Netstat

Another usefull build in command that can be used to get information about your current open port is the netstat command.

There is a build in command line tool in the Windows and also UNIX operation system that call netstat with this command you can get the current local ip address and the destination ip address that it connected to with the local and destination port that they talk with each other, it is will also show the protocol that they current use, like TCP (Transmission Control Protocol) and the UDP (User Datagram Protocol).

When you run the command depending on the selected parameters, it can show you the ports as a number, re: 80, and it can also show you the port as a string, re: http, there are some known port number that gain a string to represent them, like the following list:

  • FTP – 21
  • SSH – 22
  • Telnet – 23
  • SMTP – 25
  • DNS – 53
  • http – 80
  • https – 443

and so on, you can search the web for a full list of known ports and the assign name, if it has, that it has, the rang of the ports start from 1 to 65535 ( 16-bit unsigned integer).

This command can get several arguments as parameters and show you network information about your system. if you run the netstat command line with the parameter that show help and information about the command, it will show you the following (windows):

C:\Users\Administrator>netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

-a          Displays all connections and listening ports.

-b           Displays the executable involved in creating each connection or

listening port. In some cases well-known executables host

multiple independent components, and in these cases the

sequence of components involved in creating the connection

or listening port is displayed. In this case the executable

name is in [] at the bottom, on top is the component it called,

and so forth until TCP/IP was reached. Note that this option

can be time-consuming and will fail unless you have sufficient

-e           Displays Ethernet statistics. This may be combined with the -s

-f           Displays Fully Qualified Domain Names (FQDN) for foreign

-n           Displays addresses and port numbers in numerical form.

-o           Displays the owning process ID associated with each connection.

-p proto     Shows connections for the protocol specified by proto; proto

may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s

option to display per-protocol statistics, proto may be any of:

IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.

-r           Displays the routing table.

-s           Displays per-protocol statistics. By default, statistics are

shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;

the -p option may be used to specify a subset of the default.

-t           Displays the current connection offload state.

interval     Redisplays selected statistics, pausing interval seconds

between each display. Press CTRL+C to stop redisplaying

statistics. If omitted, netstat will print the current

configuration information once.

 

 

netstat command line
netstat

To open the command line, you can use the following ways:

  1. Press the windows start button (in newer operation system it does not have the word start on it) and in the text box write cmd and press enter.
  2. Hold down the window key on the keyboard and press on the R key, this will the run dialog box, in it type cmd and press enter.
  3. You can create a bat file, right click -> new text document, give it a name and change the extension from txt to bat, edit the file and type cmd in it, save the file, double click on it will open the commend line, please note that this way you can also right click the bat file and select the run as administrator, if needed.

 

Now that you have the command line open type in it netstat –an and press enter. It will show you a list of with information about open connection and listen ports on your computer, the output will show you the used protocol, re: TCP/UDP, the Local Address and its port, under windows you will have the : symbol that split between the address and the port, in Unix like you will have another dot (.), the next field is the Foreign Address, also here is split with : or . (dot) between the ip and the port, and the last filed showing the State, re:

  • LISTENING – Waiting for connection.
  • CLOSE_WAIT – Waiting to close the connection
  • ESTABLISHED – connected and transferring date.
  • TIME_WAIT – Hang and wait.

 

Please note that listen TCP port will not have a Foreign Address, due to the fact that they wait for incoming connections, and as soon as some connection arrived it can accept or reject the connection and return to a state of listen, wait for the next connection, most of the time when a connection is accepted, the application flow will open a new port to continue the communication so that the listen port will be free to accept new connections.

 

You can also see on the local connection under the TCP protocol that you have an ip of 0.0.0.0 or 127.0.0.1 or your computer ip address or even no ip address, that because all of them represent the current computer, so the ip address is less important as the port it use, all the local address are from your computer.

 

TCP protocol is provides reliable, ordered, error-checked protocol what means that it kind of safe protocol, you know that what was send will be check to verify that it receive as it need to be, and in case of error it will try to resend the problematic data to complete the transit, this can give you an almost guarantee for the delivery of a stream or data.

On UDP, due to its nature, we use to nick name it as send and forget, you know that you jest send the data, you never know when it will arrived, in what order and if there was any problem in the way, of course if you decide to build application that use this protocol you can verify yourself of those things and by that accomplish and faster protocol then the TCP protocol, one of its common use is to send a message to several client on the same time, lie voice etc.

 

If you run the following command line netstat –nab you will also see the responsible process that open the ports, there are some process that manage more than one port, the added ‘b’ parameter is responsible to that, this is a good way to figure out that process on my computer is opening ports .

In conclusion the netstat command line is a great build in tool that can be use to check you current network connections state, I will explore more command line tools that you can use on your computer to get extra information, related to network, but not only, from your computer, like ipconfig, nbtstat, arp and more.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>