PC port knowledge

View port
To view the port in Windows 2000/XP/Server 2003, run the netstat command:

Click Start> Run, type cmd, and press enter to open the Command Prompt window. Type "netstat-a-n" in the command prompt. Press the Enter key to view the TCP and UDP connection port numbers and statuses displayed in numbers.

TIPS: netstat command usage
Command Format: netstat-a-e-n-o-s

-A indicates that all active TCP connections and TCP and UDP ports listened by the computer are displayed.

-E indicates the number of bytes sent and received over the Ethernet, and the number of packets.

-N indicates that only the active TCP connection addresses and port numbers are displayed in numbers.

-O indicates that active TCP connections are displayed and the process ID (PID) of each connection is included ).

-S indicates that statistics of various connections are displayed by protocol, including the port number.

Close/enable port
Before introducing the functions of various ports, we will first introduce how to disable/enable ports in windows, because the default situation is, many insecure or useless ports are enabled, for example, port 23 of the Telnet service, port 21 of the FTP service, port 25 of the SMTP service, and port 135 of the RPC service. To ensure system security, we can disable/enable the port through the following methods.

Close the port
For example, to disable port 25 of the SMTP service in Windows 2000/XP, you can do this: first open "Control Panel", double-click "Administrative Tools", and then double-click "service ". In the displayed service window, find and double-click the "Simple Mail Transfer Protocol (SMTP)" service and click "stop" to stop the service, select "disabled" in "Start type" and click "OK. In this way, closing the SMTP service is equivalent to closing the corresponding port.

Enable Port
If you want to enable this port, you only need to select "Auto" in "Start type", click "OK", and then open the service, in "service status", click "start" to enable the port. Finally, click "OK.

Port 21: port 21 is mainly used for FTP (file transfer protocol) services. Port 23: port 23 is mainly used for telnet (Remote logon) services. It is a common logon and simulation service on the Internet. Program . Port 25: port 25 is open to SMTP (Simple Mail Transfer Protocol) servers and is mainly used to send emails. Most mail servers use this Protocol today. Port 53: port 53 is open to DNS (Domain Name Server) servers and is mainly used for domain name resolution. DNS is the most widely used in the NT System. Port 67, port 68: port 67, and port 68 are opened for the Bootstrap Protocol server and Bootstrap Protocol client of The BOOTP service respectively. Port 69: TFTP is a simple file transfer protocol developed by Cisco, similar to FTP. Port 79: port 79 is open for the Finger service. It is mainly used to query details of users such as online users of remote hosts, operating system types, and whether a buffer overflow occurs. Port 80: Port 80 is open for HTTP (HyperText Transport Protocol, Hypertext Transfer Protocol), which is the most widely used protocol for surfing the Internet. It is mainly used in WWW (World Wide Web, World Wide Web) the Protocol for transmitting information on the service. Port 99: port 99 is used for a service named "metemedirelay" (sub-countermeasure delay). This service is rare and generally unavailable. Port 109 and port 110: Port 109 is open for the pop2 (Post Office Protocol Version 2, Post Office Protocol 2) service, and port 110 is open for the POP3 (mail protocol 3) service, pop2 and POP3 are mainly used to receive emails. Port 111: port 111 is the port opened by Sun's Remote Procedure Call service. It is mainly used for internal process communication between different computers in a distributed system, RPC is an important component in a variety of network services. Port 113: port 113 is mainly used for authentication service in windows ). Port 119: port 119 is open for "Network News Transfer Protocol" (NNTP. Port 135: port 135 is mainly used to use the Remote Procedure Call Protocol and provide the DCOM (Distributed Component Object Model) service. Port 137: port 137 is mainly used for "NetBIOS name service" (NetBIOS Name Service ). Port 139: port 139 is provided for "NetBIOS Session Service" and is mainly used to provide Windows file and printer sharing and SAMBA service in UNIX. Port 143: port 143 is mainly used for "Internet Message Access Protocol" V2 (Internet Message Access Protocol (IMAP ). Port 161: port 161 is used for "Simple Network Management Protocol" (SNMP ). Port 443: Port 43 is the Web browsing port, which is mainly used for HTTPS services. It is another type of HTTP that provides encryption and transmission through secure ports. Port 554: port 554 is used by default for "Real Time Streaming Protocol" (RTSP ). Port 1024: Port 1024 is generally not allocated to a service. It is interpreted as "Reserved" in English ). Port 1080: port 1080 is the port used by the socks proxy service. The WWW Service is usually used by the Internet. Port 1755: port 1755 is used by default for Microsoft Media Server (MMS ). Port 4000: port 4000 is a commonly used QQ token tool. In other words, it is a port opened for the QQ client. The port used by the QQ server is port 8000. Port 5554: In April 30 this year, it was reported that there was a new worm against the Microsoft LSASS Service-worm. (Sasser), the virus can use TCP port 5554 to enable an FTP service, which is mainly used for virus propagation. Port 5632: Port 5632 is the port opened by the remote control software pcAnywhere. Port 8080: port 8080 is the same as port 80 and is used for WWW Proxy service. The concept of Web port can be implemented. In network technology, port has two meanings: one is physical port, such as ADSL modem, Hub, switch, router interface used to connect to other network equipment, such as RJ-45 port, SC port and so on. The second is the logical port, which generally refers to the port in the TCP/IP protocol. The port number ranges from 0 to 65535, for example, port 80 used to browse Web Services, port 21 for the FTP service. Here we will introduce the logical port. In the logic sense, port classification has multiple classification standards. The following describes two common classifications: 1. by distribution of port numbers (1) well-known ports (well-known ports) are well-known port numbers ranging from 0 to 1023. These ports are usually allocated to some services. For example, port 21 is allocated to the FTP service, port 25 is allocated to the SMTP (Simple Mail Transfer Protocol) service, port 80 is allocated to the HTTP service, and port 135 is allocated to the RPC (Remote process call) service) services. (2) The range of dynamic ports is from 1024 to 65535. These ports are generally not allocated to a service, that is, many services can use these ports. As long as the program runs to the system to request access to the network, the system can assign a port number for the program to use. For example, port 1024 is allocated to the first application to the system. After the program process is closed, the occupied port number is released. However, dynamic ports are often used by viruses and Trojans. For example, the default connection ports of glaciers are 7626, way 2.4 is 8011, NetSpy 3.0 is 7306, and Yai is 1024. 2. Divided by protocol type, can be divided into TCP, UDP, IP, ICMP (Internet Control Message Protocol) and other ports. The following describes TCP and UDP ports: (1) TCP port: namely, the transmission control protocol port. A connection must be established between the client and the server to provide reliable data transmission. Common include port 21 of the FTP service, port 23 of the Telnet service, port 25 of the SMTP service, and port 80 of the HTTP service. (2) UDP port: user data packet protocol port. You do not need to establish a connection between the client and the server, and the security is not guaranteed. Common services include DNS Service port 53, SNMP (Simple Network Management Protocol) Service port 161, and QQ port 8000 and port 4000. To view the port in Windows 2000/XP/Server 2003, run the netstat command: Click Start> Run, type cmd, and press enter to open the Command Prompt window. Type "netstat-a-n" in the command prompt. Press the Enter key to view the TCP and UDP connection port numbers and status () displayed in numbers (). TIPS: netstat command usage Command Format: netstat-a-e-n-o-s-A indicates that all active TCP connections and TCP and UDP ports listened by the computer are displayed. -E indicates the number of bytes sent and received over the Ethernet, and the number of packets. -N indicates that only the active TCP connection addresses and port numbers are displayed in numbers. -O indicates that active TCP connections are displayed and the process ID (PID) of each connection is included ). -S indicates that statistics of various connections are displayed by protocol, including the port number. Before introducing the functions of various ports, we will first introduce how to disable/enable ports in windows, many insecure or useless ports are enabled, for example, port 23 of the Telnet service, port 21 of the FTP service, port 25 of the SMTP service, and port 135 of the RPC service. To ensure system security, we can disable/enable the port through the following methods. To close the port, for example, to disable port 25 of the SMTP service in Windows 2000/XP, open "Control Panel", double-click "Administrative Tools", and then double-click "service ". In the displayed service window, find and double-click the "Simple Mail Transfer Protocol (SMTP)" service and click "stop" to stop the service, select "disabled" in "Start type" and click "OK. In this way, closing the SMTP service is equivalent to closing the corresponding port. To enable a port, select "Auto" in "Start type", click "OK", and then open the service, in "service status", click "start" to enable the port. Finally, click "OK. Tip: the "service" option is not available in Windows 98. You can use the firewall rule setting function to disable/enable the port. Port 79 Description: port 79 is open for the Finger service. It is mainly used to query details of users such as online users of remote hosts, operating system types, and whether a buffer overflow occurs. For example, to display the user01user information on the remote computer http://www.abc.com/, you can click "Finger user01 @ http://www.abc.com/#" in the command line. Port vulnerabilities: Generally, hackers must use port scanning tools to obtain relevant information to attack the other's computers, for example, you can use port 79 to scan remote computer operating system versions, obtain user information, and detect known buffer overflow errors. In this way, hackers are prone to attacks. Port 79 is also used as the default port by the firehotcker Trojan. Operation suggestion: We recommend that you disable this port. Port 80 Description: Port 80 is open for HTTP (HyperText Transport Protocol), which is the most widely used protocol for surfing the Internet. It is mainly used in WWW (World Wide Web, information Transmission Protocol on the web service. We can use the HTTP address and ": 80" (commonly referred to as "url") to access the website, such ". Port vulnerabilities: some Trojans can use port 80 to attack computers, such as executor and Ringzero. Operation suggestion: In order to surf the Internet normally, we must enable port 80. Port 109 and port 110: Port 109 is open for pop2 (Post Office Protocol Version 2, Post Office Protocol 2) services, port 110 is POP3 (mail protocol 3) pop2 and POP3 are mainly used to receive mails. Currently, POP3 is widely used, and many servers support both pop2 and POP3. The client can use the POP3 protocol to access the mail service on the server. Currently, most mail servers on the ISP use this protocol. When using the email client, you must enter the POP3 server address. By default, port 110 () is used (). Port vulnerabilities: pop2 and POP3 have many vulnerabilities while providing the mail receiving service. The POP3 Service has no less than 20 vulnerabilities in the user name and password exchange Buffer Overflow. For example, the webeasymail POP3 server legal user name information leakage vulnerability allows remote attackers to verify the existence of user accounts. In addition, port 110 is also used by trojan programs such as promail Trojan. port 110 can steal the user name and password of the POP account. Suggestion: Open this port if the email server is running. Port 135 Description: port 135 is mainly used to use the Remote Procedure Call Protocol and provide the DCOM (Distributed Component Object Model) service, RPC ensures that programs running on a computer can run smoothly on a remote computer.Code DCOM can be used for direct communication over the network and cross-network transmission, including HTTP. Port Vulnerability: it is believed that many Windows 2000 and Windows XP users suffered the "Shock Wave" virus last year. The virus uses the RPC vulnerability to attack computers. RPC itself has a vulnerability in the message exchange through TCP/IP. This vulnerability is caused by incorrectly processing incorrectly formatted messages. This vulnerability affects an interface between RPC and DCOM. The port that the interface listens on is 135. Operation suggestion: to avoid "Shock Wave" virus attacks, we recommend that you disable port 137. Description: port 137 is mainly used for "NetBIOS name service" (NetBIOS Name Service) and belongs to the UDP port, you only need to send a request to a LAN or port 137 of a computer on the Internet to obtain the name and User Name of the computer, and whether the master domain controller is installed, and whether IIS is running. Port Vulnerability: because it is a UDP port, attackers can easily obtain information about the target computer by sending requests. Some information can be exploited directly and analyzed, for example, the IIS service. In addition, by capturing information packets that are using port 137 for communication, you may also get the start time and close time of the target computer, so that you can use a dedicated tool to attack. Operation suggestion: We recommend that you disable this port. Port 139: port 139 is provided for "NetBIOS Session Service" and is mainly used to provide Windows file and printer sharing and Samba services in UNIX. To share files in a LAN in Windows, you must use this service. For example