How to find out all open ports, connections and originating IP addresses

April 3rd, 2008 Ajith Posted in Command Prompt/Shell, Uncategorized |

netstat is a command available in both Windows and Unix to analyze local ports that are open and all the connections to those ports. The syntax of the command is very simple.

Netstat in action showing my IP and Ports

In the picture above a verysimple example of seeing the ports and connections is shown. The -ano option tells a - all connections n - do not attempt to resolve name o - show the process ID.
The advantage of resolving name is that you can identify a LAN or Internet connection server easily.

Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections.
Syntaxnetstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]
Top of pageTop of page
Parameters

-a : Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.

-e : Displays Ethernet statistics, such as the number of bytes and packets sent and received. This parameter can be combined with -s.

-n : Displays active TCP connections, however, addresses and port numbers are expressed numerically and no attempt is made to determine names.

-o : Displays active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. This parameter can be combined with -a, -n, and -p.

-p Protocol : Shows connections for the protocol specified by Protocol. In this case, the Protocol can be tcp, udp, tcpv6, or udpv6. If this parameter is used with -s to display statistics by protocol, Protocol can be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6, or ipv6.

-s : Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP protocols. If the IPv6 protocol for Windows XP is installed, statistics are shown for the TCP over IPv6, UDP over IPv6, ICMPv6, and IPv6 protocols. The -p parameter can be used to specify a set of protocols.

-r : Displays the contents of the IP routing table. This is equivalent to the route print command.

Interval : Redisplays the selected information every Interval seconds. Press CTRL+C to stop the redisplay. If this parameter is omitted, netstat prints the selected information only once.

/? : Displays help at the command prompt.

Automatically refreshing the connection details (click to enlarge image in a new window)The second image shows the capability of netstat to auto refresh. the interval given is in seconds. the 2 indicates refresh every 2 seconds. This is used to continuously update the screen with the current connection informations. You can use this option to onitor which all connections are occuring at each time and the status of different connections. To abort from the autorefresh mode you can press CTRL + C and return to the normal Command Prompt

TCP View - netstat with GUI

TCPView from Sysinternals (now a part of microsoft) did a good job by giving a user interface to the netstat command. TCP View by default shows the remote connection name also.

TCPView from Sysinternals a screenshotThe user interface is neat and clutter free and the download is extremely small at only 94Kb. You have the option to enable or disable Name resolving from IP. The update speeds are also configurable. The main advantage is that you are shown the process names responsible for all the connections directly in the UI. netstat could only display the PIDs.With a little experince you can start monitoring for outgoing and incoming traffic and control them easily using these tools. To control a connection there are two basic options provided with TCPView - Kill Process (to kill a process responsible for the connection) and Close connection. Both os the tools also show the status of the signal.

How to download videos as mp4 from youtube site

Buy me a cup of hot coffee - help me keep posting all through the night

If you are new here you may want to subscribe to this blogs full feed RSSSubscribe to full feed RSS of this blog
so that you will get the updates automatically to your feed reader.

Tags: , , , ,

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

RSS feed | Trackback URI

1 Comment »

Name (required)
E-mail (required - never shown publicly)
URI
Subscribe to comments via email
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> in your comment.

Trackback responses to this post

« Find which process has locked a file preventing it from being renamed or deleted
Free service that lets you find out everything about a domain name »

My Google  Netvibes  My Yahoo!  Windows Live  Bloglines  Newsgator