NETSTAT

The netstat utility displays open ports on a machine or the ports which are in use, it’ a utility but not a port scanning tool, so don’t get confused here  🙂
On widnows open command prompt and type
C:’WINDOWS>netstat -an |find /i “listening”
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1084 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2094 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENINGYou can collect all the output in a file by redirecting it using the following command;

netstat -an |find /i “listening” > c:’openports.txt

In order to find out the ports to which your machine has established the connections you need to replace “listening” to “established”

You may get a similar output which would be as follows;

C:’WINDOWS>netstat -an |find /i “established”
TCP   192.168.0.100:1084   192.168.0.200:1026   ESTABLISHED
TCP   192.168.0.100:2094   192.168.0.200:1166   ESTABLISHED
TCP   192.168.0.100:2305   209.211.250.3:80   ESTABLISHED
TCP   192.168.0.100:2316   212.179.112.230:80   ESTABLISHED
TCP   192.168.0.100:2340   209.211.250.3:110   ESTABLISHED

Additional info about the netstat command;

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

-a            Displays all connections and listening ports.
-b            Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e            Displays Ethernet statistics. This may be combined with the -s
option.
-n            Displays addresses and port numbers in numerical form.
-o            Displays the owning process ID associated with each connection.
-p proto      Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r            Displays the routing table.
-s            Displays per-protocol statistics.  By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v            When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval      Redisplays selected statistics, pausing interval seconds
between each display.  Press CTRL+C to stop redisplaying
statistics.  If omitted, netstat will print the current
configuration information once.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s