View port commands, dos view port command Daquan

View port command: To view ports in Windows 2000/XP/Server 2003, you can use the Netstat command:

Click “Start →Run&rdquo ;, type “cmd” and press Enter to open a command prompt window. At the command prompt, type “netstat -a -n”, press the Enter key to see the port number and status of the TCP and UDP connections displayed in numeric form.

Tip: Netstat Command Usage Command Format: Netstat -a -e -n -o -s-an

-a means to display all active TCP connections and TCP and UDP monitored by the computer. port.

-e Indicates the number of bytes sent and received by Ethernet, the number of packets, and so on.

-n means that the address and port number of all active TCP connections are displayed in numeric form only.

-o Indicates the active TCP connection and includes the process ID (PID) for each connection.

-s Indicates that statistics for various connections, including port numbers, are displayed by protocol.

-an View all open ports

Turn off/on ports

Before introducing the functions of various ports, let me introduce how to close/open ports in Windows. Because by default, there are many unsafe or useless ports that are open, such as port 23 of the Telnet service, port 21 of the FTP service, port 25 of the SMTP service, port 135 of the RPC service, and so on. In order to ensure the security of the system, we can close/open the port by the following method.

Close port

For example, to close port 25 of SMTP service in Windows 2000/XP, you can do this: first open “ control panel & quoquo; double-click & ldquo; management tools & rdquo; Double click on “Services”. Then find and double-click the “Simple Mail Transfer Protocol (SMTP)” service in the open service window, click the “Stop” button to stop the service, then select ““ in the “Startup Type”). ”, and finally click the “OK” button. Thus, closing the SMTP service is equivalent to closing the corresponding port.

Open Port

If you want to open this port, just first click on “Startup Type"Select “Auto”, click the “OK" button, then open the service, in In the "Service Status" dialog box, click the "Start" button to enable the port. Finally, click the "OK" button.

Tip: There is no "service" option in Windows 98, you can use the firewall's rule settings feature to close/open ports.

Port Classification

Logical ports have multiple classification criteria. Two common categories are described below:

1. According to port number distribution

(1) Well-Known Ports

Well-known ports are well-known port numbers ranging from 0 to 1023. These port numbers are generally assigned to some services. For example, port 21 is assigned to the FTP service, port 25 is assigned to the SMTP (Simple Mail Transfer Protocol) service, port 80 is assigned to the HTTP service, port 135 is assigned to the RPC (Remote Procedure Call) service, and so on.

(2) Dynamic Ports

Dynamic ports range from 1024 to 65535. These port numbers are generally not assigned to a service, which means that many services can be used. These ports. As long as the running program makes an application to the system to access the network, the system can assign one of these port numbers for use by the program.

For example, port 1024 is assigned to the first program that sends an application to the system. After the program process is closed, the occupied port number is released.

However, dynamic ports are often used by virus Trojans. For example, the default port for glaciers is 7626, WAY 2.4 is 8011, Netspy 3.0 is 7306, YAI virus is 1024, and so on.

2. Divided by protocol type

According to the protocol type, it can be divided into TCP, UDP, IP and ICMP (Internet Control Message Protocol) ports. The following mainly introduces TCP and UDP ports:

(1) TCP port

TCP port, which is the transmission control protocol port, needs to establish a connection between the client and the server, which can provide reliable data transmission. Common ports include port 21 of the FTP service, port 23 of the Telnet service, port 25 of the SMTP service, and port 80 of the HTTP service.

(2) UDP port

UDP port, that is, the user data packet protocol port, no need to establish a connection between the client and the server, security is not guaranteed. Commonly, there are port 53 with DNS service, port 161 for SNMP (Simple Network Management Protocol) service, 8000 and 4000 ports for QQ, and so on.

Common Network Ports

Network Basics - Port Controls

Ports: 0 Service: Reserved Description: Typically used to analyze operating systems. This method works because in some systems,  0” is an invalid port, and when you try to connect to it using the usual closed port, it will produce different results. A typical scan that uses an IP address of 0.0.0.0, sets the ACK bit and broadcasts it at the Ethernet layer.

Port: 1 Service: tcpmux Description: This shows that someone is looking for a SGI Irix machine. Irix is ​​the main provider of tcpmux, and tcpmux is turned on by default in this system. The Irix machine is released with several default password-free accounts, such as IP, GUEST UUCP, NUCCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators forget to delete these accounts after installation. So HACKER searches tcpmux on the INTERNET and uses these accounts.

Port: 7 Service: Echo Description: Can see information sent to X.X.X.0 and X.X.X.255 when many people search for Fraggle amplifiers.

Port: 19 Service: Character Generator Description: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving the UDP packet. When a TCP connection is made, a stream containing garbage characters is sent until the connection is closed. HACKER can use IP spoofing to launch DoS attacks. Forged UDP packets between two chargen servers. Similarly, the Fraggle DoS attack broadcasts a packet with a fake victim IP to this port on the destination address, and the victim is overloaded in response to the data.

Port: 21 Service: FTP Description: The port opened by the FTP server for uploading and downloading. The most common attackers are used to find ways to open an anonymous FTP server. These servers have a readable and writable directory. Ports opened by Trojan Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash, and Blade Runner.

Port: 22 Service: Ssh Description: The TCP established by PcAnywhere and the connection to this port may be for ssh. This service has a number of vulnerabilities. If configured into a specific mode, many versions of the RSAREF library will have many vulnerabilities. Port: 23 Service: Telnet Description: Remote login, the intruder is searching for remote login UNIX services. In most cases this port is scanned to find the operating system on which the machine is running. There are other techniques that intruders can also find passwords. The Trojan Tiny Telnet Server opens this port.

Port: 25 Service: SMTP Description: The port opened by the SMTP server to send mail. Intruders look for SMTP servers to pass their SPAM. The intruder's account is closed and they need to connect to a high-bandwidth E-mail server to pass simple messages to different addresses. Trojan Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, WinSpy all open this port. Port: 31 Service: MSG Authentication Description: Trojan Master Paradise, Hackers Paradise open this port.

Port: 42 Service: WINS Replication Description: WINS Replication

Port: 53 Service: Domain Name Server (DNS) Description: The port on which the DNS server is open, the intruder may be trying to zone Pass (TCP), spoof DNS (UDP) or hide other communications. Therefore, firewalls often filter or log this port.

Port: 67 Service: Bootstrap Protocol Server Description: A large number of data sent to the broadcast address 255.255.255.255 is often seen by firewalls of DSL and cable modems. These machines are requesting an address from the DHCP server. HACKER often enters them, assigning an address to launch a large number of man-in-middle attacks as a local router. The client broadcasts the request configuration to port 68, and the server broadcasts a response request to port 67. This response uses broadcast because the client does not yet know the IP address that can be sent.

Port: 69 Service: Trival File Transfer Description: Many servers provide this service with bootp to facilitate downloading boot code from the system. But they often cause intruders to steal any files from the system due to misconfiguration. They can also be used to write files to the system.

Port: 79 Service: Finger Server Description: Intruders are used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to Finger scans from their own machines to other machines.

Port: 80 Service: HTTP Description: Used for web browsing. The Trojan Executor opens this port.

Port: 99 Service: Metagram Relay Description: The backdoor ncx99 opens this port.

Port: 102 Service: Message transfer agent (MTA)-X.400 over TCP/IP Description: Message Transfer Agent.