IP Address Scanning | Ports | TTY Watcher | RotoRouter | Industrial Programs | IP Watcher | EtherPeek | Intruders

How to Tell What Ports are Open on your own Computer

    It's a good idea to regularly check what ports are open on your own computer. If you discover a new port -- time to investigate. For example, an open port 31337 is an almost sure sign that your computer has been taken over by the Windows Back Orifice Trojan. (See the "How to Break into Windows 95/98 Computers" chapter for removal instructions.)

    It is possible to check all your ports with just the tools that are already part of your Windows or Unix operating system. The "netstat -a" command will show all the ports open on your computer. Here's what I get on a home Linux box:

~ > netstat -a

Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        State
tcp       0   134 fu.ml.org:telnet      pma03.foo66.com:1030    ESTABLISHED
tcp       0     0 *:www                  *:*                    LISTEN
tcp       0     0 fu.ml.org:22          *:*                    LISTEN
tcp       0     0 *:smtp                 *:*                    LISTEN
tcp       0     0 *:2049                 *:*                    LISTEN
tcp       0     0 *:660                  *:*                    LISTEN
tcp       0     0 *:printer              *:*                    LISTEN
tcp       0     0 *:auth                 *:*                    LISTEN
tcp       0     0 *:finger               *:*                    LISTEN
tcp       0     0 *:imap2                *:*                    LISTEN
tcp       0     0 *:pop3                 *:*                    LISTEN
tcp       0     0 *:login                *:*                    LISTEN
tcp       0     0 *:shell                *:*                    LISTEN
tcp       0     0 *:telnet               *:*                    LISTEN
tcp       0     0 *:ftp                  *:*                    LISTEN
tcp       0     0 *:time                 *:*                    LISTEN
tcp       0     0 *:sunrpc               *:*                    LISTEN
udp       0     0 *:2049                 *:*
udp       0     0 *:657                  *:*
udp       0     0 *:ntalk                *:*
udp       0     0 *:biff                 *:*
udp       0     0 *:time                 *:*
udp       0     0 *:syslog               *:*
udp       0     0 *:sunrpc               *:*
raw       0     0 *:1                    *:*
Active UNIX domain sockets (including servers)
Proto RefCnt Flags      Type      State        I-Node Path
unix 2     [ ]        STREAM                  3870  /dev/log
unix 2     [ ]        STREAM    CONNECTED    3869
unix 2     [ ]        STREAM                  475   /dev/log
unix 2     [ ]        STREAM    CONNECTED    474
unix 2     [ ]        STREAM                  434   /dev/log
unix 2     [ ]        STREAM    CONNECTED    433
unix 2     [ ]        STREAM                  281   /dev/log
unix 2     [ ]        STREAM    CONNECTED    280
unix 2     [ ]        STREAM                  257   /dev/log
unix 2     [ ]        STREAM    CONNECTED    252
unix 1     [ ACC ]    STREAM    LISTENING    247   /dev/printer
unix 2     [ ]        STREAM                  246   /dev/log
unix 1     [ ACC ]    STREAM    LISTENING    207   /dev/log
unix 2     [ ]        STREAM    CONNECTED    198

    How about seeing what ports are open on your Windows computer? If you are not on a LAN, chances are there won't be much to see.  Here's what my stand alone Win98 computer (her name is Lovely_Lady) says when I am on America Online:

C:\WINDOWS>netstat -a

Active Connections

 Proto Local Address         Foreign Address       State
 TCP   lovely-lady:137       LOVELY_LADY:0         LISTENING
 TCP   lovely-lady:138       LOVELY_LADY:0         LISTENING
 TCP   lovely-lady:nbsession LOVELY_LADY:0         LISTENING
 UDP   lovely-lady:nbname    *:*
 UDP   lovely-lady:nbdatagram *:*

Scanning