Use Netstat to determine which ports to open on a Windows firewall

Learn how to use Netstat to determine which firewall port to open when troubleshooting a Windows XP firewall.

How often have you sold a piece of software, only to have to troubleshoot why it won't work with your client's Windows XP firewall? The solution to this problem is simple enough: just open the firewall port used by the application. The trick is in knowing which port to open. This generally isn't a problem if the application uses a well-known port, but many applications rely on obscure, proprietary ports. With over 65,000 TCP and UDP...

ports each to choose from, guessing the correct port isn't an option. Fortunately, you don't have to. There is a little-known trick using Netstat that can help you identify which firewall port an application uses.

I could easily write an entire article on the syntax for the command-line tool Netstat, but for the purposes of this tip, I'll only discuss the switches needed to determine which firewall ports an application uses. If you want to learn more about other available switches, just enter NETSTAT /? at the command prompt. You can also view the Netstat documentation on Microsoft's Windows XP Professional documentation site.

With that said, there are three switches you can use to hunt down firewall port numbers. The /A switch causes Netstat to display all connections and listening ports. The /N switch forces Netstat to display IP addresses and port numbers in numerical form. Finally, the /O switch displays the process number associated with the various ports.

Depending on how many processes are running, the command's output can be too long to fit on a single screen. Therefore, for the purposes of Windows XP firewall troubleshooting, it's a good idea to redirect the output to a file. You can accomplish this by appending a greater-than sign (>) and a file name to the end of the command. For example, the following command redirects the output to a file named C:\NETSTAT.TXT:

netstat /a /n /o >c:\netstat.txt

Figure A, below, illustrates the command in action, as well as the contents of the NETSTAT.TXT file. Keep in mind that the file's contents will be different on every PC and that in order for the file to be of any use, you must be running the application for which you need the port number while you run this command.


Figure A: The Netstat command can be used to determine which firewall ports are in use.

In the output from the Netstat command, you can see IP addresses and port numbers shown in the Local Addresses column. Port numbers are separated from the IP address by a colon. For example, the local address for one of the processes shown in Figure A is 147.100.100.200:139. This means that the application is using the IP address 147.100.100.200 and port 139.

Matching port numbers to applications

Looking at this output, you may notice that Netstat doesn't list any applications. Even so, the last column lists the process ID (PID) of the application that's using the port. To determine which application uses the port, you must match the applications with their PID numbers. To do so, select CTRL+ALT+DELETE to open the Windows Task Manager, and then click the Processes tab. As shown in Figure B, this tab lists the various processes in use, but it does not list the corresponding PID numbers.


Figure B: By default the Windows Task Manager lists processes but not process numbers.

Fix this problem by selecting the Select Columns command from the Task Manager's View menu. From the Select Columns dialog box (shown in Figure C), select the PID checkbox, and click OK.


Figure C: Select the PID checkbox, and then click OK.

As shown in Figure D, the Windows Task Manager now lists the PID number. Earlier, I showed you a process that uses an IP address and port number of 147.100.100.200:139. In Figure A, you can see that the PID assigned to this IP address and port number is 4. In Figure D, you can see that PID 4 is the system process. When identifying the ports for a given application as part of Windows XP firewall troubleshooting, work through the list until you find an IP address and port number that correspond to the PID that's assigned to the application. At that point, you know which port number the application is trying to use, and can therefore open the necessary port in the firewall.


Figure D: The PID column tells you which process ID has been assigned to the process.

You should be able to use this technique to determine which port an application is using. Keep in mind, though, that Windows may run different processes under different user accounts. Therefore, if you don't see your target process listed, you may have to select the Task Manager's Show Processes From All Users checkbox.

This was first published in October 2007

Dig deeper on Network security

-ADS BY GOOGLE

SearchStorage.com.au

SearchSecurity.com.au

SearchCIO

SearchCIOMidmarket

SearchCompliance

Close