Scanning Your System for Open Ports

by Barry Dysert
(last updated May 12, 2014)

5

Before we talk about scanning your system for open ports, I think we would benefit from a brief overview of ports in general. A port is an access point on an IP address that an application can use for communicating with an application on another network device. An analogy for a port is a particular unit number in an apartment building. The address of the apartment building is like the IP address, and each unit in it has its own "port number."

There are two types of ports: TCP and UDP. TCP stands for "Transmission Control Protocol." Under TCP, when computers want to exchange information a link is established from one computer to the other, and that link remains open for the duration of the exchange. Once the exchange is finished, the link is then disconnected.

UDP stands for "User Datagram Protocol." Under UDP, when computers want to exchange information, the sending computer wraps the data into a package, and the package is dropped onto the network, addressed to the receiving computer. Devices in between the sender and receiver take on the task of relaying the package to its ultimate destination.

Each type of port is numbered from 0 through 65535 (that would make for quite a large apartment building!). You can see what ports your system has open by using the netstat command line utility. The netstat command accepts several switches, but I typically specify "-aon". These switches cause the utility to display all connections and listening ports in numerical form, including the owning process ID associated with each connection. The following shows the partial output of executing the command "netstat -aon":

Proto  Local Address       Foreign Address      State           PID
TCP    0.0.0.0:4242        0.0.0.0:0            LISTENING       1896
TCP    0.0.0.0:5357        0.0.0.0:0            LISTENING       4
TCP    0.0.0.0:5500        0.0.0.0:0            LISTENING       5920
TCP    0.0.0.0:9090        0.0.0.0:0            LISTENING       1372
TCP    0.0.0.0:9998        0.0.0.0:0            LISTENING       4460
TCP    0.0.0.0:11456       0.0.0.0:0            LISTENING       1612
TCP    0.0.0.0:17500       0.0.0.0:0            LISTENING       2540
TCP    0.0.0.0:30101       0.0.0.0:0            LISTENING       4460
TCP    0.0.0.0:47232       0.0.0.0:0            LISTENING       2940
TCP    0.0.0.0:47233       0.0.0.0:0            LISTENING       4
TCP    0.0.0.0:49732       0.0.0.0:0            LISTENING       4
TCP    0.0.0.0:49735       0.0.0.0:0            LISTENING       4
TCP    127.0.0.1:1051      127.0.0.1:5354       ESTABLISHED     1824
TCP    127.0.0.1:1052      127.0.0.1:5354       ESTABLISHED     1824
UDP    0.0.0.0:3702        *:*                                  2180
UDP    0.0.0.0:4500        *:*                                  1120
UDP    0.0.0.0:5355        *:*                                  1500
UDP    0.0.0.0:17500       *:*                                  2540
UDP    0.0.0.0:53301       *:*                                  1704
UDP    0.0.0.0:60429       *:*                                  1096
UDP    0.0.0.0:60431       *:*                                  1096
UDP    0.0.0.0:60959       *:*                                  2180
UDP    0.0.0.0:64927       *:*                                  1612
UDP    127.0.0.1:1900      *:*                                  2180
UDP    127.0.0.1:49307     *:*                                  5784
UDP    127.0.0.1:49308     *:*                                  5784
UDP    127.0.0.1:52417     *:*                                  5684
UDP    127.0.0.1:53299     *:*                                  1824
UDP    127.0.0.1:53300     *:*                                  1824
UDP    127.0.0.1:57665     *:*                                  804
UDP    127.0.0.1:58065     *:*                                  1120
UDP    127.0.0.1:60428     *:*                                  2180
UDP    127.0.0.1:60977     *:*                                  1500

The first column indicates whether the port is using TCP or UDP. The second column gives the IP:port address on the local machine. The third column gives the IP:port address on the remote machine. The last two columns indicate the state of the connection and the process ID of the process using the port.

 This tip (9986) applies to Windows 7 and 8.

Author Bio

Barry Dysert

Barry has been a computer professional for over 30 years, working in different positions such as technical team leader, project manager, and software developer.  He is currently a senior software engineer with an emphasis on developing custom applications under Microsoft Windows. ...

MORE FROM BARRY

Understanding and Changing AutoPlay Settings

You can configure Windows to perform some tasks automatically. This includes telling it what to do whenever Windows detects ...

Discover More

Adjusting Display Magnification

Sometimes our eyes fail us, or what we're trying to read is just too small to make out comfortably. Fortunately, Windows ...

Discover More

Using Flip 3D

Flip 3D is an Aero feature that allows you to cycle through your active windows in three dimensions. Because they are "live" ...

Discover More
More WindowsTips

Moving Your Downloads Folder

If you're on the Internet a lot, chances are you do a lot of downloading. By default, your Downloads folder is on your C: ...

Discover More

Using the Hosts File to Block Content

Although there are better methods, you can use the Hosts file to block access to specific websites. This tip tells you how.

Discover More

Figuring Out Your IP Address

If you computer communicates over a network or over the Internet, it uses an IP address. This tip explains what an IP address ...

Discover More
Subscribe

FREE SERVICE: Get tips like this every week in WindowsTips, a free productivity newsletter. Enter your address and click "Subscribe."

View most recent newsletter.

Comments

If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] in your comment text. You’ll be prompted to upload your image when you submit the comment. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

What is nine minus 5?

2014-08-08 06:46:32

Coaster

If you type (copy & paste) this into Administrative Level Command line, you'll be able to have it scan (record) the ports for the data.

netstat -abf 5 > activity.txt

Do this for two (2) minutes and then press "Ctrl + C" to stop the process. Then open Notepad (or any text editor) and Paste the results in it.

It will look exactly like this author has shown. Then with that data, compare your activity results with his and/or do a search on your search browser of choice to find out who and what that port goes to.


2014-05-13 05:27:55

Neil Lomas

Thanks, Barry


2014-05-12 08:09:59

Barry

Neil,

You'll need to invoke the command from the Command Line to get it to stay on the screen. To get to the command line, click Start and type (without quotes) "cmd" <Enter>. This will open a new window. Into that window you can type the "netstat -aon" command.


2014-05-12 06:24:42

Neil Lomas

I tried this, typing "netstat -aon" in the box at the bottom of the window that opens when you click the Start button.
It opened a window, filled it with something that looked like the example given, then closed the window again, all in about half a second.
How do I actually get it to stay on screen long enough to read it?


2014-05-12 04:42:11

Jim McPhail

I like the analogy. Thanks.


Newest Tips
Subscribe

FREE SERVICE: Get tips like this every week in WindowsTips, a free productivity newsletter. Enter your address and click "Subscribe."

(Your e-mail address is not shared with anyone, ever.)

View the most recent newsletter.