The 'netstat' command has been around for many years and on multiple Operating Systems. We will briefly review 3 netstat parameters useful on both Windows 2008 and Windows Vista. If you have ever been asked the question by a colleague, 'How do I tell if RDP is listening on Port TCP 3389 for Server XYZ'? I will show you an example of how to use the netstat command to see if a server is listening on a specific port using the find parameter.
Here are our 3 commands for this example:
- 'netstat' - indicates 1) Protocol, 2) Local Address, 3) Foreign Address, and 4) State (of Connection).
- 'netstat -aon' - indicates 1) Protocol, 2) Local Address, 3) Foreign Address, 4) State and 5) Process ID (PID).
- 'netstat -an | find ":3389' - indicates any Local IP Address listening on TCP 3389 (default Protocol and Port for Remote Desktop (RDP))
Here are our 3 commands in action in a Windows Vista SP1 Command Window (if you like how clear this Windows appears take a look at my Blog Entry titled '
Command 1 - 'netstat' - offers us a clear picture by protocol as to Local Ports open and to which Foreign Address (remote host).
Command 2 - 'netstat - aon' - provides similar detail with the addition of IPV6 information and specific Process IDs (PIDs).
Command 3 - 'netstat -an | find ":3389' - provides affirmation by IP Address of servers maintaining an open connection on TCP 3389.
Enjoy using this much overlook utility found in both Windows 2008 and Windows Vista!
Lynn Lunik
Independent Security Consultant
Windows(R) Platform
IT Pro Secure Corporation
and
exchangesummit.net
http://itprosecure.com and http://www.exchangesummit.net
blog <at> itprosecure.com
Posted
Sep 08 2008, 11:52 AM
by
lynn lunik