Shulou(Shulou.com)06/01 Report--

I. explanation of the status of the server port

Server side, the state change of the port

First configure the FTP service on this machine (IP address: 192.168.1.10), and then access the FTP service on other computers (IP address: 192.168.1.1) to see the port state change from TCPView.

1. LISTENING status

The FTP service is first in the LISTENING state after it starts.

When State shows LISTENING, it means that the port is listening, which means that the port is open, waiting to connect, but not yet connected. Just like the door of your house is open, but no one has come in yet.

From the TCPView, you can see how the native FTP is open. It means: the program inetinfo.exe opens port 21, and the default port of FTP is 21, which shows that the FTP service is open locally. It is currently in a listening state.

Inetinfo.exe:1260 TCP 0.0.0.0:21 0.0.0.0:0 LISTENING

2. ESTABLISHED status

Now access the FTP service of 192.168.1.10 from the computer 192.168.1.1. In the local TCPView, you can see that the port status has changed to ESTABLISHED.

ESTABLISHED means to establish a connection. Indicates that the two machines are communicating.

The following shows that the native FTP service is being accessed by 192.168.1.1 this computer.

Inetinfo.exe:1260 TCP 192.168.1.10:21 192.168.1.1:3009 ESTABLISHED

Note: pay special attention to a connection in the ESTABLISHED state, as it may not be a normal connection. We will talk about this later.

3. TIME_WAIT status

Now the computer ends accessing the FTP service of 192.168.1.10 from 192.168.1.1. In the local TCPView, you can see that the port status has changed to TIME_WAIT.

TIME_WAIT means to end the connection. It indicates that port 21 has been accessed, but the access is over.

[System Process]: 0 TCP 192.168.1.10:21 192.168.1.1:3009 TIME_WAIT

4. Tips

A, you can telnet an open port to observe the changes of the port. For example, look at port 1025, which is open and runs in the command state (see figure 1 running cmd):

Telnet 192.168.1.10 1025

B, it can also be tested from this machine, but it shows that this machine is connected with the local machine.

C, double-click the connection in Tcpview to see the location of the program, right-click on the connection, select End Process to end the connection.

II. Interpretation of client port status

Client, state change of port

The customer port is actually the source port opened when accessing other computer services from the local computer, and the most common application is to surf the Internet. let's take visiting Baidu as an example to see how the port is open and the state changes.

1. SYN_SENT status

SYN_SENT status means to request a connection. When you want to access the services of other computers, you must first send a synchronization signal to the port. At this time, the status is SYN_SENT. If the connection is successful, it becomes ESTABLISHED. The SYN_SENT status is very short. But if you find that there is a lot of SYN_SENT and is sending it to different machines, your machine may be hit by a virus such as shock wave or shock wave. In order to infect other computers, this kind of virus scans other computers and sends out synchronization requests to each computer to be scanned in the process, which is why there are many SYN_SENT.

The following shows the starting state of the local connection to the Baidu website. If your network is normal, it will soon become the connection state of ESTABLISHED.

IEXPLORE.EXE:2928 TCP 192.168.1.10:1035 202.108.250.249:80 SYN_SENT

2. ESTABLISHED status

What is shown below is that this machine is visiting the Baidu website. If you visit a website with a lot of content, such as visiting Tianji, you will find that an address has a lot of ESTABLISHED, which is normal, and each content in the site, such as pictures, flash, etc., should establish a separate connection. When looking at the ESTABLISHED status, be sure to pay attention to whether the connection is initiated by the IEXPLORE.EXE program (IE). If the connection is initiated by a program such as EXPLORE.EXE, it may be in your computer.

IEXPLORE.EXE:3120 TCP 192.168.1.10:1045 202.108.250.249:80 ESTABLISHED

3. TIME_WAIT status

If you finish browsing the web, it becomes TIME_WAIT.

[System Process]: 0 TCP 192.168.1.10:4259 202.108.250.249:80 TIME_WAIT

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.