I have a dedicated server running Windows Server 2008 R2 out of a data center in New York. This is used for a variety of things including web hosting for clients and certain applications. In the past, one client has had issues with DDoS attacks that forced out their specific application's ability to operate. We would combat this issue using -netstat nao in Windows Powershell, at which point the source of the attack became obvious and we blocked it with the firewall restoring functionality to the application. Recently, however, Windows Powershell has ceased displaying all incoming connections, seemingly by ignoring certain ports. This was first noticed 2-3 months ago. The issue once again occurred in which we needed to lock out attack source addresses and were unable to do so swiftly. So, in short, how do I resolve netstat failing to display certain ports? As a note, the same case is with the general command prompt. I just at this time prefer Powershell, but Powershell is not the isolated issue.

Hi Nathan, Thanks for posting here. > We would combat this issue using -netstat nao in Windows Powershell, at which point the source of the attack became obvious and we blocked it with the firewall restoring functionality to the application. Do you mean we get connection status with the information that generated by command netstat -ano which performed in Powershell command prompt ? Did we customized anything with this command or was just running it? I ask this because we can filter these information by Powershell script with the results that generated by this command : NetworkManagement.ps1 http://gallery.technet.microsoft.com/scriptcenter/f17c7600-5356-4e97-bc76-0551504d06a5 Netstat on a remote computer http://gallery.technet.microsoft.com/scriptcenter/Netstat-on-a-remote-58e1aa77 And of course we have some other utilities which will also help us to get these information easily : TCPView v3.05 http://technet.microsoft.com/en-us/sysinternals/bb897437 Thanks. Tiger LiTiger Li TechNet Community Support

As for your question yes, we have been using netstat to detect the addresses responsible for denial-of-service attacks with those parameters, although the issue on certain ports remains regardless of if we use PowerShell or if we use any other command parameters. I suppose we could use alternative utilities and I will give those a try immediately. Thanks for the links, I'll check them out as well right now in fact.

We tried the provided utility, that being TCPView, and while it is a wonderful program we've certainly never been aware of and will certainly find useful for other purposes (so thank you once more), the issue of exclusions in connections remains. Again, we are unsure of why these connections do not display in any diagnostic utilities. We are confident that there are in fact excluded connections. For example, none of us display anywhere at all despite being connected via remote desktop whereas previously (before this issue) we would indeed show up. Which one of us is connected to remote desktop is not our concern naturally, we have larger, more pressing issues. I suppose at least now we know the root issue is not netstat but a more broadly-stroked general issue with the server and network connections. I'm open to any support anyone may have, whether it be utilities or other solutions.