Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

netstat and ports 1

Status
Not open for further replies.
Noip

Noip

IS-IT--Management
Apr 25, 2002
240
MU


1.How do know about whether the connection established as viewed in netstat in inbound or outbound...
2.How to close unwanted connections....
3.Why do I have so much of listening ports which does not seem to belong to the services in use i.e 3500 and above...

I know I'm posting a lot of questions but I think I've got a trojan on my server box.

I'VE already ran Swatit and Trojan remover 4.90
Box: win2k server SP2 with ISA/NAVCE7.6 running
 
Sort by date Sort by votes
Sysinternals do an excellant little program called TCPview


It dynamically displays port activity as it happens.

The initial call by a machine is made via the well known port numbers (80, 21, e.t.c.) into a recieving machine which then in turn instucts the contacting machine to move upto a higher range of ports for continued communication.

TCP does this exchange *primarily*, it is the RPC (Remote Procedure Call) on the recieving machine that sends a reply back and watching it in TCPview is fasinating.

UDP however is like a bull in a china shop and goes blundering *generally* to which ever port it has been told to by an Application.

The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.

The Well Known Ports are those from 0 through 1023.

The Registered Ports are those from 1024 through 49151

(RFC text)

The Dynamic and/or Private Ports are those from 49152 through 65535

Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined (the ones you know, port 80, 21 e.t.c.).

This list specifies the port used by the server process as its contact port, where the first call is made.

The contact port is sometimes called the "well-known port".
 
Upvote 0 Downvote
Thanx for your post Girth,
it was quite helpful but a little too technical for me. I will give Tcpview a try.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
335
DrB0b
DrB0b
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
209
geneg28
geneg28
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
292
DrB0b
DrB0b
kbryii
  • Locked
  • Question
AD and DHCP issue
Replies
1
Views
263
gbaughma
gbaughma
lecombs1950
  • Locked
  • Question
PKI and Client server application
Replies
0
Views
195
lecombs1950
lecombs1950

Part and Inventory Search

Sponsor

Back
Top