How to find which application is using which port in cmd(netstat).
Solution:- I know that netstat is command to shows IP Address and Ports which we are trying to connecting or connected. but don't know the exact syntax to collect continuous log from the host.
I read out netstat --help option to summarize the syntax which i am going to use.
Goto Run and type CMD, the black dialog box will be opened and type the below command on the command prompt
netstat -help
Result will be display like below
C:\Users\Administrator>netstat -help
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-f Displays Fully Qualified Domain Names (FQDN) for foreign
addresses.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-t Displays the current connection offload state.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
After reading the help manual i got some idea how to get continuous log to monitor the Ports and IP details that i would like to share with you guys.
This is the command to find out the network transaction.
Numeric 1 is a tricky to get continuous log
C:\Users\Administrator>netstat -an 1
This is the command to find ESTABLISHED connection is between source and application with port.
C:\Users\Administrator>netstat -an 1 | find "ES"
This is the command to find LISTENING connection is between source and application with port.
C:\Users\Administrator>netstat -an 1 | find "LISTENING"
This is the command to find out TIME_WAIT connection is between source and application with port.
C:\Users\Administrator>netstat -an 1 | find "TIME_WAIT"
This is the command to find SYN connection is between source and application with port.
C:\Users\Administrator>netstat -an 1 | find "SYN_SENT"
C:\Users\Administrator>netstat -an 1 | find "SYN_RECVIED"
This is the command to find TCP connection is between source and application with port.
C:\Users\Administrator>netstat -p TCP
This is the command to find UDP connection is between source and application with port.
C:\Users\Administrator>netstat -p UDP
This is the command to find particular port between source and application with port.
Syntax:-netstat -aon | findstr [Your Port]
Example:-
C:\Users\Administrator>netstat -aon | findstr 3389
This is the command to listen the network transaction between source and destination by using this command we find out the malicious activity such as data collection (keylogger) or something else.
C:\Users\Administrator>netstat -b -a 1
This is the syntax to save the output into log file.
C:\Users\Administrator>netstat -an 1 >c:\port.txt
More commands please read help option.:)
I hope this information is useful for you. Please forgive any typos or incomplete sentences.
0 comments:
Post a Comment