How can I quickly find all the listening or open ports on my computer?

Usually, if you want to see all the used and listening ports on your computer, you'd use the NETSTAT command.

Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool! If you want to have your computer scanned for open ports see this page instead (link will follow shortly).

Open Command Prompt and type:

C:\WINDOWS>netstat -an |find /i "listening"
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1084 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2094 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING

You can redirect it to a text file by adding >c:\openports.txt to the command, if you want to:

netstat -an |find /i "listening" > c:\openports.txt

You can also change "listening" to "established" to see what ports your computer actually communicates with:

C:\WINDOWS>netstat -an |find /i "established"
TCP 192.168.0.100:1084 192.168.0.200:1026 ESTABLISHED
TCP 192.168.0.100:2094 192.168.0.200:1166 ESTABLISHED
TCP 192.168.0.100:2305 209.211.250.3:80 ESTABLISHED
TCP 192.168.0.100:2316 212.179.112.230:80 ESTABLISHED
TCP 192.168.0.100:2340 209.211.250.3:110 ESTABLISHED

Note: In Windows XP and Windows Server 2003, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection:

C:\WINDOWS>netstat -ao |find /i "listening"
TCP pro1:epmap pro1.dpetri.net:0 LISTENING 860
TCP pro1:microsoft-ds pro1.dpetri.net:0 LISTENING 4
TCP pro1:1025 pro1.dpetri.net:0 LISTENING 908
TCP pro1:1084 pro1.dpetri.net:0 LISTENING 596
TCP pro1:2094 pro1.dpetri.net:0 LISTENING 596
TCP pro1:3389 pro1.dpetri.net:0 LISTENING 908
TCP pro1:5000 pro1.dpetri.net:0 LISTENING 1068

You can use PULIST from the W2K Resource Kit (Download Free Windows 2000 Resource Kit Tools) to find the PID and see what process uses it and who started it. For example, you found out that your computer had an open connection to a remote IP address on TCP port 80, and you don't have any Internet Explorer or other browser windows open. You want to find out what process is using that session.

C:\WINDOWS>netstat -no

Active Connections

Proto Local Address Foreign Address State PID
TCP 192.168.0.100:2496 212.179.4.7:80 ESTABLISHED 1536

You can then use PULIST with the FIND command:

C:\WINDOWS>pulist |find /i "1536"

Process PID User
LUCOMS~1.EXE 1536 DPETRI\danielp

In this case, LUCOMS~1.EXE is run by DANIELP (myself) and as it happens, it's the Symantec Live Update process.

You can also look in Task Manager for the respective PID.

2 comments:

Tênis e Sapato said...

Hello. This post is likeable, and your blog is very interesting, congratulations :-). I will add in my blogroll =). If possible gives a last there on my blog, it is about the Tênis e Sapato, I hope you enjoy. The address is http://tenis-e-sapato.blogspot.com. A hug.

Anonymous said...

reverse cell phone lookup

Post a Comment

There was an error in this gadget
This Day in History

Today's Birthday

In the News

Quote of the Day
There was an error in this gadget