Checking ports on the local network. How to determine open ports
Using standard Windows tools, you can check whether the port that the program uses to operate is closed.
In order to check open/closed Windows ports, you must use the command line. To launch it, press the key combination “Windows + R”. After these steps, a window will open. You need to enter “cmd” in it. After that, press the “Enter” key.
A black window will appear on the screen, which experts call the Windows command line. Now you can run the utility itself, which will allow you to view the list of closed ports. Enter "netstat" into the command.
After entering, press the "Enter" key. The Command Prompt window will display information about all open ports on your computer. It will appear after the domain name of your personal computer and is separated from it by a colon. Please note that everything ports, which are not listed in this list are private. And if the port that your application uses is on this list, then it will need to be closed so that the application can function normally.
note
If the information provided is not enough for you, you can explore all the capabilities of the “netstat” utility by running it with the –h switch. This means entering the command “netstat -h” at the command prompt. Then in the window that appears you will see help for the "netstat" program.
Helpful advice
There is also a utility called "Windows Worms Doors Cleaner", which can not only show open and closed TCP/UDP ports, but also close the open port itself. Thus, you can further protect your computer from various threats on the Internet, as well as numerous viruses. The "NetStat Agent 2.0" program can replace the built-in "netstat".
Sources:
- NetStat Agent 2.0
Sometimes a user who wants to control his system as completely as possible needs to clarify which s connections are currently open from his computer. This operation takes no more than a few seconds.
Instructions
First of all, you can use netstat from the standard Windows XP set. To execute it, log into Windows and type “netstat 5” (without quotes). After executing the command, you will see an update every 5 seconds (you can specify any) containing information about open connections, programs using them and ports.
Sources:
- what port do I have open?
There are many programs running on the computer at the same time. If program uses an Internet connection and is allocated a specific port. Sometimes the user needs to control which port is used by one or another program.
Instructions
The need to determine which ones are used program(or what program uses ports), usually occurs when a computer is suspected of being infected with a Trojan program. If you notice something suspicious, open the command line: “Start” – “All Programs” – “Accessories” – “Command Prompt”.
Type tasklist in the command line and press Enter. You will receive data about all processes running in the system. Pay attention to the PID - process identifier. It will help determine which program uses one port or another.
Type netstat –aon at the command prompt and press Enter. You will see a list of current connections. In the “Local Address” column, the port number is indicated at the end of each line. The PID column contains process identifiers. After looking at the port number and its corresponding PID, go to the list of processes and use the ID number to determine which process is using this port.
If you cannot figure out which program it belongs to by the name of the process, use one of the programs that are suitable for this case. For example, the Everest program, also known as Aida64. Launch the program, open the “Operating System” tab, select “Processes”. In the list of processes, find the one you need and look at its launch line. This will help determine which program the process belongs to.
Use the AnVir Task Manager program for the same purpose. It allows you to monitor all suspicious processes, including processes of programs connecting to the Internet. All suspicious processes are highlighted in red in the program list.
If you see that the port is being used by a program unknown to you, then if there is a current connection in the “External address” column (command netstat –aon) you will see the IP address of the computer with which the connection is established. The “Status” column will contain the value ESTABLISHED – if the connection is currently present; CLOSE_WAIT if the connection is closed; LISTENING if program waiting for connection. The latter is typical for backdoors - one of the types of Trojan programs.
Sources:
- what ports does skype use
A firewall, also known as a firewall and firewall, is designed to control incoming and outgoing Internet traffic. The security of your network depends on how correctly the firewall is configured.
Instructions
The Windows operating system has a built-in firewall, but its capabilities are very limited, so it is better to use a third-party program. One of the best programs of this type is Outpost Firewall.
Before starting setup, open the main program window. Select “Options” - “System”, then find the “Global rules and rawsocket access” section at the bottom of the tab and click the “Rules” button in it.
In the window that opens, click the “Add” button. In the “Select an event for the rule” field, check the boxes “Where is the protocol”, “Where is the direction” and “Where is the local port”. Below, in the “Rule Description” field, select “Undefined” with the mouse in the “Where is the protocol” line and select the TCP protocol in the window that opens.
In the “Rule Description” field, click “Undefined” in the “Where is the direction” line, select “Incoming (from a remote computer to your computer)” in the connection type. In the same field, click “Undefined” in the “Where is the local port” line and enter the number of the port that needs to be closed.
In the “Select actions for the rule” field, check the “Block this data” checkbox. Click "OK" - the selected port is closed for incoming connections. You can also close it for outgoing ones by selecting “Outgoing (from your computer to a remote computer)” instead of an incoming connection in the settings described just above.
If you are using a regular firewall Windows, check the list of exceptions: “Start” - “Control Panel” - “Windows Firewall” - “Exceptions”. Uncheck "Remote" if you do not use it. You can disable exceptions altogether by checking the checkbox on the “General” tab in the “Do not allow exceptions” line.
The firewall in Windows 7 has more capabilities than in Windows XP; it can be used to control both individual ports and specified ranges. Create a rule for outgoing connections, when starting the rule creation wizard, select “All programs”. Click “Next”, in the window that opens, select “Block connections”. Click “Next” again, select a profile and specify a rule name. Then in the rule properties specify ports, which the firewall should block. The rule for incoming connections is created in the same way.
Internet applications send data through special ports. A network port is a dedicated system resource that runs on a specific network host. If the port is closed, the program will not be able to access the network, and therefore will not be able to perform its functions correctly.
Good afternoon, dear readers and guests of the blog, I am glad to welcome you again to the section about security, last time we learned how to remove a screenup virus, today the topic will be more interesting, namely how check open ports on Windows or Linux. I will describe my situation, I have a project, the customer provided 20 virtual machines, within which my organization must deploy a service there, some virtual machines are located on different networks and while the programmers have not had time to deploy everything on them, I need to use a special utility to listen to the port on one server and check that it responds on another, so to speak, network communication. Let's do this.
We install a service responding to the required port
As I wrote above, while the services are not deployed, no one is listening to the ports, but we need to check so that we don’t have to deal with this later. We need to use a special utility to emulate listening to the port (socket) we need. Those of you who know an operating system like Centos 7, they remember that it had an excellent utility called netcat. It allowed using certain commands to listen to the port required by the administrator.
netcat- a Unix utility that allows you to establish TCP and UDP connections, receive data from there and transmit it. On Windows platforms, it is also present.
We unpack the archive on the server where the service will run in the future. In the folder you will need the files nc.exe and nc64.exe. Next, hold down Shift and right-click on the folder, from the context menu select "Open command window"
Now let’s imagine that I want port 80 to work on the server, like an IIS server. Open netcat, first look at the help:
- -d detach from console, background mode
- -e prog inbound program to exec
- -g gateway source-routing hop point[s], up to 8
- -G num source-routing pointer: 4, 8, 12, ...
- -h this craft
- -i secs delay interval for lines sent, ports scanned
- -l - listen for incoming connections
- -L listen harder, re-listen on socket close
- -n numeric-only IP addresses, no DNS
- -o file hex dump of traffic
- -p - which connection will be listened to
- -r randomize local and remote ports
- -s - set local destination address
- -t answer TELNET negotiation
- -c send CRLF instead of just LF
- -u - UDP mode
- -v verbose
- -w secs timeout for connects and final net reads
- -z zero-I/O mode
We are interested in a command like this:
netcat-win32-1.12>nc.exe -l -p 80
As a result, a virtual socket is raised on the server that listens to connection 80, simulating a web server.
How to check if a port is open on a server
Now let's move to another server and try to check open ports on the remote server. To solve our problem, we will use the telnet utility; see how to install it. Open the command line and enter the following line:
telnet 10.242.17.134 80
As you can see, I indicated the IP address I needed and the required port number
By the way, you can check the open ports on the computer where the service is located with the command:
telnet localhost number 80
If the IP address does not respond to your request, then you will see an attempt to connect, after which you will be shown that this could not be done.
If the connection is successful, then you will see a black screen, either without text, or with some kind of welcome message that some service has responded to you.
Through external utilities
You can also check whether the port is open using external utilities; the main requirement here is that you have a white IP with Internet access. Let’s imagine the same situation: you need to test the 80 connection on which the company’s website will be located. You deployed it, but for some reason it doesn’t work. Not long ago, I told you about the ping.eu () service. One of the items in this toolkit was port check (checking open ports). In the “ip address or host name” field you write the ip address or dns name of the service, which requires verification, and in the adjacent field, the required socket number, in my case 80, click “Go”. In a second, you will get the result whether ports 80 or 443 are open on the site or not. In my case the status is "open".
Mass checking of open ports on the network and locally
There are special utilities whose task is to scan a computer or server for available ports through which there is a connection; they are called port scanners. There are a lot of such programs, I will give an example in the form of XSpider 7.7. How to check if a port is open in the XSpider 7.7 utility. Right-click on “scanned hosts” and add a host or range of IP addresses.
You specify what exactly will be checked.
Click the start icon and start the procedure.
You may see a warning that your actions may be recognized as a DDoS attack and many firewalls on the network may simply ban you, so be careful.
Sources: Wikipedia, Microsoft, portscan.ru
How can I find out which ports are open on my computer?
- For Windows: Start → “cmd” → Run as administrator → “netstat -bn”
- In an antivirus program such as Avast, it is possible to view active ports in the Firewall: tools -> Firewall -> Network connections.
Also useful netstat commands:
To display both the Ethernet statistics and the statistics for all protocols, type the following command:
netstat -e -s
To display the statistics for only the TCP and UDP protocols, type the following command:
netstat -s -p tcp udp
To display active TCP connections and the process IDs every 5 seconds, type the following command:
nbtstat -o 5
To display active TCP connections and the process IDs using numerical form, type the following command:
nbtstat -n -o
The following status values are valid for TCP sockets:
CLOSED | Closed The socket is not in use. |
LISTEN (LISTENING) | Waits for incoming connections. |
SYN_SENT | Actively trying to establish a connection. |
SYN_RECEIVED | The initial connection synchronization is in progress. |
ESTABLISHED | The connection is established. |
CLOSE_WAIT | The remote party has disconnected; waiting for the socket to close. |
FIN_WAIT_1 | The socket is closed; disconnecting the connection. |
CLOSING | The socket is closed, then the remote side disconnects; Waiting for confirmation. |
LAST_ACK | The remote side disconnected, then the socket is closed; Waiting for confirmation. |
FIN_WAIT_2 | The socket is closed; waiting for the remote side to disconnect. |
TIME_WAIT | The socket is closed, but is waiting for packets still on the network to be processed |
List of most commonly used ports
№ | Port | Protocol | Description |
---|---|---|---|
1 | 20 | FTP Data | File Transfer Protocol - file transfer protocol. Data port. |
2 | 21 | FTP Control | File Transfer Protocol - file transfer protocol. Port for commands. |
3 | 22 | SSH | Secure SHell - “safe shell”. Protocol for remote control of the operating system. |
4 | 23 | telnet | TERminaL NETwork. Protocol for implementing a text interface over the network. |
5 | 25 | SMTP | Simple Mail Transfer Protocol - a simple mail transfer protocol. |
6 | 42 | WINS | Windows Internet Name Service. Service for mapping NetBIOS computer names to host IP addresses. |
7 | 43 | WHOIS | "Who is". Protocol for obtaining registration data about domain name owners and IP addresses. |
8 | 53 | DNS | Domain Name System - domain name system. |
9 | 67 | DHCP | Dynamic Host Configuration Protocol - protocol for dynamic host configuration. Obtaining dynamic IPs. |
10 | 69 | TFTP | Trivial File Transfer Protocol - a simple file transfer protocol. |
11 | 80 | HTTP/Web | HyperText Transfer Protocol - hypertext transfer protocol. |
12 | 110 | POP3 | Post Office Protocol Version 3 - protocol for receiving email, version 3. |
13 | 115 | SFTP | SSH File Transfer Protocol. Secure data transfer protocol. |
14 | 123 | NTP | Network Time Protocol. A protocol for synchronizing the computer's internal clock. |
15 | 137 | NetBIOS | Network Basic Input/Output System. Protocol for providing network input/output operations. Name service. |
16 | 138 | NetBIOS | Network Basic Input/Output System. Protocol for providing network input/output operations. Connection service. |
17 | 139 | NetBIOS | Network Basic Input/Output System. Protocol for providing network input/output operations. Session service. |
18 | 143 | IMAP | Internet Message Access Protocol. Application layer protocol for accessing email. |
19 | 161 | SNMP | Simple Network Management Protocol - a simple network management protocol. Device management. |
20 | 179 | BGP | Border Gateway Protocol, border gateway protocol. Dynamic routing protocol. |
21 | 443 | HTTPS | HyperText Transfer Protocol Secure) is an HTTP protocol that supports encryption. |
22 | 445 | SMB | Server Message Block. A protocol for remote access to files, printers and network resources. |
23 | 514 | Syslog | System Log. A protocol for sending and recording messages about ongoing system events. |
24 | 515 | LPD | Line Printer Daemon. Protocol for remote printing on a printer. |
25 | 993 | IMAP SSL | IMAP protocol supporting SSL encryption. |
26 | 995 | POP3 SSL | POP3 protocol supporting SSL encryption. |
27 | 1080 | SOCKS | SOCKet Secure. Protocol for obtaining secure anonymous access. |
28 | 1194 | OpenVPN | Open implementation of Virtual Private Network (VPN) technology. |
29 | 1433 | MSSQL | Microsoft SQL Server is a database management system. Database access port. |
30 | 1702 | L2TP (IPsec) | Protocol for supporting virtual private networks. As well as a set of data protection protocols. |
31 | 1723 | PPTP | Tunnel protocol for a secure connection with a point-to-point server. |
32 | 3128 | Proxy | At the moment, the port is often used by proxy servers. |
33 | 3268 | LDAP | Lightweight Directory Access Protocol - lightweight access protocol to directories (directory services). |
34 | 3306 | MySQL | Access to MySQL databases. |
35 | 3389 | RDP | Remote Desktop Protocol - remote desktop protocol for Windows. |
36 | 5432 | PostgreSQL | Access to PostgreSQL databases. |
37 | 5060 | SIP | Protocol for establishing a session and transmitting multimedia content. |
38 | 5900 | VNC | Virtual Network Computing is a system for remote access to a computer desktop. |
39 | 5938 | TeamViewer | TeamViewer is a system for providing remote computer control and data exchange. |
40 | 8080 | HTTP/Web | An alternative port for the HTTP protocol. Sometimes used by proxy servers. |
41 | 10000 | NDMP | Popular port: Webmin, SIP-voice, VPN IPSec over TCP. |
42 | 20000 | DNP |