Each open network port on your computer is a potential security
vulnerability. Fortunately, there's a way to scan
your computer for open ports so you know which holes to patch. Start
by opening a command prompt window (cmd.exe) and
running utility by typing netstat
/a
/o
. The Active Connections
utility displays its information in these five columns:
Column |
Description |
---|---|
Proto |
This will be either TCP or UDP, representing the protocol being used. |
Local Address |
This column has two components: the computer name and either a port number or the name of a service. |
Foreign Address |
For active connections, you'll see the name or IP address of the remote machine, followed by the port number. For inactive connections (showing only the open ports), you'll typically see only *:*. |
State |
This shows the state of the connection (TCP ports only). For server processes, you'll usually see LISTENING here, signifying that the process has opened the port and is waiting for an incoming connection. For connections originating from your computer, such as a web browser downloading a page or an active Telnet session, you'll see ESTABLISHED here. |
PID |
This is the Process Identifier of the application or service that is responsible for opening the port; see the rest of this section for help with matching up the PID with an application or process. |
Don't be alarmed if you see a lot of open ports. Just make sure you thoroughly track down each one, making sure it doesn't pose a security threat.
Netstat shows the PID of running programs that have opened ports, but not the application names. To find out more, open Task Manager (launch taskmgr.exe or right-click an empty area of your taskbar and select Task Manager), and choose the Processes tab. If you don't see a column labelled PID, go to View → Select Columns, turn on the PID (Process Identifier) option, and click OK. Finally, turn on the Show processes from all users option at the bottom of the Windows Task Manager window. You can then sort the listing by PID by clicking the PID column header. The program filename is shown in the Image Name column.
When your web browser or email program connects to another computer on the Internet, it does so through a TCP/IP port. If you have a web server or FTP server running on your computer, it opens a port to which other computers can connect. Port numbers are used to distinguish one network service from another.
A firewall uses ports (listed in the following table) to form its rules about which types of network traffic to allow, and which to prohibit. And the Active Connections utility, described previously, allows you to uncover vulnerabilities in your system using ports.
Some firewalls make a distinction between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) ports, which is typically unecessary. In most cases, programs that use the more common TCP protocol will use the same port numbers as their counterparts that use the less-reliable UDP protocol.
Port |
Description |
---|---|
21 |
FTP (File Transfer Protocol) |
22 |
SSH (Secure Shell) |
23 |
Telnet |
25 |
SMTP (Simple Mail Transfer Protocol), used for sending email |
43 |
WhoIs |
53 |
DNS (Domain Name Server), used for looking up domain names |
79 |
Finger |
80 |
HTTP (Hyper Text Transfer Protocol), used by web browsers to download standard web pages |
110 |
POP3 (Post Office Protocol, Version 3), used for retreiving email |
119 |
NNTP (Network News Transfer Protocol), used for newsgroups |
123 |
NTP (Network Time Protocol), used for XP's Internet Time feature |
143 |
IMAP4 (Internet Mail Access Protocol Version 4) |
220 |
IMAP3 (Internet Mail Access Protocol Version 3) |
443 |
HTTPS (HTTP over TLS/SSL), used by web browsers to download secure web pages |
445 |
File sharing for Microsoft Windows networks |
563 |
NNTPS (Network News Transfer Protocol over SSL), used for secure newsgroups |
1701 |
VPN (Virtual Private Networking) over L2TP |
1723 |
VPN (Virtual Private Networking) over PPTP |
3389 |
Remote Desktop Sharing (Microsoft Terminal Services) |
580x 590x |
VNC (Virtual Network Computing) |
6699 |
Peer-to-peer file sharing, used by Napster-like programs |