Usually, if you want to see all the used and listening ports on your computer, you'd use the NETSTAT command.
Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool! If you want to have your computer scanned for open ports see this page instead (link will follow shortly).
Open Command Prompt and type:
C:\WINDOWS>netstat -an |find /i "listening"
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1084 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2094 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
You can redirect it to a text file by adding >c:\openports.txt to the command, if you want to:
netstat -an |find /i "listening" > c:\openports.txt
You can also change "listening" to "established" to see what ports your computer actually communicates with:
C:\WINDOWS>netstat -an |find /i "established"
TCP 192.168.0.100:1084 192.168.0.200:1026 ESTABLISHED
TCP 192.168.0.100:2094 192.168.0.200:1166 ESTABLISHED
TCP 192.168.0.100:2305 209.211.250.3:80 ESTABLISHED
TCP 192.168.0.100:2316 212.179.112.230:80 ESTABLISHED
TCP 192.168.0.100:2340 209.211.250.3:110 ESTABLISHED
Note: In Windows XP and Windows Server 2003, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection:
C:\WINDOWS>netstat -ao |find /i "listening"
TCP pro1:epmap pro1.dpetri.net:0 LISTENING 860
TCP pro1:microsoft-ds pro1.dpetri.net:0 LISTENING 4
TCP pro1:1025 pro1.dpetri.net:0 LISTENING 908
TCP pro1:1084 pro1.dpetri.net:0 LISTENING 596
TCP pro1:2094 pro1.dpetri.net:0 LISTENING 596
TCP pro1:3389 pro1.dpetri.net:0 LISTENING 908
TCP pro1:5000 pro1.dpetri.net:0 LISTENING 1068
You can use PULIST from the W2K Resource Kit (*www.petri.co.il/download_free_reskit_tools.htm) to find the PID and see what process uses it and who started it. For example, you found out that your computer had an open connection to a remote IP address on TCP port 80, and you don't have any Internet Explorer or other browser windows open. You want to find out what process is using that session.
C:\WINDOWS>netstat -no
Active Connections
Proto Local Address Foreign Address State PID
TCP 192.168.0.100:2496 212.179.4.7:80 ESTABLISHED 1536
You can then use PULIST with the FIND command:
C:\WINDOWS>pulist |find /i "1536"
Process PID User
LUCOMS~1.EXE 1536 DPETRI\danielp
Cheers !
Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool! If you want to have your computer scanned for open ports see this page instead (link will follow shortly).
Open Command Prompt and type:
C:\WINDOWS>netstat -an |find /i "listening"
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1084 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2094 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
You can redirect it to a text file by adding >c:\openports.txt to the command, if you want to:
netstat -an |find /i "listening" > c:\openports.txt
You can also change "listening" to "established" to see what ports your computer actually communicates with:
C:\WINDOWS>netstat -an |find /i "established"
TCP 192.168.0.100:1084 192.168.0.200:1026 ESTABLISHED
TCP 192.168.0.100:2094 192.168.0.200:1166 ESTABLISHED
TCP 192.168.0.100:2305 209.211.250.3:80 ESTABLISHED
TCP 192.168.0.100:2316 212.179.112.230:80 ESTABLISHED
TCP 192.168.0.100:2340 209.211.250.3:110 ESTABLISHED
Note: In Windows XP and Windows Server 2003, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection:
C:\WINDOWS>netstat -ao |find /i "listening"
TCP pro1:epmap pro1.dpetri.net:0 LISTENING 860
TCP pro1:microsoft-ds pro1.dpetri.net:0 LISTENING 4
TCP pro1:1025 pro1.dpetri.net:0 LISTENING 908
TCP pro1:1084 pro1.dpetri.net:0 LISTENING 596
TCP pro1:2094 pro1.dpetri.net:0 LISTENING 596
TCP pro1:3389 pro1.dpetri.net:0 LISTENING 908
TCP pro1:5000 pro1.dpetri.net:0 LISTENING 1068
You can use PULIST from the W2K Resource Kit (*www.petri.co.il/download_free_reskit_tools.htm) to find the PID and see what process uses it and who started it. For example, you found out that your computer had an open connection to a remote IP address on TCP port 80, and you don't have any Internet Explorer or other browser windows open. You want to find out what process is using that session.
C:\WINDOWS>netstat -no
Active Connections
Proto Local Address Foreign Address State PID
TCP 192.168.0.100:2496 212.179.4.7:80 ESTABLISHED 1536
You can then use PULIST with the FIND command:
C:\WINDOWS>pulist |find /i "1536"
Process PID User
LUCOMS~1.EXE 1536 DPETRI\danielp
Cheers !
