We can find a list of open ports on our machine with the command
c:\Tools>netstat -aon
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 856
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 500
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1012
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1072
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 600
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 584
TCP 10.0.2.15:139 0.0.0.0:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 856
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:5357 [::]:0 LISTENING 4
TCP [::]:49152 [::]:0 LISTENING 500
TCP [::]:49153 [::]:0 LISTENING 1012
TCP [::]:49154 [::]:0 LISTENING 1072
TCP [::]:49155 [::]:0 LISTENING 600
TCP [::]:49156 [::]:0 LISTENING 584
UDP 0.0.0.0:123 *:* 1208
UDP 0.0.0.0:500 *:* 1072
UDP 0.0.0.0:4500 *:* 1072
UDP 0.0.0.0:5355 *:* 1364
UDP 10.0.2.15:137 *:* 4
UDP 10.0.2.15:138 *:* 4
UDP 10.0.2.15:1900 *:* 1208
UDP 127.0.0.1:1900 *:* 1208
UDP 127.0.0.1:64594 *:* 1208
UDP [::]:123 *:* 1208
UDP [::]:500 *:* 1072
UDP [::1]:1900 *:* 1208
UDP [::1]:64593 *:* 1208
UDP [fe80::100:7f:fffe%11]:1900 *:* 1208
UDP [fe80::2031:52a2:cbee:b0b3%17]:1900 *:* 1208
We can find the executable associated with the ports number with the command
c:\Tools>netstat -anb
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
Eventlog
[svchost.exe]
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
[services.exe]
TCP 10.0.2.15:139 0.0.0.0:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP [::]:135 [::]:0 LISTENING
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP [::]:5357 [::]:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP [::]:49152 [::]:0 LISTENING
[wininit.exe]
TCP [::]:49153 [::]:0 LISTENING
Eventlog
[svchost.exe]
TCP [::]:49154 [::]:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:49155 [::]:0 LISTENING
[lsass.exe]
TCP [::]:49156 [::]:0 LISTENING
[services.exe]
UDP 0.0.0.0:123 *:*
W32Time
[svchost.exe]
UDP 0.0.0.0:500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:4500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:*
Dnscache
[svchost.exe]
UDP 10.0.2.15:137 *:*
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
UDP 10.0.2.15:138 *:*
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
UDP 10.0.2.15:1900 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:1900 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:64594 *:*
SSDPSRV
[svchost.exe]
UDP [::]:123 *:*
W32Time
[svchost.exe]
UDP [::]:500 *:*
IKEEXT
[svchost.exe]
UDP [::1]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [::1]:64593 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::100:7f:fffe%11]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::2031:52a2:cbee:b0b3%17]:1900 *:*
SSDPSRV
[svchost.exe]
c:\Tools>
We can obtain a similar information from openports http://www.diamondcs.com.au/openports/
c:\Tools>openports.exe -list -path
DiamondCS OpenPorts v1.0 (-? for help)
Copyright (C) 2003, DiamondCS - http://www.diamondcs.com.au/openports/
Free for personal and educational use only. See openports.txt for more details.
_______________________________________________________________________________
SYSTEM [0]
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 10.0.2.15:139 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
UDP 0.0.0.0:68 0.0.0.0:0 LISTENING
UDP 0.0.0.0:123 0.0.0.0:0 LISTENING
UDP 10.0.2.15:137 0.0.0.0:0 LISTENING
UDP 10.0.2.15:138 0.0.0.0:0 LISTENING
UDP 0.0.0.0:500 0.0.0.0:0 LISTENING
UDP 10.0.2.15:1900 0.0.0.0:0 LISTENING
UDP 127.0.0.1:1900 0.0.0.0:0 LISTENING
UDP 0.0.0.0:4500 0.0.0.0:0 LISTENING
UDP 0.0.0.0:5355 0.0.0.0:0 LISTENING
UDP 127.0.0.1:64594 0.0.0.0:0 LISTENING
c:\Tools>
http://www.iana.org/assignments/port-numbers
We can obtain a detailed information with CurrPorts from this following link
http://www.nirsoft.net/utils/cports.html
The TCPView utility can also provide the same kind of output.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
c:\Tools>netstat -aon
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 856
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 500
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1012
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1072
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 600
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 584
TCP 10.0.2.15:139 0.0.0.0:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 856
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:5357 [::]:0 LISTENING 4
TCP [::]:49152 [::]:0 LISTENING 500
TCP [::]:49153 [::]:0 LISTENING 1012
TCP [::]:49154 [::]:0 LISTENING 1072
TCP [::]:49155 [::]:0 LISTENING 600
TCP [::]:49156 [::]:0 LISTENING 584
UDP 0.0.0.0:123 *:* 1208
UDP 0.0.0.0:500 *:* 1072
UDP 0.0.0.0:4500 *:* 1072
UDP 0.0.0.0:5355 *:* 1364
UDP 10.0.2.15:137 *:* 4
UDP 10.0.2.15:138 *:* 4
UDP 10.0.2.15:1900 *:* 1208
UDP 127.0.0.1:1900 *:* 1208
UDP 127.0.0.1:64594 *:* 1208
UDP [::]:123 *:* 1208
UDP [::]:500 *:* 1072
UDP [::1]:1900 *:* 1208
UDP [::1]:64593 *:* 1208
UDP [fe80::100:7f:fffe%11]:1900 *:* 1208
UDP [fe80::2031:52a2:cbee:b0b3%17]:1900 *:* 1208
We can find the executable associated with the ports number with the command
c:\Tools>netstat -anb
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
Eventlog
[svchost.exe]
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
[services.exe]
TCP 10.0.2.15:139 0.0.0.0:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP [::]:135 [::]:0 LISTENING
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP [::]:5357 [::]:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP [::]:49152 [::]:0 LISTENING
[wininit.exe]
TCP [::]:49153 [::]:0 LISTENING
Eventlog
[svchost.exe]
TCP [::]:49154 [::]:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:49155 [::]:0 LISTENING
[lsass.exe]
TCP [::]:49156 [::]:0 LISTENING
[services.exe]
UDP 0.0.0.0:123 *:*
W32Time
[svchost.exe]
UDP 0.0.0.0:500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:4500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:*
Dnscache
[svchost.exe]
UDP 10.0.2.15:137 *:*
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
UDP 10.0.2.15:138 *:*
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
UDP 10.0.2.15:1900 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:1900 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:64594 *:*
SSDPSRV
[svchost.exe]
UDP [::]:123 *:*
W32Time
[svchost.exe]
UDP [::]:500 *:*
IKEEXT
[svchost.exe]
UDP [::1]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [::1]:64593 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::100:7f:fffe%11]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::2031:52a2:cbee:b0b3%17]:1900 *:*
SSDPSRV
[svchost.exe]
c:\Tools>
We can obtain a similar information from openports http://www.diamondcs.com.au/openports/
c:\Tools>openports.exe -list -path
DiamondCS OpenPorts v1.0 (-? for help)
Copyright (C) 2003, DiamondCS - http://www.diamondcs.com.au/openports/
Free for personal and educational use only. See openports.txt for more details.
_______________________________________________________________________________
SYSTEM [0]
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 10.0.2.15:139 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
UDP 0.0.0.0:68 0.0.0.0:0 LISTENING
UDP 0.0.0.0:123 0.0.0.0:0 LISTENING
UDP 10.0.2.15:137 0.0.0.0:0 LISTENING
UDP 10.0.2.15:138 0.0.0.0:0 LISTENING
UDP 0.0.0.0:500 0.0.0.0:0 LISTENING
UDP 10.0.2.15:1900 0.0.0.0:0 LISTENING
UDP 127.0.0.1:1900 0.0.0.0:0 LISTENING
UDP 0.0.0.0:4500 0.0.0.0:0 LISTENING
UDP 0.0.0.0:5355 0.0.0.0:0 LISTENING
UDP 127.0.0.1:64594 0.0.0.0:0 LISTENING
c:\Tools>
http://www.iana.org/assignments/port-numbers
We can obtain a detailed information with CurrPorts from this following link
http://www.nirsoft.net/utils/cports.html
The TCPView utility can also provide the same kind of output.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
No comments:
Post a Comment