dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1700
share rss forum feed


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL

Check ports are reaching computer w/o installing software?

How does one use the netstat command to find out what check what TCP OR UDP ports are reaching a computer with out installing software?

Thanks
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
Reviews:
·Cox HSI
·Speakeasy
What is the Netstat Command?:

The netstat command is a Command Prompt command used to display very detailed information about how your computer is communicating with other computers or network devices.

Specifically, the netstat command can show details about individual network connections, overall and protocol-specific networking statistics, and much more, all of which could help troubleshoot certain kinds of networking issues.

Netstat Command Syntax:
netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-t] [-x] [-y] [time_interval] [/?]

Tip: See How To Read Command Syntax if you're not sure how to read the netstat command syntax above.

Execute the netstat command alone to show a relatively simple list of all active TCP connections which, for each one, will show the local IP address (your computer), the foreign IP address (the other computer or network device), along with their respective port numbers, as well as the TCP state.

-a = This switch displays active TCP connections, TCP connections with the listening state, as well as UDP ports that are being listened to.

-b = This netstat switch is very similar to the -o switch listed below, but instead of displaying the PID, will display the process's actual file name. Using -b over -o might seem like it's saving you a step or two but using it can sometimes greatly extend the time it takes netstat to fully execute.

-e = Use this switch with the netstat command to show statistics about your network connection. This data includes bytes, unicast packets, non-unicast packets, discards, errors, and unknown protocols received and sent since the connection was established.

-f = The -f switch will force the netstat command to display the Fully Qualified Domain Name (FQDN) for each foreign IP addresses when possible.

-n = Use the -n switch to prevent netstat from attempting to determine host names for foreign IP addresses. Depending on your current network connections, using this switch could considerably reduce the time it takes for netstat to fully execute.

-o = A handy option for many troubleshooting tasks, the -o switch displays the process identifier (PID) associated with each displayed connection. See the example below for more about using netstat -o.

-p = Use the -p switch to show connections or statistics only for a particular protocol. You can not define more than one protocol at once, nor can you execute netstat with -p without defining a protocol.

protocol = When specifying a protocol with the -p option, you can use tcp, udp, tcpv6, or udpv6. If you use -s with -p to view statistics by protocol, you can use icmp, ip, icmpv6, or ipv6 in addition to the first four I mentioned.

-r = Execute netstat with -r to show the IP routing table. This is the same as using the route command to execute route print.

-s = The -s option can be used with the netstat command to show detailed statistics by protocol. You can limit the statistics shown to a particular protocol by using the -s option and specifying that protocol, but be sure to use -s before -p protocol when using the switches together.

-t = Use the -t switch to show the current TCP chimney offload state in place of the typically displayed TCP state.

-x = Use the -x option to show all NetworkDirect listeners, connections, and shared endpoints.

-y = The -y switch can be used to show the TCP connection template for all connection. You cannot use -y with any other netstat option.

time_interval = This is the time, in seconds, that you'd like the netstat command to re-execute automatically, stopping only when you use Ctrl-C to end the loop.

/? = Use the help switch to show details about the netstat command's several options.

Tip: Make all that netstat information in the command line easier to work with by outputting what you see on the screen to a text file using a redirection operator. See How To Redirect Command Output to a File for complete instructions.
--
JKK

Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!

»www.pbase.com/jaykaykay



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

2 recommendations

reply to aefstoggaflm
FYI I use the SysInternals TCPView utility to see what ports are being used by processes. Not sure if that's what you want.

PS: Like all SysInternal utilities it doesn't "install" as such. It's a standalone .exe.
--
Don't feed trolls--it only makes them grow!


therube

join:2004-11-11
Randallstown, MD

1 recommendation

(though it does write to the Registry, at the least, that you've agreed to their EULA

> HKEY_CURRENT_USER\Software\Sysinternals\TCPView
)


norwegian
Premium
join:2005-02-15
Outback
kudos:1
reply to aefstoggaflm
Have you tried just looking in the Resource Monitor as well?

Netstat:

Once in task manager you have added the selection in View|Select Columns|PID (Process Identifier)
run at the command prompt netstat -ano

It will give you a tabled list of connections to cross reference with the task manager process list.

No extra software needed.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
reply to therube
True. Not sure if that's an issue for aefstoggaflm See Profile or not.

[HKEY_CURRENT_USER\Software\Sysinternals\TCPView]
"EulaAccepted"=dword:00000001
"Settings"=hex:...
 

--
Don't feed trolls--it only makes them grow!


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
reply to aefstoggaflm
It would help if the method was cross platform (Windows, Mac, Unix/Linux).


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
In that case NetStat is your baby.

quote:
It is available on Unix-like operating systems including OS X, Linux, Solaris, and BSD, and is available on Windows NT-based operating systems including Windows XP, Windows Vista, Windows 7 and Windows 8.
--
Don't feed trolls--it only makes them grow!

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to aefstoggaflm
The question of what ports are 'reaching' a computer is a little unclear. Ports don't reach, they just are.

Basically, it doesn't matter a damn if someone tries to address a datagram to port 'X' and there is nothing listening for datagrams addressed to port 'X'. So if you want to find out what is actually listening, then netstat -a is your tool.

With respect to the 'reaching' part of it - if you really meant what ports are reachable from the world outside, then you need to look at firewall and router settings.

If you meant what ports someone is actually trying to 'reach', then firewall logs (or similar auditing tools) are what you want.

So, what was the question?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
said by dave:

With respect to the 'reaching' part of it - if you really meant what ports are reachable from the world outside, then you need to look at firewall and router settings.

The easy way is to run a port scan and look at the results.

e.g.

ShieldsUP!
--
Don't feed trolls--it only makes them grow!


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
reply to dave
said by dave:

The question of what ports are 'reaching' a computer is a little unclear. Ports don't reach, they just are.

Basically, it doesn't matter a damn if someone tries to address a datagram to port 'X' and there is nothing listening for datagrams addressed to port 'X'. So if you want to find out what is actually listening, then netstat -a is your tool.

With respect to the 'reaching' part of it - if you really meant what ports are reachable from the world outside, then you need to look at firewall and router settings.

If you meant what ports someone is actually trying to 'reach', then firewall logs (or similar auditing tools) are what you want.

So, what was the question?

Sorry if I was not clear.

Without installing (or even downloading) is there a way to detect port scans / connections (cross platform on the computer not in the router's logs)?

Thanks
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

3 edits
Port scans and connections are different things and require different tools.

"Open ports" --that is port(s) that your firewall(s) allow through to one or more machines must be determined by a port scanner and/or inspecting your firewall rules. Just because a port is "open" doesn't mean there's any process(es) on machines listening on it.

On clients machine connections are usually established from a process through a firewall. That is they're established outbound from machines to a website etc. For servers (e.g. Web Server) the reverse is true.

As for detecting port scanners most router/firewalls allow you to log this kind of stuff. In my case mine sends such logs, via SysLog, to a machine that saves them.
--
Don't feed trolls--it only makes them grow!


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Oh, ok.

Solved.

Telling mods/admins to lock thread....


therube

join:2004-11-11
Randallstown, MD
> Solved.

And you're going to hide the solution from us?
Ah, I guess I'll just scan your ports & find out for myself.


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
said by therube:

> Solved.

And you're going to hide the solution from us?

It seems to me that, what I asking is impossible.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.

wolfy339

join:2005-04-30
Edmonds, WA
reply to aefstoggaflm
said by aefstoggaflm:

It seems to me that, what I asking is impossible.

With netstat yes, however, from what I understand of what you are attempting to do (check open ports on another computer) I would recommend Telnet (built into Windows). Granted it will be a lot slower than using a program like nmap, but should still get the job done.
--
Computer: Antec 850w PSU, ASUS M4A89GTDPRO-USB3, AMD Phenom II x4 955 @ 3.2GHZ, ATI Radeon 5770, SB XFI Fatal1ty, 8GB Kingston DDR3, Windows 7 Ultimate x64, KIS 2012, Samsung SyncMaster 2443BWX, Frontier DSL 768/128 w/ Westell 6100 C90 & Linksys WRT120N

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
That's a workable (but slow) solution for TCP ports, but not for UDP ports.

UDP is in general a harder issue in any case, by its very nature.


sivran
Seamonkey's back
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to aefstoggaflm
Not sure what the point would be, other than making sure a server running on that computer is reachable... in which case, just try to access it from the other side of the firewall/router...
--
Think Outside the Fox.

HELLFIRE
Premium
join:2009-11-25
kudos:19
reply to aefstoggaflm
First off aefstoggaflm See Profile, did you try looking at the command switches for netstat on the particular platform you
want to run it on? I haven't done a side by side comparison between say Windows and insert-Linux-flavor here,
but best place to start would be what particular options are available. Also, I distinctly recall netstat in Windows itself
was rather funky... Win2K didn't have the command switch to specify the EXE associated with the particular TCP / UDP
port; this wasn't possible till WinXP.

said by aefstoggaflm:

Without installing (or even downloading) is there a way to detect port scans / connections (cross platform on the computer not in the router's logs)?

The thing about port scans is they're like a knock / ring at the door... without looking outside and/or opening the door
there is no way to know if it's from the local Cub Scouts troop, the vaccum cleaner salesman, the mailman, or your
Aunt Nellie from Timbucktoo.

Same principle here -- Netstat will tell you the current ACTIVE TCP / UDP connections, but it has no way of telling
whether they are legitimate or not. Also, as StuartMW See Profile mentions, how do you go after a connection that
occurred 3days ago? Unless you're running Netstat as a cron job or similar, netstat is a run-once and stop till it's
told to start again kind of deal.

Taking this one further, and based on your post here, you've stumbled onto an interest with penetration scanning / testing,
or you're looking into network security / IDS kind of stuff -- specifically to determine if you are actually getting
hit by a port scan attack? I know I'm making a leap here....

Regards

wolfy339

join:2005-04-30
Edmonds, WA
reply to dave
said by dave:

That's a workable (but slow) solution for TCP ports, but not for UDP ports.

RE: UDP ports, that is true and I didn't think of that