How to check DDoS attack on windows server.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

As like in linux server we can use the netstat commnet here too. Here I am explaining the netstat command use and example on windows server.

Step1: Login to RDP server via rdp client.
Step2: Open command prompt by visiting Start > Run > Type “cmd” in box.

Step3: netstat is a command line utility which displays protocol statistics and current TCP/IP network connections in a system. Type the following command to see all connections:

netstat -noa


n: Displays active TCP connections.
o: Displays active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager.
a: Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.

Step4: You can use find command as filter to searches for a specific string of text in a file. In the following example you are filtering out port 80 traffic:

netstat -ano | find /c "80"


The above example has four foreign connection to its pot 80.
Find the IP address which is having maximum number of connection and block it using Cisco firewall or IPSec.

That’s it.

Arunlal Ashok

DevOps (Server & Cloud infrastructure) Engineer. I'm managing Linux servers since 2012. I started this blog to share and discuss my ideas. Any questions? Write to arun (@)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *