Shulou(Shulou.com)06/01 Report--

This article mainly explains "DOS View Port Command Collection". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Next let the editor to take you to learn the "DOS View Port Command Daquan"!

View Port command: to view ports in Windows 2000/XP/Server 2003, you can use the Netstat command:

Click "start → run", type "cmd" and enter to open a command prompt window. Type "netstat-a-n" at the command prompt and press enter to see the port number and status of the TCP and UDP connections displayed in numeric form.

Little knowledge: Netstat command usage

Command format: Netstat-a-e-n-o-s-an

-a shows all active TCP connections as well as the TCP and UDP ports that the computer is listening on.

-e shows the number of bytes, packets, and so on sent and received by Ethernet.

-n indicates that only the address and port number of all active TCP connections are displayed numerically.

-o shows the active TCP connection and includes the process ID (PID) for each connection.

-s indicates that statistics for various connections are displayed by protocol, including port numbers.

-an to view all open ports

Close / open the port

Before introducing the functions of various ports, here is how to close / open ports in Windows, because by default, there are many insecure or useless ports that are open, such as port 23 of Telnet service, port 21 of FTP service, port 25 of SMTP service, port 135of RPC service, and so on. In order to ensure the security of the system, we can close / open the port by the following method.

Close the port

For example, to close port 25 of the SMTP service in Windows 2000/XP, you can do this: first open the Control Panel, double-click Administrative tools, and then double-click Services. Then find and double-click the "Simple Mail Transfer Protocol (SMTP)" service in the open service window, click the "stop" button to stop the service, then select "disabled" in the "Startup Type", and finally click the "OK" button. In this way, shutting down the SMTP service is equivalent to closing the corresponding port.

Open the port

If you want to open the port, just select "automatic" in "Startup Type", click "OK" button, then open the service, click "start" button in "Service status" to enable the port, and finally, click the "OK" button.

Tip: there is no "service" option in Windows 98, you can use the firewall rule setting function to close / open the port.

Port classification

There are many classification criteria for ports in a logical sense. Here are two common classifications:

1. Divided by port number distribution

(1) well-known port (Well-Known Ports)

Well-known ports are well-known port numbers, ranging from 0 to 1023, which are generally assigned to some services.

For example, port 21 is assigned to FTP service, port 25 is assigned to SMTP (simple Mail transfer Protocol) service, port 80 is assigned to HTTP service, port 135is assigned to RPC (remote procedure call) service and so on.

(2) dynamic Port (Dynamic Ports)

Dynamic ports range from 1024 to 65535, and these port numbers are generally not permanently assigned to a service, which means that many services can use these ports. As long as the running program requests the system to access the network, the system can assign one of these port numbers for use by the program.

For example, port 1024 is assigned to the first program that sends an application to the system. After shutting down the program process, the occupied port number is released.

However, dynamic ports are also often used by virus Trojans, such as glacier default connection port 7626, WAY 2.4is 8011, Netspy 3.0is 7306, YAI virus is 1024, and so on.

two。 Classified by protocol type

According to the protocol type, it can be divided into TCP, UDP, IP and ICMP (Internet Control message Protocol) ports. The TCP and UDP ports are mainly described below:

(1) TCP port

The TCP port, the Transmission Control Protocol port, requires a connection between the client and the server to provide reliable data transmission.

Common ones include port 21 of FTP service, port 23 of Telnet service, port 25 of SMTP service, port 80 of HTTP service and so on.

(2) UDP port

The UDP port, that is, the user packet protocol port, does not need to establish a connection between the client and the server, and the security can not be guaranteed.

The common ports are port 53 of DNS service, port 161of SNMP (simple Network Management Protocol) service, port 8000 and 4000 used by QQ, and so on.

Common network ports

Network fundamentals-Port comparison

Port: 0

Service: Reserved

Description: commonly used to analyze the operating system. This method works because "0" is an invalid port in some systems, which will produce different results when you try to connect it using the usual closed port. A typical scan that uses an IP address of 0.0.0.0, sets the ACK bit and broadcasts at the Ethernet layer.

Port: 1

Service: tcpmux

Description: this shows that someone is looking for a SGI Irix machine. Irix is the primary provider for implementing tcpmux, and tcpmux is turned on by default in such a system. The Irix machine contains several default password-free accounts in the release, such as: IP, GUEST UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators forget to delete these accounts after installation. So HACKER searches for tcpmux on INTERNET and leverages these accounts.

Port: 7

Service: Echo

Description: you can see the messages sent to X.X.X.0 and X.X.X.255 when many people search for Fraggle amplifiers.

Port: 19

Service: Character Generator

Description: this is a service that only sends characters. The UDP version will respond to packets containing junk characters when they receive UDP packets. When TCP connects, it sends a data stream with junk characters until the connection is closed. HACKER uses IP spoofing to launch DoS attacks. Forge UDP packets between two chargen servers. Similarly, the Fraggle DoS attack broadcasts a packet with a fake victim IP to this port of the target address, and the victim overloads in response to the data.

Port: 21

Service: FTP

Description: the port opened by FTP server for uploading and downloading. The most common method used by attackers to find the FTP server that opens anonymous. These servers have directories that can be read and written. Ports opened by Trojans Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash, and Blade Runner.

Port: 22

Service: Ssh

Note: the connection between the TCP established by PcAnywhere and this port may be to find ssh. This service has many weaknesses, and if configured in a specific mode, many versions that use the RSAREF library will have a number of vulnerabilities.

Port: 23

Service: Telnet

Description: remote login, intruders in the search for remote login UNIX services. In most cases, this port is scanned to find the operating system on which the machine is running. Using other techniques, the intruder will also find the password. Trojan Tiny Telnet Server opens this port.

Port: 25

Service: SMTP

Description: the port opened by the SMTP server for sending mail. Intruders look for SMTP servers to pass their SPAM. The intruder's account is closed and they need to connect to a high-bandwidth E-MAIL server and pass simple messages to different addresses. Trojans Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC and WinSpy all open this port.

Port: 31

Service: MSG Authentication

Description: Trojan Master Paradise, Hackers Paradise open this port.

Port: 42

Service: WINS Replication

Description: WINS replication

Port: 53

Service: Domain Name Server (DNS)

Description: the port opened by the DNS server, the intruder may be trying to TCP, deceive DNS (UDP) or hide other communications. Therefore, firewalls often filter or record this port.

Port: 67

Service: Bootstrap Protocol Server

Note: firewalls through DSL and Cable modem often see a large amount of data sent to the broadcast address 255.255.255.255. These machines are requesting an address from the DHCP server. HACKER often enters them, assigns an address to use itself as a local router and launches a large number of man-in-the-middle (man-in-middle) attacks. The client broadcasts the configuration to port 68, and the server broadcasts the echo request to port 67. This response uses a broadcast because the client does not yet know the IP address that can be sent.

Port: 69

Service: Trival File Transfer

Description: many servers provide this service along with bootp to make it easy to download startup code from the system. But they are often misconfigured to enable intruders to steal any file from the system. They can also be used by the system to write files.

Port: 79

Service: Finger Server

Description: intruders are used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to Finger scans from their machines to other machines.

Port: 80

Service: HTTP

Description: for web browsing. Trojan Executor opens this port.

Port: 99

Service: Metagram Relay

Description: the backdoor program ncx99 opens this port.

Port: 102

Service: Message transfer agent (MTA)-X.400 over TCP/IP

Description: message transfer agent.

At this point, I believe that everyone on the "DOS View Port Command Daquan" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.