wbokhary
asked on
Windows 7 Open Ports - Firewall
We have Windows Firewall enabled on Windows 7.
The nmap scan shows the following ports open:
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5357/tcp open wsdapi
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
Is it normal for these ports to be open when the Firewall is enabled?
Any additional info on these ports?
The nmap scan shows the following ports open:
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5357/tcp open wsdapi
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
Is it normal for these ports to be open when the Firewall is enabled?
Any additional info on these ports?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
wbokhary - if any answers were helpful, time to assign points perhaps?
Thanks
Jeff
PS: netstat has lots of switches, but the gibson shields up test shows what may come through from the outside world, and if you install zonealarm, you'll know what's going out. netstat only runs for a short time, zonealarm is on until you shut it down and runs in the background.
Some other switches available on netstat, but it runs from the CMD: prompt and I haven't found it to be all that useful personally, but everybody has favorites.
C:\>netstat /?
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
C:\>
Thanks
Jeff
PS: netstat has lots of switches, but the gibson shields up test shows what may come through from the outside world, and if you install zonealarm, you'll know what's going out. netstat only runs for a short time, zonealarm is on until you shut it down and runs in the background.
Some other switches available on netstat, but it runs from the CMD: prompt and I haven't found it to be all that useful personally, but everybody has favorites.
C:\>netstat /?
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
C:\>
ASKER
Wonderfully Written!
Thanks - I appreciate that you saw the important stuff and ignored my fragmented and duplicate thoughts.
I'm curious: Did you run shields up from Gibson Research grc.com ? And have you explored or considered (or are using) ZoneAlarm ? They are both directly related to the issue behind your ports question, which I presume is "my computer has these ports open, is it safe?"
It helps to know what is helpful when submitting answers to questions here and elsewhere about computer issues.
I'm curious: Did you run shields up from Gibson Research grc.com ? And have you explored or considered (or are using) ZoneAlarm ? They are both directly related to the issue behind your ports question, which I presume is "my computer has these ports open, is it safe?"
It helps to know what is helpful when submitting answers to questions here and elsewhere about computer issues.
netstat -b
this will show which exe is listening to which port.
for below ports it is normal to have on all windows systems
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds