Port information in windows

Kurt Seifried, [email protected]


 

For a list of TCP-IP, UDP and ICMP ports go here.

You can use netstat to list open ports and their state in Windows:

C:\WINDOWS>netstat -a -n

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:1822           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1837           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:2001           0.0.0.0:0              LISTENING
  TCP    10.1.1.2:1026          0.0.0.0:0              LISTENING
  TCP    10.1.1.2:1026          10.1.1.1:139           ESTABLISHED
  TCP    10.1.1.2:1822          10.1.1.1:22            ESTABLISHED
  TCP    10.1.1.2:1837          10.1.1.1:22            ESTABLISHED
  TCP    10.1.1.2:137           0.0.0.0:0              LISTENING
  TCP    10.1.1.2:138           0.0.0.0:0              LISTENING
  TCP    10.1.1.2:139           0.0.0.0:0              LISTENING
  TCP    10.1.1.2:2001          10.1.1.1:993	      ESTABLISHED
  TCP    127.0.0.1:1850         0.0.0.0:0              LISTENING
  UDP    10.1.1.2:137           *:*
  UDP    10.1.1.2:138           *:*
  UDP    127.0.0.1:1850         *:*

C:\WINDOWS>

So on the workstation (10.1.1.2) there are open connections to ports 22 (SSH), 139 (windows file sharing) and 993 (secure imap) on the machine 10.1.1.1 among other things.

In Windows XP you can use the -b option to list the executable involved:

C:\Documents and Settings\seifried>netstat -b

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    10.1.1.2:1043            10.1.0.15:microsoft-ds ESTABLISHED     4  [System]
  TCP    10.1.1.2:1220            irc.example.org:6667   ESTABLISHED     5920  [mirc.exe]
  TCP    10.1.1.2:1363            mail.example.org:993   ESTABLISHED     6128  [msimn.exe]
  TCP    10.1.1.2:1365            www.example.org:http   ESTABLISHED     976  [ccProxy.exe]
  TCP    10.1.1.2:1373            www.example.org:http   ESTABLISHED     976  [ccProxy.exe]
  TCP    10.1.1.2:1027            localhost:1364         ESTABLISHED     976  [ccProxy.exe]
  TCP    10.1.1.2:1027            localhost:1372         ESTABLISHED     976  [ccProxy.exe]
  TCP    10.1.1.2:1027            localhost:1108         ESTABLISHED     976  [ccProxy.exe]
  TCP    10.1.1.2:1077            localhost:1078         ESTABLISHED     5596  [firefox.exe]
  TCP    10.1.1.2:1078            localhost:1077         ESTABLISHED     5596  [firefox.exe]
  TCP    10.1.1.2:1107            localhost:11863        ESTABLISHED     2344  [msnmsgr.exe]
  TCP    10.1.1.2:1108            localhost:1027         ESTABLISHED     3436  [SimpLite-MSN.exe]
  TCP    10.1.1.2:1364            localhost:1027         ESTABLISHED     5596  [firefox.exe]
  TCP    10.1.1.2:1372            localhost:1027         ESTABLISHED     5596  [firefox.exe]
  TCP    10.1.1.2:1266            localhost:1027         CLOSE_WAIT      2344  [msnmsgr.exe]
  TCP    10.1.1.2:1268            localhost:1027         CLOSE_WAIT      2344  [msnmsgr.exe]
  TCP    10.1.1.2:1273            localhost:1027         CLOSE_WAIT      2344  [msnmsgr.exe]
  TCP    10.1.1.2:1275            localhost:1027         CLOSE_WAIT      2344  [msnmsgr.exe]
  TCP    10.1.1.2:1277            localhost:1027         CLOSE_WAIT      2344  [msnmsgr.exe]
  TCP    10.1.1.2:1027            localhost:1368         TIME_WAIT       0
  TCP    10.1.1.2:1027            localhost:1366         TIME_WAIT       0
  TCP    10.1.1.2:1060            localhost:1374         TIME_WAIT       0
  TCP    10.1.1.2:1271            localhost:1027         TIME_WAIT       0
  TCP    10.1.1.2:11863           localhost:1270         TIME_WAIT       0

On older systems then Windows XP you will need third party application sto see what applications actually have these ports open you will need a program such as Inzider (free), available from: http://ntsecurity.nu/toolbox/inzider/. Another free tool is fport from Foundstone, available at: http://www.foundstone.com/resources/proddesc/fport.htm. There is a commercial program called TCPView from Winternals that provides a lot of information, available from: http://www.winternals.com/products/monitoringtools/tcpviewpro.asp. It appears this tool has been folded into a commercial offering available at http://www.winternals.com/Products/AdministratorsPak/

 


Back

Last updated 4/10/2001

Copyright Kurt Seifried 2001