Kurt Seifried, [email protected]
For a list of TCP-IP, UDP and ICMP ports go here.
You can use netstat to list open ports and their state in Windows:
C:\WINDOWS>netstat -a -n Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:1822 0.0.0.0:0 LISTENING TCP 0.0.0.0:1837 0.0.0.0:0 LISTENING TCP 0.0.0.0:2001 0.0.0.0:0 LISTENING TCP 10.1.1.2:1026 0.0.0.0:0 LISTENING TCP 10.1.1.2:1026 10.1.1.1:139 ESTABLISHED TCP 10.1.1.2:1822 10.1.1.1:22 ESTABLISHED TCP 10.1.1.2:1837 10.1.1.1:22 ESTABLISHED TCP 10.1.1.2:137 0.0.0.0:0 LISTENING TCP 10.1.1.2:138 0.0.0.0:0 LISTENING TCP 10.1.1.2:139 0.0.0.0:0 LISTENING TCP 10.1.1.2:2001 10.1.1.1:993 ESTABLISHED TCP 127.0.0.1:1850 0.0.0.0:0 LISTENING UDP 10.1.1.2:137 *:* UDP 10.1.1.2:138 *:* UDP 127.0.0.1:1850 *:* C:\WINDOWS>
So on the workstation (10.1.1.2) there are open connections to ports 22 (SSH), 139 (windows file sharing) and 993 (secure imap) on the machine 10.1.1.1 among other things.
In Windows XP you can use the -b option to list the executable involved:
C:\Documents and Settings\seifried>netstat -b Active Connections Proto Local Address Foreign Address State PID TCP 10.1.1.2:1043 10.1.0.15:microsoft-ds ESTABLISHED 4 [System] TCP 10.1.1.2:1220 irc.example.org:6667 ESTABLISHED 5920 [mirc.exe] TCP 10.1.1.2:1363 mail.example.org:993 ESTABLISHED 6128 [msimn.exe] TCP 10.1.1.2:1365 www.example.org:http ESTABLISHED 976 [ccProxy.exe] TCP 10.1.1.2:1373 www.example.org:http ESTABLISHED 976 [ccProxy.exe] TCP 10.1.1.2:1027 localhost:1364 ESTABLISHED 976 [ccProxy.exe] TCP 10.1.1.2:1027 localhost:1372 ESTABLISHED 976 [ccProxy.exe] TCP 10.1.1.2:1027 localhost:1108 ESTABLISHED 976 [ccProxy.exe] TCP 10.1.1.2:1077 localhost:1078 ESTABLISHED 5596 [firefox.exe] TCP 10.1.1.2:1078 localhost:1077 ESTABLISHED 5596 [firefox.exe] TCP 10.1.1.2:1107 localhost:11863 ESTABLISHED 2344 [msnmsgr.exe] TCP 10.1.1.2:1108 localhost:1027 ESTABLISHED 3436 [SimpLite-MSN.exe] TCP 10.1.1.2:1364 localhost:1027 ESTABLISHED 5596 [firefox.exe] TCP 10.1.1.2:1372 localhost:1027 ESTABLISHED 5596 [firefox.exe] TCP 10.1.1.2:1266 localhost:1027 CLOSE_WAIT 2344 [msnmsgr.exe] TCP 10.1.1.2:1268 localhost:1027 CLOSE_WAIT 2344 [msnmsgr.exe] TCP 10.1.1.2:1273 localhost:1027 CLOSE_WAIT 2344 [msnmsgr.exe] TCP 10.1.1.2:1275 localhost:1027 CLOSE_WAIT 2344 [msnmsgr.exe] TCP 10.1.1.2:1277 localhost:1027 CLOSE_WAIT 2344 [msnmsgr.exe] TCP 10.1.1.2:1027 localhost:1368 TIME_WAIT 0 TCP 10.1.1.2:1027 localhost:1366 TIME_WAIT 0 TCP 10.1.1.2:1060 localhost:1374 TIME_WAIT 0 TCP 10.1.1.2:1271 localhost:1027 TIME_WAIT 0 TCP 10.1.1.2:11863 localhost:1270 TIME_WAIT 0
On older systems then Windows XP you will need third party application sto see what applications actually have these ports open you will need a program such as Inzider (free), available from: http://ntsecurity.nu/toolbox/inzider/. Another free tool is fport from Foundstone, available at: http://www.foundstone.com/resources/proddesc/fport.htm. There is a commercial program called TCPView from Winternals that provides a lot of information, available from: http://www.winternals.com/products/monitoringtools/tcpviewpro.asp. It appears this tool has been folded into a commercial offering available at http://www.winternals.com/Products/AdministratorsPak/
Last updated 4/10/2001
Copyright Kurt Seifried 2001