Several ways to view this machine open port Select from Lithe's Blog
1. Windows itself comes with the netstat command about the netstat command, let's take a look at the introduction in the Windows Help file: NetStat Display Protocol Statistics and the current TCP / IP network connection. This command can only be used after the TCP / IP protocol is installed. NetStat [-a] [-e] [-n] [-r] [-r] [interval] parameter -a display all connection and listening ports. Server connections are usually not displayed. -E Displays Ethernet statistics. This parameter can be used in conjunction with the -s option. -N Displays the address and port number in digital format (instead of trying to find the name). -S Displays statistics for each protocol. By default, statistics on TCP, UDP, ICMP, and IP are displayed. The -p option can be used to specify the default subset. -P protocol Displays the connection of protocols specified by Protocol; Protocol can be TCP or UDP. If you use the -s option to display the statistics of each protocol, Protocol can be TCP, UDP, ICMP, or IP. -R Displays the contents of the routing table. Interval re-displays the selected statistics and suspend Interval seconds between each display. Stop the statistics by Ctrl B stop. If this parameter is omitted, NetStat will print a current configuration information. Ok, after reading these help files, we should understand the use of the netstat command. Let us now learn to use this command to see your machine open port. Go to the command line, using the NetStat commands A and N two parameters: c: /> netstat -an active connections proto 0.0.0.0:80 0.0.0.0:0:0.0.0.0.0.0.0:0:0.0:0:21 0.0.0.0:0.0.0:0.0.0.0.0.0.0.0:0.0.0.0.0.0:0.0:0.0.0.0.0:0.0:0:0.0.0.0.0:0.0:0:0.0.0.0.0:0.0:0.0.0.0.0:0.0.0:0 UDP 0.0.0.0:1047 0.0.0.0: 0 Explanation, Active Connections refers to the current active activity connection. Proto is the protocol name of the connection, local address is the IP address of the local computer and the port number that is being used. Foreign address is the IP of the remote computer connected to the port. The address and port number, State is the state indicating the TCP connection, and you can see the listening port of the latter three lines is the UDP protocol, so there is no state represented by the State. Look! My machine's 7626 port has been opened, listening to the connection, like this is very likely that it has been infected with the ice river! Running a network, killing viruses with anti-virus software is the right practice.
2. Working under Windows2000 The FPORT uses Windows2000's friends to be more fortunate than using Windows 9x, because you can use the fPort program to display the correspondence between the local open port and the process. FPORT is a software for all Open TCP / IP and UDP ports in the system, as well as software such as all open TCP / IP and UDP ports, and their corresponding paths such as the full path, PID identity, process names and other information. Used in the command line, please see example: d: /> fport.exe fport v1.33 - tcp / ip process to port mapper copyright 2000 by Foundstone, Inc. http://www.foundstone.com Pid Process Port Proto Path 748 TCPSVCS -> 7 TCP C: / Winnt / System32 / TCPSVCS.EXE 748 TCPSVCS -> 9 TCP C: /Winnt/System32/tcpsvcs.exe 748 TCPSVCS -> 19 TCP C: /Winnt/System32/tcpsvcs.exe 416 svchost -> 135 TCP C: /Winnt/system32/svchost.exe is not a place. At this way, what is the procedure of each port is open under your eyelids. If there is a suspicious program to open a suspicious port, you can don't do it, maybe it is a sly Trojan! The latest version of FPORT is 2.0. Downloads in many websites, but for security, it is best to go to its hometown: http://www.foundstone.com/knowledge/zips/fport.zip3. Timatics Tools similar to the fport function Active Ports Active Ports produced for SmartLine, you can use all the open TCP / IP / UDP ports of your computer, not only you can display all your ports, and display the path where all ports correspond to the path, local IP and far End IP (trying to connect your computer IP) is active. Is it very intuitive? What's better is that it also provides a function of closing the port. When you use it to discover the port of Trojans, you can close the port immediately. This software is working under the Windows NT / 2000 / XP platform. You can get it at http://www.smartline.ru/software/aports.zip. In fact, users who use Windows XP do not have to obtain the correspondence between port and process without having to use other software, because the netstat commands belled by Windows XP have more o parameters than the previous version. Use this parameter to derive the port and process. Come.
The above introductions have several ways to view local open ports, and port and process correspondence. Through these methods, it is easy to discover TCP / UDP protocol, I hope to help you. However, if the Trojan is preventing, and if you encounter the rebound port Trojan, use the new Trojan made by the driver and dynamic link library technology, it is difficult to find the traces of Trojans. So we must develop good Internet habits, don't run an attachment in the email, install a set of anti-virus software, like Rising in China, is a good helper for killing viruses and Trojans. Software downloaded from the Internet first checked again with anti-virus software, open the network firewall and virus real-time monitoring when online, protect your own machine, not being invaded.
Author Blog:
http://blog.9cbs.net/lithe/
