Monday, 28 July 2008

Checking Active and Listening Porting in Windows

The netstat command is your friend in Windows. Although there are far superior tools, netstat is on practically all Windows systems (minus those that have been broken).

netstat -na
This command will display the ports that are active or listening on a Windows System.
This is useful in seeing what connections are being made to and from the host. This is a common command in the System Admins toolchest. A few additional and less used flags make this even more useful.

netstat -nao
The addition of the "o" adds PID (Process Identifier) to the output. This is handy if you want to find a connection and stop (or kill) it.

This can go even further.

Piping commands

Simple scripting makes these commands particularly powerful if used correctly. For instance, if you want to display only the "LISTENING" ports, piping the output to the "find" command makes this a simple process.

"netstat -nao find "LISTENING" " will display only the selection of ports thta are listening on the host. This can be used to serach for services, hosts and anything you want to look for. It comes in particularly handy when associated with the next option for the netstat command.

netstat -nab

This option is newer (XP SP2 on) and will not work on older hosts. It is worth the time to learn though. the "nab" option displays the "exe" or "dll" that is associated with the port.

This command allows the system admin to discover what program is opening a particular port on the host. Coupled with the pipe above, a simple script may be easily created to find the execuatable that has opened or is using a particular port or even to find what ports a particular program is listening on.


To go further the next step is the "Port Reporter" tool by Microsoft.

No comments: