Finding out what Ports are open

TO find out what ports are open/exposed do the following

Start >Run >type "cmd" {enter}
At the command line type "netstat -a" {enter}

The list displayed shows "Listening ports" and established "Who is on the other end" connections to yout computer.

WARNING
This is a list of common Trojan/Backdoor Port numbers
http://www.sans.org/resources/idfaq/oddports.php


Who is listening? Use this syntax: netstat -an |find /i "listening"
Save who is listening to a text file: netstat -an |find /i "listening" > c:\openports.txt
Who is established? Use this syntax: netstat -an |find /i "established"


Note: In Windows XP, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection: netstat -ao |find /i "listening"


*****Pulist*****

You can use PULIST from the W2K Resource Kit to find the PID and see what process uses it and who started it. For example, you found out that your computer had an open connection to a remote IP address on TCP port 80, and you don't have any Internet Explorer or other browser windows open. You want to find out what process is using that session.
Download: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/pulist-o.asp


*****Links*****

Port Assignments for Commonly-Used Services
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/cnfc/cnfc_por_simw.asp

TCP/UDP Ports Used By Exchange 2000 Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;278339

Nice shiny Port List :0)
http://hackerwhacker.com/portslist.html

http://www.incubus.co.uk/os/windows/netstat.htm
http://www.petri.co.il/quickly_find_local_open_ports.htm

*****Portscan Software*****

Scan Yourself (Free)

Scan your Ports with Port Detective: lets you scan your PC ports to see which are open, in use, or blocked. This will help you find out how vulnerable your system is to hackers, and will also let you know which ports you can use for applications such as Web servers
http://www.portdetective.com/

Scan Remote COmputers (Free)

Advanced port scanner is a small, fast, robust and easy-to use port scanner for Win32 platform. It uses a multithread technique, so on fast machines you can scan ports very fast. Also, it contains descriptions for common ports, and can perform scans on predefined port ranges. You can use it for FREE. Download now!
http://www.antivirus.com.au/radmin/famatech_nu/portscanner.htm

There is a very handy tool outhere Called Active Ports.
 It enables you to monitor all open TCP and UDP ports on the local computer. Active Ports maps ports to the owning application so you can watch which process has opened which port. It also displays a local and remote IP address for each connection and allows you to terminate the owning process. Active Ports can help you to detect trojans and other malicious programs.

It is a small proggie 475k but very usefull.

http://www.protect-me.com/freeware.html

Hi Sanctify

Those programs are great solving what program has opened ports but I have also used program called LanGuard. Best part of that program is that it gives quite easy to read results. When Languard finds something suspicious it gives human readable information :)

You can find demo from here:

http://www.gfi.com/lannetscan/

Well the best thing you can do is to keep yourself up to date with your Antivirus, and various service pack / patches so that most known security issues are solved.

Next think you should do is to figure out which services you have running that you dont acctually use, go to control panel, administrative tools, services..or just click start -> run -> services.msc <ENTER>

Do you use remote registry? if not and if non of your programs uses it, then disable it.

Try netstat -ano again, look up the PID nr. press CTRL ALT DEL, go to taskmanager, add the PID field.
That way you can see which program uses or listens to which port number

Now you can clerify more accurate which ports you should allow and which you shouldn't.

I suggest using a router to connect to the internet which has somekind of packet filtering, so you can control which packets you want to allow on your LAN and which packets you allow to access the WAN interface. If you want to host services/servers then make sure it has somekind of port forwarding, where you can direct incomming ports to a destination on your LAN.

Also check out Vision.
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/vision.htm

This will show you what process/exe is running the port.

Nathan

There is nothing to worry about here.  These are no security risks.  Most of those ports are just associated with other windows services.  For example, port 1025 is usually associated with windows Messenger Service.  Windows usually opens a range from 1000 - 3000 for use of other services if needed.  I have more then that listening, but none of them are actually the service.  I hope you get what I'm saying.

The one thing that does sort of look suspecious is the high end ports.  Windows does not use any ports that are over 65535 for its general purposes.  So, if there are ports like 130000 etc. then you should be cautions for which it could possibly be a trojan or some sort of keylogger / spyware.

moorer2k : just for your basic knowlage the port rage in IP protocol is 1-65535, it a unsigned 2 byte variable stock !

because of that fact it's not possible to have a port above 65535 so what you have written "So, if there are ports like 130000" is quite ridiculous (;