Recipe 12.9. Viewing the Open Ports and Connections

Previous page
Table of content
Next page

Problem

You want to view the open ports and connections on a system.

Solution

Using downloadable software

The Sysinternals TCPView tool is a graphical interface that displays all of the active connections on a host. It displays all of the connection information you might need, including process name and ID, protocol, local address and port, and remote address and port. It is a real-time tool, so it shows connections that are terminating in red, and new connections in green. You can close a connection by right-clicking it and selecting Close Connection. You can also kill the associated process by selecting End Process. See Figure 12-1 for a screenshot of TCPView.

Figure 12-1. Sysinternals TCPView screenshot


Using a command-line interface

The netstat command displays all established connections on a host:

> netstat

Use the -a option to view all open ports, regardless if they are active. With the Windows XP version of netstat, you can view the process ID associated with connections by specifying the -o option.

The Sysinternals netstatp utility is the command line version of TCPView. It displays similar information to netstat, but it shows the process name and ID associated with the connection by default:

> netstatp

Using VBScript
' This code produces output very similar to the 'netstat -an' command.   ' It requires that the target system have SNMP and the WMI SNMP  ' Provider installed. ' ------ SCRIPT CONFIGURATION ------ strComputerIP = "127.0.0.1" ' ------ END CONFIGURATION --------- set objLocator = CreateObject("WbemScripting.SWbemLocator") set objWMI = objLocator.ConnectServer("", "root/snmp/localhost") set objNamedValueSet = CreateObject("WbemScripting.SWbemNamedValueSet") objNamedValueSet.Add "AgentAddress", strComputerIP objNamedValueSet.Add "AgentReadCommunityName", "public" objNamedValueSet.Add "AgentWriteCommunityName", "public" WScript.Echo " Proto  Local Address   Foreign Address       State" set colTCPConns = objWMI.Instancesof("SNMP_RFC1213_MIB_tcpConnTable",, _                                      objNamedValueSet ) for each objConn in colTCPConns         WScript.echo "  TCP   " & objConn.tcpConnLocalAddress & ":" & _                      objConn.tcpConnLocalPort & _                      "         " & objConn.tcpConnRemAddress & ":" & _                      objConn.tcpConnRemPort & "       " & objConn.tcpConnState  next set colUDPConns = objWMI.Instancesof("SNMP_RFC1213_MIB_udpTable",, _                                       objNamedValueSet ) for each objConn in colUDPConns         WScript.echo "  UDP   " & objConn.udpLocalAddress & ":" & _                      objConn.udpLocalPort & "         *:*" next

Discussion

When you take a look at the list of open connections on a system, you may be surprised to see so many. Unless the system is extremely busy, most should be in the Listening state, which simply means the port is open and waiting for a connection. For more on the various states that a connection may be in, see MS KB 137984.

See Also

MS KB 137984, "TCP Connection States and Netstat Output," and MS KB 281336, "How to determine which program uses or blocks specific transmission control protocol ports in Windows"


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
Network Security Architectures
Visual C# 2005 How to Program (2nd Edition)
Data Structures and Algorithms in Java
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy