1.netstat command that comes with Windows.
Regarding the netstat command, let's take a look at the introduction in the windows Help file:
Netstat
Displays protocol statistics and current TCP/IP network connections. This command can only be used after the TCP/IP protocol is installed.
Netstat [-a] [-e] [-n] [-s] [-p protocol] [-r]
[interval]
parameter
[Ancient names or Latin modern names of animals and plants]
Show all connections and listening ports. Server connections are not usually displayed.
-e
Displays Ethernet statistics. This parameter can be used in combination with the -s option.
Tong -EN
Displays the address and port number in numeric format (instead of trying to find the name).
Constitute noun plural
Displays statistics for each protocol. By default, statistics of TCP, UDP, ICMP and IP are displayed.
-p
Option can be used to specify the default subset.
-p protocol
Displays the connection of the protocol specified by the protocol; The protocol can be tcp or udp. If with
The -s option is used together to display statistics of each protocol, which can be tcp, udp, icmp or ip.
-r
Displays the contents of the routing table.
space
Redisplay the selected statistics, with a pause of seconds between each display. Press CTRL+B to stop redisplaying statistics. If this parameter is omitted, netstat will print the current configuration information once.
Well, after reading these help files, we should understand how to use the netstat command. Now, let's learn to use it and use this command to view the open ports of our machine. Enter the command line and use the two parameters a and n of the netstat command:
c:\ & gt; Network statistical database
flexible connection
Original local address external address status
TCP 0.0.0.0:80 0.0.0.0:0 Monitoring
TCP 0.0.0.0:2 1 0.0.0.0:0 Monitoring
TCP 0.0.0.0:7626 0.0.0.0:0 Listening
UDP 0.0.0.0:445 0.0.0.0:0
UDP 0.0.0.0: 1046
UDP 0.0.0.0: 1047
Explanation, initiative
Connections refers to the current local active connection, Proto refers to the protocol name used for connection, Local Address is the IP address of the local computer and the port number used for connection, Foreign Address is the IP address and port number of the remote computer connected to this port, and State represents the status of TCP connection. You can see that the listening ports in the last three lines are all UDP protocols, so there is no state represented by state. Look! Port 7626 of my machine has been opened, and I am listening for the connection. In this case, it is very likely that I have infected the glacier! It is correct to cut off the network in a hurry and kill the virus with antivirus software.
2. The command line tool fport under 2.windows2000.
Friends who use windows2000 are luckier than friends who use windows9X, because fport can be used to show the correspondence between local open ports and processes.
Fport is a software produced by FoundStone, which is used to list all open TCP/IP and UDP ports in the system, as well as the complete path, PID identification, process name and other information of their corresponding applications. Use on the command line, please see the example:
d:\ & gt; fport.exe
FPort v 1.33-TCP/IP process to port mapper
Foundstone Company Copyright 2000.
Original path of Pid process port
748 tcpsvcs->; 7 TCP C:\WINNT\System32\
tcpsvcs.exe
748 tcpsvcs->; 9 TCP
C:\WINNT\System32\tcpsvcs.exe
748 tcpsvcs->; 19 TCP
C:\WINNT\System32\tcpsvcs.exe
4 16 svchost->; 135 TCP
C:\WINNT\system32\svchost.exe
Is it clear at a glance? Now, the programs open on each port are right under your nose. If you find suspicious programs opening suspicious ports, don't be careless. Maybe it's a cunning Trojan horse!
The latest version of Fport is 2.0. Many websites download it, but for the sake of safety, of course, it is best to go to its hometown:
/knowledge/zipper /f
3.Active Ports active, a graphical interface tool with similar functions to Fport.
The port is produced by SmartLine. You can monitor all TCP/IP/UDP ports open on your computer. It can not only display all your ports, but also show the paths of programs corresponding to all ports, and whether local IP and remote IP (trying to connect to your computer IP) are active.
Is it intuitive? Even better, it also provides the function of closing the port. When you use it to find the open port of Troy, you can close it immediately. The software runs on Windows NT/2000/XP platform. You can add an o parameter to the stat command, and you can get the corresponding relationship between ports and processes by using this parameter.
The above introduces several methods to view the local open ports and the corresponding relationship between ports and processes. Through these methods, you can easily find Trojans based on TCP/UDP protocol, hoping to bring help to your favorite machines. However, we should pay attention to the prevention of Trojan horses. If we encounter a Trojan horse in rebound port and a new Trojan horse made by using driver and dynamic link library technology, it is difficult to find out the traces of Trojan horses by these methods. Therefore, we must develop a good habit of surfing the internet, don't run attachments in emails at will, and install a set of antivirus software. For example, Rising in China is a good helper to kill virus Trojans. Use antivirus software to check the software downloaded from the internet before using it. Open the network firewall and real-time virus monitoring when surfing the Internet to protect your machine from the invasion of hateful Trojan horses.