Search software:I want to find a software that can scan my computer's ports and should tell me which program opens the corresponding port?
For example,by using the software,I might know which program in my computer opened the port:5000.
Who can provide me?Thanks a lot.

Hi scarab_cn, do you write software ?

Originally posted by Platinum Plus
Hi scarab_cn, do you write software ?

Thank you, Platinum :)

I write program sometimes.
I have used MS VB and JSP
But I can't write the software as I mentioned.
:p :p :p

That sounds like a firewall. There are a few good ones - some of them are free. Have a look at ZoneLabs (http://www.zonelabs.com/store/content/home.jsp)

Thank you for your help,Gabriel Fleseriu.
I will try now!

Hei scarab_cn...hows the English going ? :D

Windows is supplied with a command line utility
called

netstat.exe

if you run it with comman option /a

like

netstat /a

it will output all objects (images in memory) occupying TCP and UDP ports, their corresponding socket links (target and source bound) and even their DNS mapping.

f.e:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Amn>netstat /a

Active Connections

Proto Local Address Foreign Address State
TCP armenchik:epmap armenchik:0 LISTENING
TCP armenchik:microsoft-ds armenchik:0 LISTENING
TCP armenchik:1025 armenchik:0 LISTENING
TCP armenchik:1064 armenchik:0 LISTENING
TCP armenchik:1112 armenchik:0 LISTENING
TCP armenchik:netbios-ssn armenchik:0 LISTENING
TCP armenchik:1064 psyradio.demandindustries.net:8003 ESTABLISHED
TCP armenchik:1112 msgr-cs85.msgr.hotmail.com:1863 ESTABLISHED
UDP armenchik:epmap *:*
UDP armenchik:microsoft-ds *:*
UDP armenchik:isakmp *:*
UDP armenchik:1026 *:*
UDP armenchik:ntp *:*
UDP armenchik:1028 *:*
UDP armenchik:1317 *:*
UDP armenchik:discard *:*
UDP armenchik:ntp *:*
UDP armenchik:netbios-ns *:*
UDP armenchik:netbios-dgm *:*

C:\Documents and Settings\Amn>

Amn,Thank you for your help:)

By using netstat /a,we can get the information about:
Proto Local Address Foreign Address State

But how can I get the program that open the Port?:confused:
for example about information the below :

"TCP armenchik:1112 armenchik:0 LISTENING"
--its 1112 is open,but which program has opened the port number 1112?
:confused: :confused: :confused:

P.S:My OS is Unix,maybe the netstat command be different from Windows OS.

If you run netstat with '/?' command line option, it will display help as in:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Amn>netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.


C:\Documents and Settings\Amn>


from which it is evident you can use '-o' switch which will force netstat to display process ID. Every process in Windows has an ID, and Task Manager displays them for you. So it is basically to lookup the ID in Task Manager window and you will see the name of the file that has the port open.

Otherwise you also could write a program that would parse the netstat output and replace process IDs with process file names (by using appropriate WinAPI function to get a like ::GetModuleFilename)

Good Luck !

P.S. UNfortunately my solution is for Windows XP. I relly dont know whether it will work in UNIX, but i am more than sure experts on UNIX here will sugest a similiar command to you. UNIX HAS TO HAVE some sort of netstat !

Hello,Amn pal.
This is the help information of netstat command in my computer(Windows 98):
C:\WINDOWS>netstat/?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the -p option may be used to specify
a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.



But not have -o switch.Why?

Yes it seems the netstat.exe implementation in Windows 98 lacks the '-o' switch. Sad... :(

Another very good option is to download TCPView from www.sysinternals.com - it is a better solution than a firewall, since it is small and doesnt run everytime, only when you run it. ZoneAlarm is a service and it consumes a bit of resources, not to mention it is a firewall, which is absolutely not what you asked for in the first place ;)

Also look for netstatp.zip (on the same page as TCPView)

it WILL display process name on ANY windows platform.

Amn pal,Thank you very much:) :) :)
I will try it.:D