Quickly find all the listening or open ports on you computer

Status
Not open for further replies.

anishcool

TE God
Usually, if you want to see all the used and listening ports on your computer, you'd use the NETSTAT command.

Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool! If you want to have your computer scanned for open ports see this page instead (link will follow shortly).

Open Command Prompt and type:

C:\WINDOWS>netstat -an |find /i "listening"
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1084 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2094 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING

You can redirect it to a text file by adding >c:\openports.txt to the command, if you want to:

netstat -an |find /i "listening" > c:\openports.txt

You can also change "listening" to "established" to see what ports your computer actually communicates with:

C:\WINDOWS>netstat -an |find /i "established"
TCP 192.168.0.100:1084 192.168.0.200:1026 ESTABLISHED
TCP 192.168.0.100:2094 192.168.0.200:1166 ESTABLISHED
TCP 192.168.0.100:2305 209.211.250.3:80 ESTABLISHED
TCP 192.168.0.100:2316 212.179.112.230:80 ESTABLISHED
TCP 192.168.0.100:2340 209.211.250.3:110 ESTABLISHED

Note: In Windows XP and Windows Server 2003, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection:

C:\WINDOWS>netstat -ao |find /i "listening"
TCP pro1:epmap pro1.dpetri.net:0 LISTENING 860
TCP pro1:microsoft-ds pro1.dpetri.net:0 LISTENING 4
TCP pro1:1025 pro1.dpetri.net:0 LISTENING 908
TCP pro1:1084 pro1.dpetri.net:0 LISTENING 596
TCP pro1:2094 pro1.dpetri.net:0 LISTENING 596
TCP pro1:3389 pro1.dpetri.net:0 LISTENING 908
TCP pro1:5000 pro1.dpetri.net:0 LISTENING 1068

You can use PULIST from the W2K Resource Kit (*www.petri.co.il/download_free_reskit_tools.htm) to find the PID and see what process uses it and who started it. For example, you found out that your computer had an open connection to a remote IP address on TCP port 80, and you don't have any Internet Explorer or other browser windows open. You want to find out what process is using that session.

C:\WINDOWS>netstat -no

Active Connections

Proto Local Address Foreign Address State PID
TCP 192.168.0.100:2496 212.179.4.7:80 ESTABLISHED 1536

You can then use PULIST with the FIND command:

C:\WINDOWS>pulist |find /i "1536"

Process PID User
LUCOMS~1.EXE 1536 DPETRI\danielp

Cheers !
 

Killer_Sam

Broken In
well why waste so much on writing and making mess with our mind
go to any good security "Open Developement" Site
download some very very geeky tools and hurray not only you get lot of control
but you can also hack in ! in other computers !
 

quad master

In the zone
use Nmap the ultimate port scanner from insecure.org

Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL.

More Info
~~~~~~
*www.insecure.org/nmap/

Download Link
~~~~~~~~~
*www.insecure.org/nmap/nmap_download.html

Windows
*download.insecure.org/nmap/dist/nmap-3.55-SP2-win32.zip
 
Status
Not open for further replies.
Top Bottom