Checking ports on the local network. How to determine open ports? What port numbers can the program open?

Sources: Wikipedia, Microsoft, portscan.ru

How can I find out which ports are open on my computer?

1. For Windows: Start → “cmd” → Run as administrator → “netstat -bn”
2. In an antivirus program such as Avast, it is possible to view active ports in the Firewall: tools -> Firewall -> Network connections.

Also useful commands netstat:

To display both the Ethernet statistics and the statistics for all protocols, type the following command:

netstat -e -s

To display the statistics for only the TCP and UDP protocols, type the following command:

netstat -s -p tcp udp

To display active TCP connections and the process IDs every 5 seconds, type the following command:

nbtstat -o 5

To display active TCP connections and the process IDs using numerical form, type the following command:

nbtstat -n -o

The following status values ​​are valid for TCP sockets:

List of most commonly used ports

When an application or service on a computer works with the network, a logical port is opened, reserving a number through which information is transferred to remote servers or clients. According to the TCP/IP protocol, a number is taken from 0 to 65535. And the meaning of these actions is that it is unique for each application and unambiguously determines “who” the received data belongs to.

But the selected number is not always available - it may be busy or open by another program. And sometimes it becomes necessary to enter this “number” manually. In order not to sort through everything, the user can quickly check the ports for openness, then selecting any free one. But alas, not everyone has an idea of ​​how this can be done. Let's talk about the simplest and easiest verification methods:

• standard way;
• use of online verification service sites;
• analysis of port availability through specialized utilities/applications.

To solve a problem, it is not at all necessary to resort to tricks or third party applications. You can take advantage of the system's capabilities, which also allow you to find out the answer to the question: is the port open?

To do this you need to run command line. This can be done either using the “Run” window or through the search. IN Windows versions 7 and below click “Start”, in 8.1 - the Start button. Enter and find cmd, this is the command line. You need to run it using the right mouse button, as an administrator. Then you can enter one of two commands:

1. netstat -a - shows open (listening, active - established, waiting - time_wait) and closed ports;
2. netstat -aon | more - list of available ones.

The second option is convenient in that it can be used to find out which program is bound to a particular port. To do this, look in the PID column - there is a number indicated there that is the process identifier. Launch the task manager or go to the “Details” tab (for Windows 8 and 8.1) and look for the number in the “Process ID”. If the name of the application is unfamiliar or seems suspicious, then click on it right click mouse and select “Open location”.

Checking the port for availability using online services

If your computer has access to the Internet, then you don’t even have to bother with the command line and other “wisdom”, instead finding one of the many special service sites that check the openness of ports in just a few mouse clicks. You just need to enter the required number in the column and click the “Check” button. The results are as follows:

Port closed

It is impossible to connect using it. Various malware or hackers will also not be able to use the port to hack, attack or obtain data from the computer. High level protection from network threats is precisely characterized by the fact that all unknown ports must be closed. But large number open to external access"numbers" - bad indicator.

However, the reason for port unavailability may be incorrect setting application running with it or network equipment. Just in case, you can check the firewall for access to the network and installed programs.

turn out to be closed port maybe because of the very slow connection: A situation where it is actually open, but the network response time is too high. Then connection becomes problematic or completely impossible.

Port is open

Selected identification number available for connection and internet. If that's what you need, great. But when it actually should be closed, it is necessary to find out the reason for the “openness”.

First of all, they check running applications and services (services). It may be used by some of them to log out and work online. But there is a small chance that the open port is being used externally or is the result of active virus activity. In this case, checking with an antivirus will also not be superfluous.

How else can you check if the port is open?

If the first and second methods are not suitable for some reason, then you can approach the problem differently: there is huge amount various useful programs, which will provide comprehensive information on the ports available on the computer, for a fee or free of charge. At the same time, you can find utilities on the Internet that are quite simple both in terms of use and the information they provide. Examples of such applications include Free Port Scanner And CurrPorts- both of them are free.

How to close it?

Having figured out how to check whether a port is open, the user may be interested in another question: if it is still active, then how to close it if necessary? It's actually not that difficult.

The main thing is to find and eliminate the reason that makes it accessible. If it is a program process or running service, then you need to find it through the task manager and close or stop it. But it also happens that regular applications nothing to do with it... then there is every reason to thoroughly check your computer with an antivirus for possible availability malware. If access to the Internet is through a router, find and delete unnecessary port forwarding rules. And for additional protection You can install a more advanced firewall.

Video

In this video you will learn how to check open ports and determine who is using them.

Didn't get an answer to your question? Suggest a topic to the authors.

About ports, and it will clarify the situation.

Everyone has been using simulators for a long time ( local network ), after some providers at the beginning of the new decade disconnected all their subscribers from the local network, leaving them only with an Internet connection.

It was from that moment that the popularization began imitators, because without them, it was impossible to play with a neighbor with any toy. And from that moment on, the question about " opening ports"became more popular, and many “pseudo-sysadmins” tried to post up-to-date guidance on how to open ports on their hardware. But not everyone knows what and how to do it correctly.

What is " Open port "? Yes, everything ingenious is simple - any computer on the network has a certain identifier (name, MAC address, IP), so, according to IP a certain packet arrives at the router, but it doesn’t just arrive via IP, and by special channel (port), through which the program sends/receives requests from external network. According to the standard, this packet will not pass beyond the router, since by default (hereinafter referred to as default), the port on which the program runs is closed, and in order to receive the packet, it must be opened.

What they write on the Internet - you can open ports, regardless of what network equipment is installed - all this is nonsense! Any knowledgeable system administrator will tell you that IPs are divided into two types - " White" And " Grey", and only on one can you open ports to receive "packets" from outside. Grey- this is when IP can move from hand to hand many times (also referred to as dynamic), White- or real (in other words static) can be assigned only for one user, and will not change hands.

It is according to the “White” IP that you should open ports on your equipment. To get your “White” IP you need reverse to your provider, and after that, he will assign an IP to you. This service everywhere is paid, and depending on the region it can range from 50 rubles/month.

Let's say we bought real IP from your provider, and now you need to start setting up. Let's look at the settings for 4 popular router models (ASUS/TP-Link/D-Link/Zyxel):

Setting up an ASUS router

Opening ports on a real (white) IP in an ASUS router

Note: setup was carried out on the equipment ASUS RT-N12 C1 with firmware 3.0.0.4.260 (black interface)

1. 192.168.1.1 ), with login and password ( admin/admin
2. In the left menu select " Internet" (or WAN) -> Port Forwarding(or Virtual Server/Port Forwarding)
3. Turn on this option by checking the box next to " Enable Port Forwarding: Yes".
4. Choose from ready-made templates specified ports, or enter your own:
   • Service name- you can be anything
   • Port range- you can enter either one port (for example 80) or a range (27000:27099)
   • Local IP
   • End port- just like in “Range”, you need to enter it depending on what was entered first - one or a range.
   • Protocol- TCP/UDP/BOTH /OTHER - select one (TCP/UDP ports select)
5. After entering the data, click on the plus sign (to the left of the filling form).
6. And after entering the data, click “Save”.

Setting up a D-Link router

Opening ports on the real (white) IP in the D-link router

Note: setup is done on the router D-link DIR 615 with white interface of the latest firmware 2.5.20 .

1. Connect to your router via a browser ( 192.168.0.1 . or in some 192.168.1.1 ), with login and password ( admin/admin). You can find out about this at back side router or in its instructions.
2. In the left menu select Firewall/ Virtual servers .
3. We choose from ready-made templates, or enter our own (by selecting " Costom"):
   • Service name- you can be anything
   • Protocol- select the desired protocol.
   • External port (initial)
   • Internal port (initial)
   • Internal IP
4. Apply", and then through " System" - select the item "", and only after that the ports should open.

Setting up a TP-Link router

Opening ports on the real (white) IP in the TP-Link router

TP-LINK TL-WR940N / TL-WR941ND with firmware 3.13.31 .

1. Connect to your router via a browser ( 192.168.0.1/192.168.1.1 ), with login and password ( admin/admin). You can find out about this on the back of the router or in its instructions.
2. In the left menu select Forwarding (Forwarding) -> Virtual servers (Virtual Server).
3. After opening the section " Virtual servers"You should see a page with a list of open ports. In order to open the port you need, here you need to click on the “Add new” button and fill out the form:
   • Service port – external port. Here you need to enter the port (or a range of ports separated by a hyphen, for example, 10100-10200)
   • Internal port – internal port, which will be used by programs on your computer.
   • IP address
   • Protocol
   • State (Status) – port status.
4. After entering the data, you can click " Save" (Save).

Setting up a ZyXEL router

Opening ports on the real (white) IP in the ZyXEL router

Note: setup is done on the router ZyXEL Keenetic with firmware 2.0 .

1. Connect to your router via a browser ( 192.168.0.1/192.168.1.1 ), with login and password ( admin/admin or admin/1234). You can find out about this on the back of the router or in its instructions.
2. In the left menu select "Safety"(in the form of a shield) -> .
3. After opening the section " Broadcast network addresses(NAT)"Click on the "Add" button and add according to the template:
   • Interface– select the required interface.
     Attention! The Interface field must be entered correctly. Depending on whether your ISP uses authentication (PPPoE, L2TP or PPTP), the meaning of this field may vary. If authorization with the provider is not used, you should always select the Broadband connection (ISP) interface. If your provider uses PPPoE to access the Internet, then you should select the appropriate PPPoE interface.
     If you are given simultaneous access to the provider’s local network and the Internet (Link Duo), you need to select the Broadband connection (ISP) interface to forward a port from the local network, and select a tunnel interface (PPPoE, PPTP or L2TP) to forward a port from the Internet.
   • Protocol– you can specify a protocol from the list of presets that will be used when forwarding the port (in our example, TCP/21 is used – Transmission FTP files). When you select TCP or UDP in the Protocol field, you can
   • TCP/UDP ports- specify the port number or range of ports.
   • Redirect to address- indicate the local IP address of the computer.
4. After entering the data, you can click " Save".

Summing up, we can draw the following conclusion - that in order to forward ports and save your nerve cells, it is better to immediately buy from your provider static (white) IP, since on gray - port forwarding will not be possible. If everything was done successfully, then the visibility of the ports can be checked on , or on . From the experiment with routers, I was able to do everything correctly on only three out of four routers (except Zyxel).

The popular question “how to check if a port is open” is relevant for both experienced gamers and novice system administrators. Accordingly, before opening ports on a computer running Windows XP, 7 or 8, you need to decide on the ultimate goal of this “enterprise” and which ports need to be opened. For example, for Skype this is port 433 and 80, and for the mega-popular game Minecraft you will need to open port 25565.

In itself, “opening ports” does not cause any damage to your computer: its security will depend on what program uses and “listens” on it and how.

To further protect yourself, you can view statistics on the ports most vulnerable to viruses and hacking.

For example, most companies providing services information security, they recommend paying attention to port numbers: 21, 23, 25, 80, 1026, 1028, 1243, 137, 139, 555, 666, 1001, 1025, 7000, 8080, 12345, 31337, 31338.

In other words, open ports are like open doors to a harsh world. high technology, accordingly, you should not open everything without knowing by whom and for what purpose this port can be used.

How to find out which ports are open on a Windows 7 computer?

Once the target is determined and the list of ports is “agreed”, you need to check whether the port is currently open. To do this, you can use the Command Line:

Open Command Prompt and enter the command “netstat -a”;

In response to the command, Windows OS will present a list of all open “TCP” and “UPD” ports;

The "Status" column will indicate what is happening with this port:

• - “Listening” - that is, the port is “listening”. In other words, some program monitors the activities of a given port;
• - “Established” - the port is open and in use;
• - “Time wait” - the port is in standby mode: i.e. the program using it is preparing to put the port into one of the specified states.

Currently, there are quite a lot of services that allow you to check whether ports are open or not: for example, it has earned the trust of users online check"2ip". To check, you just need to enter the port number and click “check”.

So, having decided how to view open ports, now calmly open the desired port.

How to open a port in windows 7 firewall?

The easiest way to open the required port on your computer is to use the built-in Windows Firewall:

- (“Start” - “Control Panel”);

In the column on the left " Additional settings» The Windows Firewall with Advanced Security window will open;

• - click “Rule for incoming connection" and in the "Actions" section ( right side window) select “Create rule”;

• - the “Rule Creation Wizard” will open: from the list presented, select “For a port” and click “Next”;

Below is the line “Specified local ports”: this is where you need to register the port to open (or range of ports) and click “Next”;

• - the “Actions” section will open, in which select “Allow connection” - since you need to open a port on the computer;

• after which all you have to do is enter the name of the created rule and, if desired, fill out a description.

At incorrect setting firewall may arise, which we talked about in one of the previous articles

This is the easiest way to open ports on windows computer 7. No secret knowledge or secrets of network magic are required for this action, it is only important to know which port needs to be opened and in which protocol it is used.

How to open a port via Windows command line?

However, the ability to open a port through a firewall is far from the only way, which you can use. You can also open ports on your computer using the Command Line: it’s not difficult, but this approach requires basic knowledge of the structure and functionality of the “netsh” command.

So, open a command prompt with “Administrator rights” and enter the command “netsh advfirewall firewall add rule name=L2TP_TCP protocol=TCP localport=xxxx action=allow dir=IN”

The command structure includes the following parameters:

• - the name “L2TP_TCP” is a second-layer tunnel protocol (the abbreviation “L2TP” literally means “Layer 2 Tunneling Protocol”);
• - “protocol=TCP” means which protocol the port being opened belongs to: if it is for UPD, then after the “equals” symbol it is necessary to write this abbreviation;
• - “localport=xxxx” instead of “x” indicate the number of the port to open.

Thus, opening a port on a computer is quite simple, and everyone can choose the most convenient method for themselves. The advantage of using " Windows Firewall"is only step-by-step setup with an intuitive user interface.

Good afternoon, dear readers and guests of the blog, I am glad to welcome you again to the section about security, last time we learned how to delete screenup virus, today the topic will be more interesting, namely how check open ports on Windows or Linux. I’ll describe my situation, I have a project, the customer provided 20 virtual machines, within which my organization needs to deploy a service there, some virtual machines are located in different networks and before the programmers have time to deploy everything on them, I need to use a special utility to listen to a port on one server and check that it responds on the other, so to speak networking. Let's do this.

We install a service responding to the required port

As I wrote above, while the services are not deployed, no one is listening to the ports, but we need to check so that we don’t have to deal with this later. We need to use a special utility to emulate listening to the port (socket) we need. Those of you who know an operating system such as Centos 7, they remember that it had great utility called netcat. It allowed using certain commands to listen needed by the administrator port.

netcat- a Unix utility that allows you to establish TCP and UDP connections, receive data from there and transmit it. On Windows platforms, she is also present.

We unpack the archive on the server where the service will run in the future. In the folder you will need the files nc.exe and nc64.exe. Next, hold down Shift and right-click on the folder from context menu select "Open command window"

Now let’s imagine that I want port 80 to work on the server, like an IIS server. Open netcat, first look at the help:

• -d detach from console, background mode
• -e prog inbound program to exec
• -g gateway source-routing hop point[s], up to 8
• -G num source-routing pointer: 4, 8, 12, ...
• -h this craft
• -i secs delay interval for lines sent, ports scanned
• -l - listen for incoming connections
• -L listen harder, re-listen on socket close
• -n numeric-only IP addresses, no DNS
• -o file hex dump of traffic
• -p - which connection will be listened to
• -r randomize local and remote ports
• -s - set local address appointments
• -t answer TELNET negotiation
• -c send CRLF instead of just LF
• -u - UDP mode
• -v verbose
• -w secs timeout for connects and final net reads
• -z zero-I/O mode

We are interested in a command like this:

netcat-win32-1.12>nc.exe -l -p 80

As a result, a virtual socket is raised on the server that listens to connection 80, simulating a web server.

How to check if a port is open on a server

Now let's go to another server and try to check the open ports on remote server. To solve our problem, we will use the telnet utility; see how to install it. Open the command line and enter the following line:

telnet 10.242.17.134 80

As you can see, I indicated the IP address I needed and desired number port

By the way, you can check the open ports on the computer where the service is located with the command:

telnet localhost number 80

If the IP address does not respond to your request, then you will see an attempt to connect, after which you will be shown that this could not be done.

If the connection is successful, then you will see a black screen, either without text or with some welcome message, that some service responded to you.

Through external utilities

You can also check whether the port is open using external utilities; the main requirement here is that you have a white IP with Internet access. Let’s imagine the same situation: you need to test the 80 connection on which the company’s website will be located. You deployed it, but for some reason it does not work. Not long ago, I told you about the ping.eu () service. One of the items in this toolkit was port check (checking open ports). In the "ip address or host name" field you write the IP address or dns name service, which requires checking, and in the adjacent field, the required socket number, in my case 80, click “Go”. In a second, you will get the result whether ports 80 or 443 are open on the site or not. In my case the status is "open".

Mass checking of open ports on the network and locally

There are special utilities, whose task is to scan a computer or server for available ports on which there is a connection, they are called port scanners. There are a lot of such programs, I will give an example in the form of XSpider 7.7. How to check if a port is open in the XSpider 7.7 utility. Right-click on “scanned hosts” and add a host or range of IP addresses.

You specify what exactly will be checked.

Click the start icon and start the procedure.

You may see a warning that your actions may be recognized as a DDoS attack and many firewalls on the network may simply ban you, so be careful.