decryption tools display the encrypted packets for several common protocols, including WEP and WPA/WPA2. Wireshark is the most often-used packet sniffer in the world. Like any other packet sniffer, Wireshark does three things:

  1. Packet Capture: Wireshark listens to a network connection in real time and then grabs entire streams of traffic – quite possibly tens of thousands of packets at a time.
  2. Filtering: Wireshark is capable of slicing and dicing all of this random live data using filters. By applying a filter, you can obtain just the information you need to see.
  3. Visualization: Wireshark, like any good packet sniffer, allows you to dive right into the very middle of a network packet. It also allows you to visualize entire conversations and network streams.

To download wireshark application, click here .

To begin capturing packets with Wireshark, Select one or more of networks, go to the menu bar, then select Capture.

In the Capture Interfaces window, click on Start.

Select File > Save As or choose an Export option to record the capture.

To stop capturing, press Ctrl+E. Or, go to the Wireshark toolbar and select the red Stop button that's located next to the shark fin.

View and Analyze Packet Contents

The captured data interface contains three main sections:

  • The packet list pane (the top section)
  • The packet details pane (the middle section)
  • The packet bytes pane (the bottom section)

Packet List

The packet list pane, located at the top of the window, shows all packets found in the active capture file. Each packet has its own row and corresponding number assigned to it, along with each of these data points:

  • No: This field indicates which packets are part of the same conversation. It remains blank until you select a packet.
  • Time: The timestamp of when the packet was captured is displayed in this column. The default format is the number of seconds or partial seconds since this specific capture file was first created.
  • Source: This column contains the address (IP or other) where the packet originated.
  • Destination: This column contains the address that the packet is being sent to.
  • Protocol: The packet's protocol name, such as TCP, can be found in this column.
  • Length: The packet length, in bytes, is displayed in this column.
  • Info: Additional details about the packet are presented here. The contents of this column can vary greatly depending on packet contents.

To change the time format to something more useful (such as the actual time of day), select View > Time Display Format.

Packet Details

The details pane, found in the middle, presents the protocols and protocol fields of the selected packet in a collapsible format. In addition to expanding each selection, you can apply individual Wireshark filters based on specific details and follow streams of data based on protocol type by right-clicking the desired item.

Packet Bytes

At the bottom is the packet bytes pane, which displays the raw data of the selected packet in a hexadecimal view. This hex dump contains 16 hexadecimal bytes and 16 ASCII bytes alongside the data offset.

Selecting a specific portion of this data automatically highlights its corresponding section in the packet details pane and vice versa. Any bytes that cannot be printed are represented by a period.


Thank You!


Special Offer

Deploy your Cloud Server now and get $100 in Free Credits!

Get Started
Table of Contents