Netstat query

Joe_Budden
Joe_Budden used Ask the Experts™
on
Hi

I have an application running on a Windows 2003 SP2 server.

I would like to know what ports the application uses - which ports it uses for outbound communication and which ones for inbound.

Does anyone know how I can do this via Netstat?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
go start menu .type the cmd command on run prompt.after that run netstat command .you will see the output which you want..netstat have any options which will usefull for you .so run netstat --help command you will get all options and type the command according to your requirement
netstat -an is what you're looking for.

Author

Commented:
Thanks

An example line from netstat -an is:

Protocol  Local                         Foreign                     State
 TCP    192.168.1.1:1500    192.168.1.2:443      ESTABLISHED

I'm not sure I understand this?
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

That means your computer has a connection to 192.168.1.2 on 443 (SSL) that is currently in use.
You can use netstat -o and match the PID to the application running as well.
Commented:
>>Protocol  Local                         Foreign                     State
    TCP    192.168.1.1:1500    192.168.1.2:443      ESTABLISHED >>

This simply means that port 1500 from the local machine 192.168.1.1 has an established connection with a foregin or remote machine 192.168.1.2 on port 443.

In this case both your machines are in your own subnet.

Commented:
Or you can do a text search for the application name on a portlist:
Check out this list of ports.
http://www.iana.org/assignments/port-numbers
Co-Owner
Top Expert 2011
Commented:
If you type:
netstat -anbp tcp >c:\netstat.txt
You will get a list of the TCP process and Executable associated with the port.  You can always run:
netstat -anb >c:\netstat.txt
To output a list of TCP and UDP ports in use and the associated executable.
Then once you have used the command from a command prompt, just type netstat.txt and view the results.

Author

Commented:
Thanks all...

Just going back to this example:

>>Protocol  Local                         Foreign                     State
    TCP    192.168.1.1:1500    192.168.1.2:443      ESTABLISHED >>

Does this mean that if there was a firewall in between (say for instance that the local and foreign were two different subnets), then we'd need port 443 open from local > foreign, and 1500 open from foreign > local?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
It is showing that your local server is using port 1500 to talk to IP 192.168.1.2 on port 443.

Commented:
Hello,

Aports is a gui utility which can easily find out the ports number as per application.It is freeware.

For more info:

http://www.kindawannadothat.com/2009/04/how-to-find-out-which-application-is-using-what-port-windows/

Regards,
Tushar Kaskhedikar
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
Regarding your example, a stateful firewall will require you only to open outgoing traffic to the destination address (IP + port). If there is a firewall at the receiving end, it would require a ingress traffic policy opening the same destination address, respective your particular source IP, but still the destination (!) port.

Port 1500 is probably chosen dynamically. Usually, if you are connecting to a service, only the destination port is fixed, and the source port is determined as next available one. So, if you open two connections to the same destination, it might be
   192.168.1.1:1500   192.168.1.2:443
   192.168.1.1:1510   192.168.1.2:443
which are different connections to the  same target service.

Stateful firewalls will process the packet header info, and create a time-restricted session for exactly that pair of source IP/port - destination IP/port, allowing that specific traffic to flow for some time.

Author

Commented:
>You can use netstat -o and match the PID to the application running as well.

Thanks - very useful! Do you know how I can match the PID with an application though?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Did you read my comment?
My comment will give you the .EXE running including the ports.  If you add o to the command, then you will get the process ID too.
You can determine the PID and the .EXE from Task Manager but you may have to add the PID column to Task Manager, although you needn't bother if you run the command I have already posted.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial