10.9. Viewing the Open Ports and Connections
You want to view the open ports and connections on a server.
Using a graphical user interface
The Sysinternals TCPView tool is a graphical interface that displays all of the active connections on a host. It displays all of the connection information you might need, including process name and ID, protocol, local address and port, and remote address and port. It is a real-time tool, so it shows connections that are terminating in red and new connections in green. You can close a connection by right-clicking it and selecting Close Connection. You can also kill the associated process by selecting End Process. See Figure 10-1 for a screenshot of TCPView.
Figure 10-1. Sysinternals TCPView
Using a command-line interface
The netstat command displays all established connections on a host:
-a option to view
all open ports regardless of whether they are active. With the
Windows Server 2003 version of netstat, you can view the process ID
associated with connections by specifying the
The Sysinternals netstatp utility is the command-line version of TCPView. It displays similar information to netstat, but it shows the process name and ID associated with the connection by default:
' This code produces output very similar to the 'netstat -an' command. ' It requires that the target machine ...