Help me understand netstat output

thatsashok · Jan 29, 2012

Guys i was searching online for ways to find open ports in a network and i saw some people suggesting netstat from windows cmd

Code:

netstat - a

and i got the following output

Code:

Active Connections

  Proto  Local Address		  Foreign Address		State

  TCP	0.0.0.0:135			root-PC:0			  LISTENING

  TCP	0.0.0.0:445			root-PC:0			  LISTENING

  TCP	0.0.0.0:2869		   root-PC:0			  LISTENING

  TCP	0.0.0.0:9999		   root-PC:0			  LISTENING

  TCP	0.0.0.0:17500		  root-PC:0			  LISTENING

  TCP	0.0.0.0:49152		  root-PC:0			  LISTENING

  TCP	0.0.0.0:49153		  root-PC:0			  LISTENING

  TCP	0.0.0.0:49154		  root-PC:0			  LISTENING

  TCP	0.0.0.0:49155		  root-PC:0			  LISTENING

  TCP	0.0.0.0:49158		  root-PC:0			  LISTENING

  TCP	127.0.0.1:5939		 root-PC:0			  LISTENING

  TCP	127.0.0.1:5940		 root-PC:0			  LISTENING

  TCP	127.0.0.1:19872		root-PC:49198		  ESTABLISHED

  TCP	127.0.0.1:49156		root-PC:49157		  ESTABLISHED

  TCP	127.0.0.1:49157		root-PC:49156		  ESTABLISHED

  TCP	127.0.0.1:49198		root-PC:19872		  ESTABLISHED

  TCP	127.0.0.1:50010		root-PC:0			  LISTENING

  TCP	127.0.0.1:52560		root-PC:0			  LISTENING

  TCP	127.0.0.1:52560		root-PC:52561		  ESTABLISHED

  TCP	127.0.0.1:52561		root-PC:52560		  ESTABLISHED

  TCP	192.168.67.25:139	  root-PC:0			  LISTENING

  TCP	192.168.67.25:2869	 Matin:10955			ESTABLISHED

  TCP	192.168.67.25:2869	 mevin-PC:59579		 TIME_WAIT

  TCP	192.168.67.25:2869	 mevin-PC:59587		 ESTABLISHED

  TCP	192.168.67.25:52515	ABTS-KK-Static-033:https  CLOSE_WAIT

  TCP	192.168.67.25:52516	ABTS-KK-Static-033:https  CLOSE_WAIT

  TCP	192.168.67.25:52525	nx-in-f125:5222		ESTABLISHED

  TCP	192.168.67.25:52529	bom03s02-in-f12:http   ESTABLISHED

  TCP	192.168.67.25:52532	www-14-05-prn1:https   ESTABLISHED

  TCP	192.168.67.25:52537	bom03s02-in-f22:https  ESTABLISHED

  TCP	192.168.67.25:52559	channel-ia-13-01-snc7:https  ESTABLISHED

  TCP	192.168.67.25:52593	sjc-not1:http		  ESTABLISHED

  TCP	192.168.67.25:52621	ec2-107-20-249-238:https  CLOSE_WAIT

  TCP	192.168.67.25:52669	58.27.86.235:http	  CLOSE_WAIT

  TCP	192.168.67.25:52984	www-10-01-prn1:https   ESTABLISHED

  TCP	192.168.67.25:53016	www:http			   TIME_WAIT

  TCP	192.168.67.25:53018	www:http			   TIME_WAIT

  TCP	192.168.67.25:53019	www:http			   TIME_WAIT

  TCP	192.168.67.25:53020	www:http			   TIME_WAIT

  TCP	192.168.67.25:53021	www:http			   TIME_WAIT

  TCP	192.168.67.25:53052	www:http			   TIME_WAIT

  TCP	192.168.67.25:53086	www-10-02-snc5:https   ESTABLISHED

  TCP	192.168.67.25:53091	203.106.85.208:https   TIME_WAIT

  TCP	192.168.67.25:53092	58.27.86.56:https	  CLOSE_WAIT

  TCP	192.168.67.25:53093	203.106.85.208:https   TIME_WAIT

  TCP	192.168.67.25:53094	203.106.85.208:https   TIME_WAIT

  TCP	192.168.67.25:53095	203.106.85.208:https   TIME_WAIT

  TCP	192.168.67.25:53096	203.106.85.208:https   TIME_WAIT

  TCP	192.168.67.25:53097	58.27.86.56:https	  CLOSE_WAIT

  TCP	192.168.67.25:53099	a125-252-235-206:https  ESTABLISHED

  TCP	192.168.67.25:53108	www-10-02-snc5:http	ESTABLISHED

  TCP	192.168.67.25:53111	bom03s02-in-f25:http   ESTABLISHED

  TCP	192.168.67.25:53112	95.100.47.139:http	 TIME_WAIT

  TCP	192.168.67.25:53113	a184-85-154-34:https   TIME_WAIT

  TCP	192.168.67.25:53114	fa-in-f138:http		ESTABLISHED

  TCP	192.168.67.25:53122	api-read-11-01-prn1:http  ESTABLISHED

  TCP	192.168.67.25:53124	bom03s02-in-f8:https   ESTABLISHED

  TCP	192.168.67.25:53126	www-10-02-snc5:http	ESTABLISHED

  TCP	192.168.67.25:53147	api-read-15-02-snc4:https  ESTABLISHED

  TCP	192.168.67.25:53154	58.27.22.91:http	   TIME_WAIT

  TCP	192.168.67.25:53155	58.27.22.91:http	   TIME_WAIT

  TCP	192.168.67.25:53181	channel-ia-13-01-snc7:https  ESTABLISHED

  TCP	192.168.67.25:53182	channel-ia-13-01-snc7:https  ESTABLISHED

  TCP	192.168.67.25:53199	star-16-02-ash3:https  ESTABLISHED

  TCP	192.168.67.25:53204	bom03s02-in-f5:https   ESTABLISHED

  TCP	192.168.67.25:53211	fa-in-f94:http		 ESTABLISHED

  TCP	192.168.67.25:53212	fa-in-f94:http		 ESTABLISHED

  TCP	192.168.67.25:53213	nx-in-f94:http		 ESTABLISHED

  TCP	192.168.67.25:53214	www-14-01-prn1:https   ESTABLISHED

  TCP	192.168.67.25:53220	keepalive:http		 ESTABLISHED

  TCP	[::]:135			   root-PC:0			  LISTENING

  TCP	[::]:445			   root-PC:0			  LISTENING

  TCP	[::]:2869			  root-PC:0			  LISTENING

  TCP	[::]:49152			 root-PC:0			  LISTENING

  TCP	[::]:49153			 root-PC:0			  LISTENING

  TCP	[::]:49154			 root-PC:0			  LISTENING

  TCP	[::]:49155			 root-PC:0			  LISTENING

  TCP	[::]:49158			 root-PC:0			  LISTENING

  UDP	0.0.0.0:68			 *:*				  

  UDP	0.0.0.0:500			*:*				  

  UDP	0.0.0.0:1434		   *:*				  

  UDP	0.0.0.0:4500		   *:*				  

  UDP	0.0.0.0:5355		   *:*				  

  UDP	0.0.0.0:17500		  *:*				  

  UDP	127.0.0.1:1233		 *:*				  

  UDP	127.0.0.1:1900		 *:*				  

  UDP	127.0.0.1:60041		*:*				  

  UDP	127.0.0.1:62405		*:*				  

  UDP	192.168.67.25:137	  *:*				  

  UDP	192.168.67.25:138	  *:*				  

  UDP	192.168.67.25:1900	 *:*				  

  UDP	192.168.67.25:62404	*:*				  

  UDP	[::]:500			   *:*				  

  UDP	[::]:1434			  *:*				  

  UDP	[::]:4500			  *:*				  

  UDP	[::]:5355			  *:*				  

  UDP	[::1]:1900			 *:*				  

  UDP	[::1]:62403			*:*				  

  UDP	[fe80::3049:b35:8430:290b%13]:546  *:*				  

  UDP	[fe80::3049:b35:8430:290b%13]:1900  *:*				  

  UDP	[fe80::3049:b35:8430:290b%13]:62402  *:*

I tried to understand but cannot make out much from it. How do i know which ports are open, closed etc.

Also i do not find any regular ports like 80, 443, 21 etc showing up in the output.

Is this tool good enough or should i use another one. If so suggest me one.

Thanks in advance.

kekerode · Jan 29, 2012

"netstat -a" command will show active ports of the system on which it ran ... you can't judge whole network to which you are connected from just this command

Ports 80,443,21,22 etc are not here in output because you are not running any prog/service which is using them on your system

dinjo · Jan 30, 2012

Read doc on netstat.

[font=lucida sans unicode,lucida grande,sans-serif]netstat -anobv

Will show every onfo you need/[/font]

thatsashok · Jan 30, 2012

kekerode said:
"netstat -a" command will show active ports of the system on which it ran ... you can't judge whole network to which you are connected from just this command

Ports 80,443,21,22 etc are not here in output because you are not running any prog/service which is using them on your system

I did not know that. Thanks for the info

dinjo said:
Read doc on netstat.

[font=lucida sans unicode,lucida grande,sans-serif]netstat -anobv

Will show every onfo you need/[/font]

I am getting an error like this when i tried to execute that command. BTW i am using Administrator account on Win 7

Code:

The requested operation requires elevation.

Update :Ya ran the command again and got the ouput and it shows which application is using which port

guneshwor · Jan 30, 2012

thatsashok said:
I did not know that. Thanks for the info

I am getting an error like this when i tried to execute that command. BTW i am using Administrator account on Win 7

Code:

The requested operation requires elevation.

Update :Ya ran the command again and got the ouput and it shows which application is using which port

Use Run as Administrator while opening the command prompt.

pratulk09 · Feb 21, 2012

click start --> All Programs --> Accessories --> Command Prompt, right click and use run as administrator to open command prompt as administrator. Also notice that after you open cmd prompt as administrator then the path will be "C:\Windows\system32".

Help me understand netstat output

thatsashok

kekerode

dinjo

Hell Yeah[Born Critic]

thatsashok

guneshwor

pratulk09