At times we may run an internal or external scan on your server and we finds that there is port xxxxx open. You are not aware of that port or any application that is using that port. Well weird...? How to find what's running on that port.
The first though to do telnet
telnet IP_Address portno
you get a blank screen... now what next, it doesn't give any clue what is running on that port, which service which process etc.
So here are some cool tips to quickly find out what is running on unknown port, lets say 32456.
Step 1: Fireup the command prompt
Step 2: netstat -ano | findstr /i "listening"
TCP 0.0.0.0:32456 0.0.0.0:0 LISTENING 1100
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 888
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:4105 0.0.0.0:0 LISTENING 424
TCP 0.0.0.0:4728 0.0.0.0:0 LISTENING 424
Look for your port in the result and identify the PID,. The PID is listed at extreme right hand side.
Step 3: tasklist /svc /fi "PID eq 1100"
Image Name PID Services
========================= ======== ==========================
svchost.exe 1100 Appinfo, AppMgmt, BITS, Browser,
gpsvc, IKEEXT, iphlpsvc, LanmanServer,
ProfSvc, Schedule, ShellHWDetection,
Themes, Winmgmt, wuauserv
Image Name is basically your process in taskmanager
Now you have the names of the services running under the svchost.exe, you can use google to perform quick search what services are for.
Hope that would be helpful.
Regards,
Navdeep [v-2nas]
No comments:
Post a Comment