Networking / Beginners

Netstat

You can use the netstat utility on Windows or Linux to see a list of network connections. The -l option (on Linux) will list only the listening ports for that system. On Windows, the same functionality is provided by using the -a option (-a works on Linux as well) to list all connections. From a troubleshooting perspective, there may be times when you want to verify that a service is listening on the proper port, or identify what service is listening on a given port. While older versions of netstat cannot show you this, modern Windows systems provide the -b option, which will list the process associated with a given listening port.

C:\>netstat -a -b

Active Connections

    Proto 	Local Address 	Foreign Address   State 	PID
    TCP 	server:4122 	localhost:4123 	  ESTABLISHED 	1988
    [firefox.exe]

If you are running an older version of Windows, or running Linux, there are utilities to show this. For the command line on Windows NT, XP, or 2000, fport from www.foundstone.com/resources/proddesc/fport.htm is very handy.The abbreviated output is shown here.

I:\Internet\fport>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid 	Process 	Port 	Proto 	Path
1988 	firefox     -> 	4123 	TCP 	I:\Internet\Firefox\firefox.exe

For a Windows GUI, tcpview is very powerful and can be downloaded from Microsoft at www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx.Tcpview also has a command-line version called tcpvcon. In the Linux world, you can see which processes are using which ports with the lsof (list open files) utility. Although the utility can be rather complex, a quick and simple way is:

lsof | grep LISTEN
syslog-ng 1555 	  root    6u 	IPv4 	4463 	TCP *:7140 (LISTEN)

This will indicate that the syslog-ng process is listening for inbound connections on TCP port 7140.

[Previous] [Contents]