Contacts
home

How to find out which process is listening on a port in Windows? How to see open ports in Linux Listening to a tcp port

Hello everyone, earlier I started a story about network utilities system administrator in the article “The pathping utility or how to diagnose a problem on the route to the site. Network utilities part 3,” we move on and analyze another utility netstat or how to determine which ports your computer is listening on. This program will be an irreplaceable tool in the software baggage of any system engineer; it will help him quickly diagnose the situation and detect a number of all sorts of problems with services and their availability.

netstat commands

Netstat- Displays active TCP connections, ports listening on the computer, Ethernet statistics, IP routing table, IPv4 statistics (for IP, ICMP, TCP and UDP protocols) and IPv6 (for IPv6, ICMPv6, TCP over IPv6 and UDP over IPv6 protocols)

Let’s imagine a situation: you installed, for example, the MSM LSI utility to view the parameters of a RAID controller, you launch the utility, but it doesn’t find anything, because the port is closed and you don’t know which one, and it’s not always possible to quickly find information about this on the Internet, for this you can run netstat and see what port your server with the MSM process is listening on.

Open the command line Windows string and enter netstat?. The utility's help will pop up.

C:\Users\sem>netstat ?

Display protocol statistics and current network connections TCP/IP.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-x] [-t]
[interval]

  • -a Displays all connections and listening ports.
  • -b Display the executable file involved in creation
  • each connection or listening port. Sometimes known executable files contain many independent components. The sequence of components involved in creating a connection or listening port is then displayed. In this case, the name of the executable file is at the bottom in brackets, at the top is the component it called, and so on until TCP/IP is reached. Please note that this approach can be time consuming and requires sufficient permissions.
  • -e Display Ethernet statistics. Can be used in conjunction with the -s option.
  • -f Display fully qualified domain name () for external addresses.
  • -n Display addresses and port numbers in numeric format.
  • -o Display the process ID of each connection.
  • -p protocol Display connections for the protocol specified by this parameter. Valid values ​​are TCP, UDP, TCPv6, or UDPv6. When used in conjunction with the -s option to display protocol statistics, valid values ​​are: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  • -r Display the contents of the route table.
  • -s Display protocol statistics. By default, statistics are displayed for the IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6 protocols. The -p option allows you to specify a subset of the output.
  • -t Display the offload status for the current connection.
  • -x Displays NetworkDirect connections, listeners, and common endpoints.
  • -y Display the TCP connection template for all connections. Cannot be used in conjunction with other options. interval Repeated display of selected statistics with a pause between displays specified by the interval in seconds. To stop displaying statistics repeatedly, press CTRL+C. If this parameter is omitted, netstat will print the current configuration information once.

Let's see interesting keys netstat utilities. The first thing we enter

and statistics will appear on our screen network packets ethernet

If we add the -s switch, we will get statistics on protocols.

It is very useful to see everything that your host is listening to, for this we write

The command output contains the Protocol type, either TCP or UDP, the local address with the port that is listening and the external address with the port, and the action status.

To fully understand the information provided by this command, it is necessary to understand the principles of connection establishment in the TCP/IP protocol. Here are the main steps in the process of establishing a TCP/IP connection:

1. When attempting to establish a connection, the client sends a SYN message to the server.

2. The server responds with its own SYN message and an acknowledgment (ACK).

3. The client then sends an ACK message back to the server, completing the connection setup process.

The disconnection process consists of the following steps:

1. The client says "I'm done" by sending a FIN message to the server. At this stage, the client only receives data from the server, but does not send anything itself.

2. The server then sends an ACK message and sends its own FIN message to the client.

3. The client then sends an ACK message to the server, confirming the FIN server's request.

4. When the server receives an ACK message from the client, it closes the connection.

Understanding the steps in the connection setup and termination process allows you to more transparently interpret connection states in netstat command output. Connections in the list can be in the following states:

  • CLOSE_WAIT- indicates the passive phase of closing a connection, which begins after the server receives a FIN message from the client.
  • CLOSED- the connection was interrupted and closed by the server.
  • ESTABLISHED- the client established a connection with the server by receiving a SYN message from the server.
  • FIN_WAIT_1- the client initiated closing the connection (sent a FIN message).
  • FIN_WAIT_2- the client received ACK and FIN messages from the server.
  • LAST_ACK- the server sent a FIN message to the client.
  • LISTEN- the server is ready to accept incoming connections.
  • SYN_RECEIVED- the server received a SYN message from the client and sent it a response.
  • TIMED_WAIT- the client sent a FIN message to the server and is waiting for a response to this message.
  • YN_SEND- the specified connection is active and open.

The netstat utility or how to determine which ports your computer is listening on. Network utilities part 4-06

If the port is open, this means that some program (for example, a service) is using it to communicate with another program via the Internet or in local system. To see which ports are open in your Linux system can be used netstat command. The output will show all services and the ports and IP addresses they listen to.

sudo netstat -ntulp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 2392/smbd
tcp 0 0 0.0.0.0:9518 0.0.0.0:* LISTEN 2894/skype
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 2896/vlc
tcp 0 0 127.0.0.1:3493 0.0.0.0:* LISTEN 2467/upsd
...

  • -l or --listening - show only listening ports
  • -p or --program - show program name and PID
  • -t or --tcp show tcp ports
  • -u or --udp show udp ports
  • -n or --numeric show ip addresses in numeric form

Method 2 lsof

The lsof utility allows you to view all connections open in the system, including network ones; for this you need to use the i option.

dhcpcd 2136 root 6u IPv4 4986 0t0 UDP *:bootpc

hamachid 2323 root 8u IPv4 5587 0t0 TCP 192.168.1.2:35445->212.118.234.65:https (ESTABLISHED)
smbd 2392 root 27u IPv6 5624 0t0 TCP *:microsoft-ds (LISTEN)
sshd 2421 root 3u IPv4 6196 0t0 TCP *:ssh (LISTEN)
upsd 2467 nut 4u IPv4 6235 0t0 TCP comm-app.local:nut (LISTEN)

Another example, let’s look at which processes work on port 80:

sudo lsof -i | grep 80

ntpd 2213 root 23u IPv6 5422 0t0 UDP :ntp
ntpd 2213 root 27u IPv6 5598 0t0 UDP :ntp
skype 2894 serigy 87u IPv4 7080 0t0 TCP *:9518 (LISTEN)
chrome 3114 sergiy 122u IPv4 31904 0t0 TCP 192.168.1.2:47804->srv118-131-240-87.vk.com:https (ESTABLISHED)

Method 3: nmap

Nmap is a powerful network scanner designed to scan and pentest remote hosts, but there's nothing stopping you from pointing it at your local computer:

Starting Nmap 6.47 (http://nmap.org) at 2015-08-02 17:27 EEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00036s latency).
Other addresses for localhost (not scanned): 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1
rDNS record for 127.0.0.1: comm-app.local
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3493/tcp open nut
8080/tcp open http-proxy

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

If you want to see which ports on your computer are accessible from the outside, Nmap can also come in handy here. If the computer is a public server, then the result will most likely not differ from a local scan, but on home computer everything is a little different. The first option is to use a router and only the router’s ports will be visible on the network; another threshold of protection can be the provider’s NAT server. NAT technology allows multiple users to use one external IP address. And so, to view open external ports, we first find out the external IP address, for reliability we will use the online service:

nmap 178.93.149.50

As a result, we can get open port 80 of the web server, or even 21 - file server, which we did not install, these ports are open by the router, 80 is for the web interface, and 21 can be used to update the firmware. You may also not get results at all, this will mean that all ports are closed, or an IDS intrusion protection system is installed on the server.

    Open the window command line(as an administrator). In the "Start\Search" box, type "cmd", then right-click "cmd.exe" and select "Run as administrator"

    Type the following text and press Enter.

    netstat -abno

    -a Displays all connections and listening ports.

    -b Displays the executable file involved in creating each connection or listening port. In some cases, a known executable host has multiple independent components, and in these cases a sequence of components is involved in creating a connection or listening port. In this case, the executable's name is at the bottom, at the top is the component it named, etc. until TCP/IP is reached. Please note that this option may take a long time and will fail if you do not have sufficient permission.

    -n Displays addresses and port numbers in numeric form.

    -o Displays the ownership process ID associated with each connection.

    Find the port you are listening to under "Local Address"

    Look at the process name directly below this.

NOTE. To find a process in Task Manager

    Note the process ID (process ID) next to the port you are looking for.

    Open Windows Task Manager.

    Go to the Processes tab.

    Look at the PID you noted when you did the netstat in step 1.

    • If you don't see the PID column, click View/Select Columns. Select PID.

      Make sure "Show processes from all users" is selected.

We will be deploying a new application on a server and the application will listen on port 8443. We have asked the Network command to open for port 8443 on this server before deploying the application. The application is not currently listening on this port on the server.

Anyway I can make sure the firewall is open for port 8443

OS: Solaris 10 10/09 s10s_u8wos_08a SPARC

5 Solutions collect form web for “How to check if a firewall is open on a port but not listening on the port”

If you want to see if you can form a TCP connection from a remote machine, install OpenCSW on that and the target machine, and install netcat on both. This is the syntax for using netcat to check TCP connections:

nc -vz targetServer portNum

For example, to test SSH on "homeServer1":

nc -vz homeserver1 22

This allows you to test TCP level connectivity from a remote system. Netcat can also be configured to listen on a port rather than act as a client. To listen to it on TCP/8443:

On the server on which there will be nc -l homeserver1 8443 application: nc -l homeserver1 8443

On a machine that is outside the firewall: nc -vz homeserver.fqdn 8443

This is an example of successful execution:

$ nc -vz ditirlns01.ncat.edu 8443 Connection to ditirlns01.ncat.edu 8443 port succeeded!

Failed execution:

$ nc -vz ditirlns01.ncat.edu 8443 nc: connect to ditirlns01.ncat.edu port 8443 (tcp) failed: Connection refused

Firewalls must respond with an ICMP message when they block a request. However, this is not necessarily the case (you might find this good article interesting).

You can test externally to see if the port is accessible through the firewall, and if so, is there anything listening. Here are three different scenarios related to the tcp request that you can observe with using wireshark, or with some other packet sniffer, and this is what you'll see:

1) Firewall rejects the request

You will receive an ICMP message, and the tool making the request should immediately tell you about it ("unavailable, denied by administrator", etc.). By "tool" I mean the client you use to send the request (I used telnet).

"No route to host" may indicate this, but it may also indicate more subtle routing problems.

2) The firewall drops the packet

There is no answer, so the tool waits until it fails or you get bored.

3) The firewall allows the packet (or there is no firewall), but nothing is listening on the port.

The TCP RST/ACK message appears. I'm guessing the TCP protocol requires this. In other words, if nothing is listening on the port, the OS itself sends this response. This may be difficult to distinguish from #1 just based on what the tool reports, because in both cases it Maybe say the same thing (however, it would likely differentiate this as "connection refused" versus #1, "network unavailable",). Scenario #1 (ICMP reject message) and #3 (TCP RST/ACK message) observed in the sniffer packet on the client machine are distinctly different.

The only other option here is that the packet is allowed by the firewall and something is listening, so you get a successful connection.

In other words: Assuming your network is generally working correctly, if you get #1 or #2, it means the firewall is actively preventing access to the port. #3 will happen if your server is not running but the port is available, and of course (implicit) #4 is a successful connection.

You can use the netstat command to see if a port is open and listening.

example

$ netstat -anp | less Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:41716 0.0. 0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN 3034 /dropbox tcp 0 0 0.0.0.0:17501 0.0.0.0:* LISTEN 3033/dropbox tcp 0 0 127.0.0.1:2143 0.0.0.0:* LISTEN 3191/ssh tcp 0 0 127.0.0.1:2025 0.0.0.0:* L ISTEN 3191/ssh

The output shows processes (column from right to left), which listen on TCP ports. Port numbers are the numbers that follow the colons after IP addresses (for example, 0.0.0.0:111 is port 111).

IP addresses show local And external addresses . Local will be your system, and Foreign– any addresses that can be connected to your TCP port or connected to one of their TCP ports.

So in case of port 22, this is the ssh daemon running on my system, this is LISTENING for connections. As soon as someone tries to connect to ssh it emits a copy of itself and pushes that connection to another port, keeping TCP port 22 open for additional connections as they arrive.

The configuration and state of the firewall configuration depends on the firewall/OS.

What you can do is try it from server2.

There are many different applications that show which application is currently "listening" on which port. You can use the SysInternals Process Explorer, Sysinternals TCPView, Nirsoft CurrPorts applications, they are all very great, but they may simply not be at hand at the right time. Their absence can be compensated for by the built-in operating system tools.

Part Windows console utility included netstat. By running it with the parameter /? , you will see that it is designed to display statistics and active TCP/IP protocol connections, as well as a complete list of its options:

From this list, we are primarily interested in these:

  • -a– display all connections and used ports.
  • -o– display the numeric identifier of the process responsible for a specific connection (Process ID, or simply PID).

I would also like to draw your attention to the option –n, which tells the utility netstat display real IP addresses and numeric port values ​​instead of DNS names and common aliases. In some cases this may be useful.

Procedure

If you hate tasklist, you can use the system " Task Manager". Launch it by pressing CTRL+SHIFT+ESC, go to the "Processes" tab. In the "View" menu, select "Select Columns", and check the PID column:

The required process can be found by the value of this column:

I personally prefer tasklist for the reason that there is no search in the task manager.

Did you like the article? Share it
We recommend articles on the topic
Order 343 mail. Order by Russian post. Consequences of failure to appear in court when summonedOrder 343 mail. Order by Russian post. Consequences of failure to appear in court when summoned
How to put a password on a folder on a Windows computer without and with programsHow to put a password on a folder on a Windows computer without and with programs
Pluton – Free Bootstrap HTML5 One Page TemplatePluton – Free Bootstrap HTML5 One Page Template
Visitors are currently discussing
History of ZX Spectrum: Myths and reality New SpectrumHistory of ZX Spectrum: Myths and reality New Spectrum Programs
Voice assistant Siri from Apple Siri functions on iPhone 6sVoice assistant Siri from Apple Siri functions on iPhone 6s Anonymity
How to roll back to a previous version of iOS?How to roll back to a previous version of iOS? Browsers
Unlock iPad in four daysUnlock iPad in four days Webmaster