How to view computer port usage

View ports
To view the ports in Windows 2000/xp/server 2003, you can use the netstat command:

Tap Start → run, type "cmd" and enter to open a command prompt window. Type "Netstat-a-n" at the command prompt and press ENTER to see the port number and status of the TCP and UDP connections that are displayed digitally.

Tip: Netstat command usage
Command format: Netstat? A??-e??---O?

-A indicates all active TCP connections and TCP and UDP ports on which the computer listens.

-E Indicates the number of bytes sent and received by Ethernet, the number of packets, and so on.

-n means that only the addresses and port numbers of all active TCP connections are displayed in digital form.

-O indicates that the active TCP connection is displayed and includes the process ID (PID) for each connection.

-S means statistics for various connections, including port numbers, by protocol


Tip: There is no "service" option in Windows 98, you can use the firewall's rule setting feature to turn off/on ports

Netstat-an View all open ports
Netstat-n viewing ports in the current connection
Close port
For example, to turn off port 25 of the SMTP service in Windows 2000/XP: First open Control Panel, double-click Administrative Tools, and then double-click Services. Next, locate and double-click the "Simple Mail Transfer Protocol (SMTP)" Service in the Open Services window, stop the service by clicking the Stop button, then select "Disabled" in startup type, and then click the OK button. In this way, shutting down the SMTP service is equivalent to shutting down the corresponding port.

Open port
If you want to turn on the port, simply select Automatic in Startup type, click the OK button, then open the service, click the Start button in service status to enable the port, and finally click the OK button.
Tip: There is no "service" option in Windows 98, you can use the firewall's rule setting feature to turn off/on the port.
Port classification

There are several classification criteria for ports in logical sense, and two common classifications are described below:

1. Divide by port number distribution

(1) Well-known port (well-known Ports)
Well-known ports, known as port numbers, range from 0 to 1023, and these port numbers are generally fixed to some services. For example, 21 ports are assigned to the FTP service, 25 ports are assigned to the SMTP (Simple Mail Transfer Protocol) service, 80 ports are assigned to the HTTP service, 135 ports are assigned to the RPC (Remote Procedure Call) service, and so on.

(2) dynamic port (Ports)
Dynamic ports range from 1024 to 65535, and these port numbers are typically not fixed to a service, which means that many services can use these ports. As long as the running program makes a request to the system to access the network, the system can allocate one from these port numbers for the program to use. For example, port 1024 is assigned to the first program to send a request to the system. After the program process is closed, the port number that is occupied is freed.
However, dynamic ports are also often used by virus trojan programs, such as glacier default connection port is 7626, the means 2.4 is 8011, Netspy 3.0 is 7306, Yai virus is 1024 and so on.

2. Classification by Protocol type
Divided by protocol type, it can be divided into TCP, UDP, IP and ICMP (Internet Control Message Protocol) and other ports. The following mainly describes TCP and UDP ports:

(1) TCP port
TCP ports, or Transmission Control protocol ports, require a connection between the client and the server to provide reliable data transfer. Common 21 ports include the FTP service, 23 ports for the Telnet service, 25 ports for the SMTP service, and 80 ports for the HTTP service, and so on.

(2) UDP port
UDP port, the user Packet protocol port, does not require a connection between the client and the server, and security is not guaranteed. Common DNS Service has 53 ports, SNMP (Simple Network Management Protocol) service 161 port, QQ uses 8000 and 4000 ports and so on.
Common network ports

Network Basics! Port Control

Port: 0
Service: Reserved
Description: Typically used to analyze the operating system. This approach works because "0" is an invalid port in some systems and will produce different results when you try to connect to it using the usual closed port. A typical scan with an IP address of 0.0.0.0, set the ACK bit and broadcast on the Ethernet layer.

PORT: 1
Service: Tcpmux
Description: This shows someone looking for the SGI IRIX machine. IRIX is the main provider for implementing Tcpmux, and by default Tcpmux is opened in this system. The IRIX machine is released with several default password-free accounts, such as: IP, GUEST UUCP, NUUCP, DEMOS, TUTOR, DIAG, Outofbox, etc. Many administrators forget to delete these accounts after installation. So hacker search the internet for Tcpmux and take advantage of these accounts.

Port: 7
Service: Echo
Description: You can see the information that many people send to x.x.x.0 and x.x.x.255 when they search for Fraggle amplifiers.

Port: 19
Service: Character Generator
Description: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving the UDP packets. A TCP connection sends a stream of data that contains garbage characters until the connection is closed. Hacker uses IP spoofing to launch Dos attacks. Forge a UDP packet between two Chargen servers. Similarly Fraggle Dos attacks broadcast a packet with a spoofed victim IP to this port on the destination address, and the victim is overloaded to respond to this data.

Port: 21
Services: FTP
Description: The FTP server is open to the port for uploading, downloading. The most common attackers are used to look for ways to open an anonymous FTP server. These servers have a read-write directory. Trojan doly ports open for Trojan, Fore, Invisible FTP, WebEx, Wincrash, and Blade Runner.

Port: 22
Service: Ssh
Description: The connection between TCP and this port established by pcanywhere may be to look for SSH. This service has many weaknesses, and if configured in a specific mode, many of the versions that use the RSAREF library will have a number of vulnerabilities.

Port: 23
Services: Telnet
Description: Telnet, the intruder is searching for services that Telnet to UNIX. In most cases, this port is scanned to find the operating system that the machine is running on. and using other technologies, intruders will also find passwords. Trojan Tiny Telnet Server will open this port.

Port: 25
Service: SMTP
Description: The port that the SMTP server is open for sending messages. Intruders look for SMTP servers to pass their spam. The intruder's account is closed and they need to be connected to a high-bandwidth e-mail server to pass simple information to different addresses. Trojan antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WINPC, winspy all open this port.

Port: 31
Service: MSG Authentication
Description: Trojan Master Paradise, Hackers Paradise Open this port.

Port: 42
Service: WINS Replication
Description: WINS replication

Port: 53
Service: Domain Name Server (DNS)
Description: The DNS server is open to ports where intruders may be trying to make zone transfers (TCP), spoof DNS (UDP), or hide other traffic. So firewalls often filter or log this port.

Port: 67
Service: Bootstrap Protocol Server
Description: A firewall with DSL and cable modems often sees a large amount of data sent to broadcast address 255.255.255.255. These machines are requesting an address from the DHCP server. Hacker often enter them, assigning an address that initiates a large number of middlemen (man-in-middle) attacks as a local router. The client broadcasts the request configuration to port 68, and the server broadcasts a response request to port 67. This response uses broadcasts because the client does not yet know which IP address can be sent.

Port: 69
Service: Trival File Transfer
Description: Many servers work with BOOTP to provide this service for easy download of boot code from the system. However, they often allow intruders to steal any file from the system due to misconfiguration. They can also be used to write files to the system.

Port: 79
Service: Finger Server
Description: An intruder is used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to finger scans from its own machine to other machines.