Another useful build in command that can be used to get information about your current open port is the netstat command.
There is a build in command line tool in the Windows and also UNIX operation system that call netstat with this command you can get the current local ip address and the destination ip address that it connected to with the local and destination port that they talk with each other, it is will also show the protocol that they current use, like TCP (Transmission Control Protocol) and the UDP (User Datagram Protocol).
When you run the command depending on the selected parameters, it can show you the ports as a number, re: 80, and it can also show you the port as a string, re: http, there are some known port number that gain a string to represent them, like the following list:
- FTP – 21
- SSH – 22
- Telnet – 23
- SMTP – 25
- DNS – 53
- http – 80
- https – 443
and so on, you can search the web for a full list of known ports and the assign name, if it has, that it has, the rang of the ports start from 1 to 65535 ( 16-bit unsigned integer).
The command can get several arguments as parameters and show you network information about your system. if you run the netstat command line with the parameter that show help and information about the command, it will show you the following (windows):
Netstat command line help:
C:\Users\Administrator>netstat /?
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]
- -a Displays all connections and listening ports.
- -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient
- -e Displays Ethernet statistics. This may be combined with the -s
- -f Displays Fully Qualified Domain Names (FQDN) for foreign
- -n Displays addresses and port numbers in numerical form.
- -o Displays the owning process ID associated with each connection.
- -p proto Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
- -r Displays the routing table.
- -s Displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default.
- -t Displays the current connection offload state.
- interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.
How to use the netstat command:
To open the command line, you can use the following ways:
- Press the windows start button (in newer operation system it does not have the word start on it) and in the text box write cmd and press enter.
- Hold down the window key on the keyboard and press on the R key, this will the run dialog box, in it type cmd and press enter.
- You can create a bat file, right click -> new text document, give it a name and change the extension from txt to bat, edit the file and type cmd in it, save the file, double click on it will open the commend line, please note that this way you can also right click the bat file and select the run as administrator, if needed.
Now that you have the command line open type in it netstat –an and press enter. It will show you a list of with information about open connection and listen ports on your computer, the output will show you the used protocol, re: TCP/UDP, the Local Address and its port, under windows you will have the : symbol that split between the address and the port, in Unix like you will have another dot (.), the next field is the Foreign Address, also here is split with : or . (dot) between the ip and the port, and the last filed showing the State, re:
- LISTENING – Waiting for connection.
- CLOSE_WAIT – Waiting to close the connection
- ESTABLISHED – connected and transferring date.
- TIME_WAIT – Hang and wait.
Regarding listen TCP port:
Please note that listen TCP port will not have a Foreign Address. This is due to the fact that they wait for incoming connections, and as soon as some connection arrived it can accept or reject the connection and return to a state of listen, wait for the next connection, most of the time when a connection is accepted, the application flow will open a new port to continue the communication so that the listen port will be free to accept new connections.
You can also see on the local connection under the TCP protocol that you have an ip of 0.0.0.0 or 127.0.0.1 or your computer ip address or even no ip address, that because all of them represent the current computer, so the ip address is less important as the port it use, all the local address are from your computer.
Diff TCP vs UDP:
TCP protocol is provides reliable, ordered, error-checked protocol what means that it kind of safe protocol, you know that what was send will be check to verify that it receive as it need to be, and in case of error it will try to resend the problematic data to complete the transit, this can give you an almost guarantee for the delivery of a stream or data.
On UDP, due to its nature, we use to nick name it as send and forget. You know that you just send the data, you never know when will it arrive, in what order and if there was any problem in the way. Of course if you decide to build application that use this protocol you can verify yourself of those things. By that you can accomplish a faster protocol then the TCP protocol. One of its common use is to send a message to several client on the same time, like voice etc.
How to show the responsible process:
If you run the following command line netstat –nab
you will also see the responsible process that open the ports, there are some process that manage more than one port, the added ‘b’ parameter is responsible to that, this is a good way to figure out that process on my computer is opening ports .
In conclusion:
The netstat command line is a great build in tool that can be use to check you current network connections state. I will explore more command line tools that you can use on your computer to get extra information. Command line tools related to network, but not only.
Command line tools from your computer including:
You need to learn some more about malware and heuristic virus, to do so, please check my site, as file entropy can be use in a tool that scan for malware and heuristic virus to get extra info about the file.
Responsible Whois Lookups: Etiquette and Legalities
The power of whois lookups comes with a responsibility to use it ethically. The information retrieved through a whois lookup is considered private data. It’s crucial to respect the privacy of domain owners and refrain from using the information for unsolicited marketing or malicious purposes.
Here are some key points to remember for responsible Domain Whois Lookup:
By following these simple guidelines, you can ensure your whois lookups are conducted ethically and respectfully. Remember, the internet is a vast ecosystem, and responsible online behavior is essential for maintaining a healthy digital environment.
Computer monitoring is a crucial aspect of IT management, involving the continuous oversight of computer systems to ensure optimal performance, security, and compliance. This practice includes monitoring hardware performance, software applications, network activity, and user interactions. Effective computer monitoring helps in early detection of issues such as hardware failures, software bugs, and security breaches, enabling timely interventions that prevent significant downtime and data loss.
Advanced computer monitoring tools provide real-time data, generate alerts for unusual activities, and offer detailed reports for analysis. These tools are essential for businesses to maintain operational efficiency and secure their IT infrastructure against cyber threats. Additionally, monitoring helps in resource optimization by identifying underutilized or overburdened components, thus supporting better decision-making regarding upgrades and capacity planning.
In the context of remote work and cloud computing, computer monitoring has become even more critical. Organizations must ensure that remote systems are secure and performing well, which necessitates robust monitoring solutions. Overall, computer monitoring is a vital practice that supports the health, security, and efficiency of IT environments.