As open windows to a computer, ports wait for a particular kind of communication. The more ports your servers have open, the easier it is for attackers to connect to that server. In addition, the types of ports your server has open can give away a lot of information about it. One of the first things an attacker will do is monitor your network traffic to try to see which ports are in use. An important security implementation is to restrict which traffic is allowed into your network by allowing only traffic through certain ports on your firewall.
The Netstat Command
You might already be familiar with the Netstat command. What you might not know is that Netstat can be used to determine which Windows XP process is using or blocking TCP/IP ports on your computer. Netstat displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, Netstat displays active TCP connections.
As the following list illustrates, Netstat has several parameters (using netstat /? in a command prompt window will display all available command-line parameters):
-a -- Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.
-e -- Displays Ethernet statistics, such as the number of bytes and packets sent and received. This parameter can be combined with -s.
-n -- Displays active TCP connections; however, addresses and port numbers are expressed numerically and no attempt is made to determine names.
-o -- Displays active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. This parameter can be combined with -a, -n and -p.
-p Protocol -- Shows connections for the protocol specified by protocol. In this case, protocol can be tcp, udp, tcpv6, or udpv6. If this parameter is used with -s to display statistics by protocol, protocol can be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6, or ipv6.
-s -- Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP protocols. If the IPv6 protocol is installed, statistics are shown for the TCP over IPv6, UDP over IPv6, ICMPv6 and IPv6 protocols. The -p parameter can be used to specify a set of protocols.
-r -- Displays the contents of the IP routing table. This is equivalent to the route print command.
Combining Netstat commands with Task Manager in Windows XP will allow you to determine active TCP/IP ports.
Or even better monitor them yourself, you may not want to close that port,
Open Ports Scanner 2.4 ( View screenshot )
This utility allows you to view open TCP and UDP ports on your computer, view the underlying software that opens these ports and export open ports information into a text file. You may even close open connections from within this application.
Updated Mar 2, 2008 09:28:51
Size 531 kb
Status Major Update
Tags open ports, tcp ports, udp ports, port scanner, trojan, malware, process, security, netstat, port monitor, network monitor, monitoring, remote, address
OS Windows ME, Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista
Author Filesland Software