UGN Security
Posted By: Spyrios real Newb Question - 03/20/04 09:42 PM
ok i have googled and searched but maybe i'm just not that good yet. can some on please tell me how i can see a list of my ports open and otherwise? is it a command line thing or is there a way to see from within windows. i run xp home on my desk and pro on my laptop.
Posted By: Infinite Re: real Newb Question - 03/21/04 02:40 AM
netstat -an

smile
Posted By: Spyrios Re: real Newb Question - 03/21/04 03:29 AM
um maybe i googled it wrong but that shows me analog-x website and the utility just shows me how fast my modem is going? can you clarify?
Posted By: Ghost Re: real Newb Question - 03/21/04 04:32 AM
Infinite wants you to type that into the command line, not search for it with google. wink
Posted By: §intå× Re: real Newb Question - 03/21/04 05:57 AM
In DOS or cmd line.. Let me back up. Windows NT 4.0, Windows 2000, and Windows XP do not have DOS. They have a command line that looks a hell of a lot like DOS. Windows 95, 98, ME have DOS. For the point of this disscusion DOS and commandline are the same thing.(Even though they really are not)

The netstat DOS help file is shown below

Quote:

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the -p option may be used to specify
a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
The letters you see are known as switches or attributes. Each one dose something different. You can combine them to spit out even more info.
Play with the switches a bit and you will see al kinds of good info.

I think you might find netstat -s useful
Posted By: Spyrios Re: real Newb Question - 03/21/04 06:37 AM
outstanding info. For the first time ever since my curiosity in programming a computing was peaked again, i got staright friendly answers that made sense, without the flame. you guys rock. ty. and i gues that's why googling it didn't work. another thing where is the documentation on that sin? so i don't have to ask about comannd line stuff. as for the difference Between the command line and DOS, i'll google it smile
Posted By: §intå× Re: real Newb Question - 03/21/04 06:44 AM
just type in

"netstat -h"

in the command line. I do not mind helping you out because you didn't come in here asking stupid questions. I do flame people. But they usally ask stuff like, How do I hack hotmail or can anyone help me get free adult content. You seek knowledge and are willing to work for it. That will get you help in here real fast. That is why most of the long standing members are here.
Posted By: Ghost Re: real Newb Question - 03/21/04 06:46 AM
You can also use "command/?" to display help information:
Code
C:\>netstat/?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

  -a            Displays all connections and listening ports.
  -e            Displays Ethernet statistics. This may be combined with the -s
                option.
  -n            Displays addresses and port numbers in numerical form.
  -o            Displays the owning process ID associated with each connection.
  -p proto      Shows connections for the protocol specified by proto; proto
                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
                option to display per-protocol statistics, proto may be any of:
                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  -r            Displays the routing table.
  -s            Displays per-protocol statistics.  By default, statistics are
                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
                the -p option may be used to specify a subset of the default.
  interval      Redisplays selected statistics, pausing interval seconds
                between each display.  Press CTRL+C to stop redisplaying
                statistics.  If omitted, netstat will print the current
                configuration information once.
"command help" also works:
Code
C:\>netstat help

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

  -a            Displays all connections and listening ports.
  -e            Displays Ethernet statistics. This may be combined with the -s
                option.
  -n            Displays addresses and port numbers in numerical form.
  -o            Displays the owning process ID associated with each connection.
  -p proto      Shows connections for the protocol specified by proto; proto
                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
                option to display per-protocol statistics, proto may be any of:
                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  -r            Displays the routing table.
  -s            Displays per-protocol statistics.  By default, statistics are
                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
                the -p option may be used to specify a subset of the default.
  interval      Redisplays selected statistics, pausing interval seconds
                between each display.  Press CTRL+C to stop redisplaying
                statistics.  If omitted, netstat will print the current
                configuration information once.


C:\>
heh Damn_newb, sintax is one of the most knowledgeable members here. He only flames when someone needs to be flamed. This wasnt a stupid question like he said. Also, about searching google for information on commands, type them in quotes like this:
Code
"netstat -an"
That acctually searches for the command, as well as the -an flag. In google, typing "-an" after something will mean that you dont want to return results that contain "an". Putting it in quotes searches for the exact string of text.
Posted By: Spyrios Re: real Newb Question - 03/21/04 07:03 AM
well look at that, that was something i half knew, i knew anout the quotes for exact matches but not about the minus thing. and i typed it in and sure enough there it was and even how to read what i pulled up, woot.(oops gamer)
Posted By: §intå× Re: real Newb Question - 03/21/04 10:24 AM
Quote:

heh Damn_newb, sintax is one of the most knowledgeable members here.
Not realy. I am a jack of many trades but master of none. There are peeps I look up to in here. JC, Gizzy, Pergesu, tbg... the list goes on and on. I know some webdevelopment and a bit about telco datanetworks. Outside of that I am a n00b in many areas.
Posted By: Gremelin Re: real Newb Question - 03/21/04 10:34 AM
You look up to, me? Awwe!
Posted By: §intå× Re: real Newb Question - 03/22/04 05:14 AM
Nah man, there is this dude named Gizzy. You're Gizmo.

*sniker*
Posted By: Gremelin Re: real Newb Question - 03/22/04 05:43 AM
ahh, that [censored].. I hear you can buy him off with a couple fifths of vodka...
Posted By: §intå× Re: real Newb Question - 03/22/04 06:17 AM
Heh, dude you owned me... I kinda have to look up by default. However I do anyway. You have skillz, Plus you saved UGN.
Posted By: Gremelin Re: real Newb Question - 03/22/04 06:41 AM
Wasn't too hard to own you and pull your dox; that plus your board sucked like hell wink ...
Posted By: §intå× Re: real Newb Question - 03/22/04 12:14 PM
yea yea. stupid whois search. I left xnull over a year ago. The same company who makes YABB. I get emails all the time saying we are sorry we were hacked again. They haven't even updated thier mailing list. Thier security blows. Service sucks. Live and learn. Not the peeps I have now rock. I call 24/7 I get a live body and the issue is fixed in 5 minutes. Live and learn
Posted By: Gremelin Re: real Newb Question - 03/22/04 12:42 PM
Yeh, your ISP sucked too wink ... Dear god they sucked... Well, you learned that UBB is god if you have the cash for it wink ...
Posted By: rae_rae Re: real Newb Question - 05/20/04 02:22 PM
for future reference if i may, go to :[link removed].
this program will do alot of the work for you.
Posted By: §intå× Re: real Newb Question - 05/20/04 10:02 PM
You post was just

SHUT DOWN

heh
Posted By: Gremelin Re: real Newb Question - 05/20/04 10:15 PM
wink ...

If theres one thing that pisses me off more than anything it's when people register just to promote a site in a post...
Posted By: §intå× Re: real Newb Question - 05/20/04 11:06 PM
Yea, Like if I came on her and advertised my site .
Posted By: Gremelin Re: real Newb Question - 05/21/04 11:30 AM
yeh but you're differant, we at least like you
Posted By: §intå× Re: real Newb Question - 05/26/04 02:23 AM
Ahhhh. Thanks guys! Oh I will pay you early this month to keep saying stuff like that.
Posted By: Gremelin Re: real Newb Question - 05/26/04 05:56 AM
pay me?
Posted By: §intå× Re: real Newb Question - 05/26/04 11:49 AM
Shhh, friendship dues.
Posted By: Gremelin Re: real Newb Question - 05/26/04 09:27 PM
yey!
Posted By: hyperx. Re: real Newb Question - 05/27/04 12:28 PM
..yeah..
netstat -an
......................... :s

-hyperx
Posted By: weeve Re: real Newb Question - 05/27/04 03:55 PM
um....

http://scan.sygatetech.com/

and

http://www.google.com/search?sourceid=navclient...=UTF-8&q=online+port+scan

hehehe...that's always easier. Or nmap/saint/satan if your a linux user...just thought I'd say. Netstat for me, is getting old, I like it when people reinvent the wheel. As has been done, in revolutions since long before even written glyphs.
Posted By: Red Mage Re: real Newb Question - 06/10/04 02:33 AM
On a related note: Anyone have a list of what programs use which ports? And which ports you don't want open? Also how to close them..

EDIT: I heard that port 5000 is a trojan port, and my computer is listening to it. What's it actually for?
Posted By: §intå× Re: real Newb Question - 06/10/04 03:16 AM
http://www.iana.org/assignments/port-numbers


Heh, now study the TCP/IP protocols on the ports you have questions about. No port is reserved for a trojan. A trojan may use a specific port but when the brain trust developed TCP/IP protocol suit they did not say lets reserve port XXXX for a trojan

commplex-main 5000/tcp
commplex-main 5000/udp


Looks like port 5000 can be used with TCP or UDP

RFC 739 TCP(TRANSMISSION CONTROL PROTOCOL)
ftp://ftp.rfc-editor.org/in-notes/rfc793.txt


RFC 768 UDP(User Datagram Protocol)
ftp://ftp.rfc-editor.org/in-notes/rfc768.txt

Think of TCP and UDP as similar but different protocols. Also study the OSI modle. Here is a basic TCP/IP protocol stack in relation to the OSI model [Linked Image]

As you can see both UDP and TCP are on the transport layer of the OSI modle. This is because they are both used for transport. Read and understand what I just gave you and you will have better questions to ask.

If you want to learn to network security.. Study the TCP/IP prtocol stack. Everything you do in a network involves at least several protocols. Learn how the work. How networking in general works. What each layer of the OSI modle describes. How the TCP/IP modle stack is laid out *When authentication starts* Oh and here is where number systems come in handy...
Posted By: Gremelin Re: real Newb Question - 06/10/04 05:32 AM
in a nut shell; anything can run on any ports; just some are more common than others.
Posted By: Red Mage Re: real Newb Question - 06/10/04 08:45 AM
Spanky.. I'll look into that.
Gizmo: You make sense :p
Posted By: Gremelin Re: real Newb Question - 06/10/04 09:57 AM
I made perfect sense. Any program can open a port, the ports aren't assigned to anything, a program can run on any port it wants; just some ports have more common services running on it than others...

21 is known for FTP because most FTP clients run on it, hence 21 is most commonly used for FTP, however if you don't have an FTP server you can run a program on that same port and accept connections. With FTP servers also you can tell it to listen on any other port, even 25 which is for SMTP...
Posted By: §intå× Re: real Newb Question - 06/10/04 12:34 PM
Just read it. TCP and UDP are the transport protocols for most everything you do on the net. Do you know what level/layer the authentication starts yet?
© UGN Security Forum