OPEN ports in Windows
Usually, if you want to see all the used and listening ports on your computer, you’d use the NETSTAT command. its about time to blog something related about Windows 🙂 not just linux,
Note: The NETSTAT command will show you whatever ports are open or in use,
Open Command Prompt and type:
netstat -an |find /i "listening"
it will show something like
CP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1084 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2094 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
You can pipe it to a text file by adding > c:openports.txt to the command, if you want to…
command: netstat -an |find /i "listening" > c:openports.txt
You can also change “listening” to “established” to see what ports your computer actually communicates with:
command: netstat -an |find /i "established"
result:
TCP 192.168.0.2:1084 192.168.0.200:1026 ESTABLISHED
TCP 192.168.0.2:2094 192.168.0.200:1166 ESTABLISHED
TCP 192.168.0.2:2305 209.211.250.3:80 ESTABLISHED
TCP 192.168.0.2:2316 212.179.112.230:80 ESTABLISHED
TCP 192.168.0.2:2340 209.211.250.3:110 ESTABLISHED
Note: In Windows XP and Windows Server 2003, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection:
command: netstat -ao |find /i "listening"
TCP pro1:epmap pro1.dpetri.net:0 LISTENING 860
TCP pro1:microsoft-ds pro1.dpetri.net:0 LISTENING 4
TCP pro1:1025 pro1.dpetri.net:0 LISTENING 908
TCP pro1:1084 pro1.dpetri.net:0 LISTENING 596
TCP pro1:2094 pro1.dpetri.net:0 LISTENING 596
TCP pro1:3389 pro1.dpetri.net:0 LISTENING 908
TCP pro1:5000 pro1.dpetri.net:0 LISTENING 1068
To see all open, established, closing and other used ports type:
command: netstat -a
result:
Active Connections
Proto Local Address Foreign Address State
TCP pro1:epmap pro1.dpetri.net:0 LISTENING
TCP pro1:microsoft-ds pro1.dpetri.net:0 LISTENING
TCP pro1:1025 pro1.dpetri.net:0 LISTENING
TCP pro1:1084 pro1.dpetri.net:0 LISTENING
TCP pro1:2094 pro1.dpetri.net:0 LISTENING
TCP pro1:3389 pro1.dpetri.net:0 LISTENING
TCP pro1:5000 pro1.dpetri.net:0 LISTENING
TCP pro1:1084 srv1.dpetri.net:1026 ESTABLISHED
TCP pro1:2094 srv1.dpetri.net:1166 ESTABLISHED
TCP pro1:2365 srv1.dpetri.net:epmap TIME_WAIT
TCP pro1:2366 srv1.dpetri.net:1026 TIME_WAIT
UDP pro1:epmap *:*
UDP pro1:microsoft-ds *:*
UDP pro1:isakmp *:*
UDP pro1:1026 *:*
UDP pro1:1027 *:*
UDP pro1:1028 *:*
UDP pro1:1038 *:*
UDP pro1:1043 *:*
UDP pro1:1085 *:*
UDP pro1:1086 *:*
UDP pro1:1242 *:*
UDP pro1:ntp *:*
UDP pro1:1649 *:*
UDP pro1:1900 *:*
UDP pro1:2095 *:*
UDP pro1:2217 *:*
UDP pro1:ntp *:*
UDP pro1:1900 *:*
Again, in XP/2003 you can use the -O switch:
command: netstat -ao
result:
Active Connections
Proto Local Address Foreign Address State PID
TCP pro1:epmap pro1.dpetri.net:0 LISTENING 860
TCP pro1:microsoft-ds pro1.dpetri.net:0 LISTENING 4
TCP pro1:1025 pro1.dpetri.net:0 LISTENING 908
TCP pro1:1084 pro1.dpetri.net:0 LISTENING 596
TCP pro1:2094 pro1.dpetri.net:0 LISTENING 596
TCP pro1:3389 pro1.dpetri.net:0 LISTENING 908
TCP pro1:5000 pro1.dpetri.net:0 LISTENING 1068
TCP pro1:1084 srv1.dpetri.net:1026 ESTABLISHED 596
TCP pro1:2094 srv1.dpetri.net:1166 ESTABLISHED 596
UDP pro1:epmap *:* 860
UDP pro1:microsoft-ds *:* 4
UDP pro1:isakmp *:* 680
UDP pro1:1026 *:* 1040
UDP pro1:1027 *:* 1040
UDP pro1:1028 *:* 680
UDP pro1:1038 *:* 908
UDP pro1:1043 *:* 624
UDP pro1:1085 *:* 596
UDP pro1:1086 *:* 596
UDP pro1:1242 *:* 1040
UDP pro1:ntp *:* 908
UDP pro1:1649 *:* 596
UDP pro1:1900 *:* 1068
UDP pro1:2095 *:* 976
UDP pro1:2217 *:* 1856
UDP pro1:ntp *:* 908
UDP pro1:1900 *:* 1068