Link to home
Start Free TrialLog in
Avatar of wbokhary
wbokhary

asked on

Windows 7 Open Ports - Firewall

We have Windows Firewall enabled on Windows 7.
The nmap scan shows the following ports open:

PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
5357/tcp  open  wsdapi
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49156/tcp open  unknown

Is it normal for these ports to be open when the Firewall is enabled?
Any additional info on these ports?
ASKER CERTIFIED SOLUTION
Avatar of JT92677
JT92677
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Run below command in command prompt
netstat -b

this will show which exe is listening to which port.


for below ports it is normal to have on all windows systems
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
wbokhary - if any answers were helpful, time to assign points perhaps?

Thanks

Jeff

PS: netstat has lots of switches, but the gibson shields up test shows what may come through from the outside world, and if you install zonealarm, you'll know what's going out. netstat only runs for a short time, zonealarm is on until you shut it down and runs in the background.

Some other switches available on netstat, but it runs from the CMD: prompt and I haven't found it to be all that useful personally, but everybody has favorites.

C:\>netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

  -a            Displays all connections and listening ports.
  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.
  -e            Displays Ethernet statistics. This may be combined with the -s
                option.
  -n            Displays addresses and port numbers in numerical form.
  -o            Displays the owning process ID associated with each connection.
  -p proto      Shows connections for the protocol specified by proto; proto
                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
                option to display per-protocol statistics, proto may be any of:
                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  -r            Displays the routing table.
  -s            Displays per-protocol statistics.  By default, statistics are
                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
                the -p option may be used to specify a subset of the default.
  -v            When used in conjunction with -b, will display sequence of
                components involved in creating the connection or listening
                port for all executables.
  interval      Redisplays selected statistics, pausing interval seconds
                between each display.  Press CTRL+C to stop redisplaying
                statistics.  If omitted, netstat will print the current
                configuration information once.

C:\>
Avatar of wbokhary
wbokhary

ASKER

Wonderfully Written!
Thanks - I appreciate that you saw the important stuff and ignored my fragmented and duplicate thoughts.

I'm curious: Did you run shields up from Gibson Research grc.com ? And have you explored or considered (or are using) ZoneAlarm ? They are both directly related to the issue behind your ports question, which I presume is "my computer has these ports open, is it safe?"

It helps to know what is helpful when submitting answers to questions here and elsewhere about computer issues.