7.2 Scan Your System for Open Ports

Previous page
Table of content
 

7.2 Scan Your System for Open Ports

Each open network port on your computer is a potential security vulnerability. Fortunately, there's a way to scan your computer for open ports so you know which holes to patch. Start by opening a command prompt window ( cmd.exe ) and running utility by typing netstat /a /o . The Active Connections utility displays its information in these five columns :

Column

Description

Proto

This will be either TCP or UDP, representing the protocol being used.

Local Address

This column has two components : the computer name and either a port number or the name of a service.

Foreign Address

For active connections, you'll see the name or IP address of the remote machine, followed by the port number. For inactive connections (showing only the open ports), you'll typically see only *:*.

State

This shows the state of the connection (TCP ports only). For server processes, you'll usually see LISTENING here, signifying that the process has opened the port and is waiting for an incoming connection. For connections originating from your computer, such as a web browser downloading a page or an active Telnet session, you'll see ESTABLISHED here.

PID

This is the Process Identifier of the application or service that is responsible for opening the port; see the rest of this section for help with matching up the PID with an application or process.

Don't be alarmed if you see a lot of open ports. Just make sure you thoroughly track down each one, making sure it doesn't pose a security threat.

7.2.1 Matching a PID with a Program

Netstat shows the PID of running programs that have opened ports, but not the application names . To find out more, open Task Manager (launch taskmgr.exe or right-click an empty area of your taskbar and select Task Manager), and choose the Processes tab. If you don't see a column labelled PID, go to View Select Columns, turn on the PID (Process Identifier) option, and click OK. Finally, turn on the Show processes from all users option at the bottom of the Windows Task Manager window. You can then sort the listing by PID by clicking the PID column header. The program filename is shown in the Image Name column.

NOTE

You may see svchost .exe listed in the Windows Task Manager, and reported by the Active Connections utility as being responsible for one or more open ports. This program is merely used to start the services listed in the Services window ( Services.msc ).

7.2.2 Common TCP/IP Ports

When your web browser or email program connects to another computer on the Internet, it does so through a TCP/IP port. If you have a web server or FTP server running on your computer, it opens a port to which other computers can connect. Port numbers are used to distinguish one network service from another.

A firewall uses ports (listed in the following table) to form its rules about which types of network traffic to allow, and which to prohibit. And the Active Connections utility, described previously, allows you to uncover vulnerabilities in your system using ports.

NOTE

Some firewalls make a distinction between TCP (Transmission Control Protocol) and UDP ( User Datagram Protocol) ports, which is typically unecessary. In most cases, programs that use the more common TCP protocol will use the same port numbers as their counterparts that use the less-reliable UDP protocol.

Port

Description

21

FTP (File Transfer Protocol)

22

SSH (Secure Shell)

23

Telnet

25

SMTP (Simple Mail Transfer Protocol), used for sending email

43

WhoIs

53

DNS (Domain Name Server), used for looking up domain names

79

Finger

80

HTTP (Hyper Text Transfer Protocol), used by web browsers to download standard web pages

110

POP3 (Post Office Protocol, Version 3), used for retreiving email

119

NNTP (Network News Transfer Protocol), used for newsgroups

123

NTP (Network Time Protocol), used for XP's Internet Time feature

143

IMAP4 (Internet Mail Access Protocol Version 4)

220

IMAP3 (Internet Mail Access Protocol Version 3)

443

HTTPS (HTTP over TLS/SSL), used by web browsers to download secure web pages

445

File sharing for Microsoft Windows networks

563

NNTPS (Network News Transfer Protocol over SSL), used for secure newsgroups

1701

VPN (Virtual Private Networking) over L2TP

1723

VPN (Virtual Private Networking) over PPTP

3389

Remote Desktop Sharing (Microsoft Terminal Services)

580x

590x

VNC (Virtual Network Computing)

6699

Peer-to-peer file sharing, used by Napster-like programs


Previous page
Table of content
 
Windows XP Pocket Reference
Windows XP Pocket Reference
ISBN: 0596004257
EAN: 2147483647
Year: 2001
Pages: 154
Authors: David A. Karp
BUY ON AMAZON
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Systematic Software Testing (Artech House Computer Library)
Developing Tablet PC Applications (Charles River Media Programming)
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy