6,871
社区成员
发帖
与我相关
我的任务
分享在WINDOWS上如何查看某个端口上运行的是什么程序?
我扫描发现机器上有许多非常规网络端口打开了,有什么办法是什么程序在用这些端口?很有可能是木马程序。
...全文
请发表友善的回复…
发表回复
aznarble 2002-10-18
- 打赏
- 举报
在Windows XP下使用netstat和tasklist可以检查特定软件使用某个端口。以下是Windows专家Mark Minasi撰写的文章,供参考。
Use XP's New Netstat and Tasklist To Find Out Who's Talking To Your Computer
Here's a neat feature that I really like about XP: Netstat's new -o option.
If you don't know Netstat, then you should. It reports to you all of the network connections that your system has open at the moment. I used to use it with the -a option. -a says to show all network connections. The new -o option says to identify the process ID ("PID") of the program that started that connection. For example, under Windows 2000 I might have typed netstat -a and gotten a line like this in the output:
TCP GX240:1844 64.4.13.224:1863 ESTABLISHED
Unraveled, this line says that my workstation (GX240) is connected via port 1844 to some system at 64.4.13.224. Hmmm, I'd say, what's going on here? I don't remember agreeing to open up a link to someone out on the Internet. Is this some evil worm? Sure wish I could figure out WHICH program told my workstation to open this link. Well, of course, as my workstation is running XP, I can with the -ao switch. The output (excerpted) now looks like
Proto Local Address Foreign Address State PID ...
TCP GX240:1844 64.4.13.224:1863 ESTABLISHED 2132
Ah, there's the culprit -- whatever's running on process ID 2132. But how do I find out what that is? With another XP command-line command, tasklist. I could just run tasklist and pick out the program with PID 2132, but here's a way to get a somewhat cleaner output, using tasklist's "/fi" (filter) command. I'd type
tasklist /fi "pid eq 2132"That would yield this output:
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
msmsgs.exe 2132 Console 0 3,848 KAha! "msmsgs" is Windows Messenger. It keeps a line open to a Microsoft server so that if someone wants to establish a Messenger session with me then my system will know to respond.
Use XP's New Netstat and Tasklist To Find Out Who's Talking To Your Computer
Here's a neat feature that I really like about XP: Netstat's new -o option.
If you don't know Netstat, then you should. It reports to you all of the network connections that your system has open at the moment. I used to use it with the -a option. -a says to show all network connections. The new -o option says to identify the process ID ("PID") of the program that started that connection. For example, under Windows 2000 I might have typed netstat -a and gotten a line like this in the output:
TCP GX240:1844 64.4.13.224:1863 ESTABLISHED
Unraveled, this line says that my workstation (GX240) is connected via port 1844 to some system at 64.4.13.224. Hmmm, I'd say, what's going on here? I don't remember agreeing to open up a link to someone out on the Internet. Is this some evil worm? Sure wish I could figure out WHICH program told my workstation to open this link. Well, of course, as my workstation is running XP, I can with the -ao switch. The output (excerpted) now looks like
Proto Local Address Foreign Address State PID ...
TCP GX240:1844 64.4.13.224:1863 ESTABLISHED 2132
Ah, there's the culprit -- whatever's running on process ID 2132. But how do I find out what that is? With another XP command-line command, tasklist. I could just run tasklist and pick out the program with PID 2132, but here's a way to get a somewhat cleaner output, using tasklist's "/fi" (filter) command. I'd type
tasklist /fi "pid eq 2132"That would yield this output:
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
msmsgs.exe 2132 Console 0 3,848 KAha! "msmsgs" is Windows Messenger. It keeps a line open to a Microsoft server so that if someone wants to establish a Messenger session with me then my system will know to respond.
binscut 2002-10-18
- 打赏
- 举报
我已经找到工具了,在
http://it.rising.com.cn/safety/syjq/fhzq/020614checkport.htm
http://it.rising.com.cn/safety/syjq/fhzq/020614checkport.htm
binscut 2002-10-17
- 打赏
- 举报
有什么办法是什么程序在用这些端口?
holyoe 2002-10-16
- 打赏
- 举报
Netstat -A
FTP端口:21;
TELNET端口23
SMTP端口25
DNS端口53
HTTP端口80
POP3端口110
WINDOWS中开放的端口:139;
除此之外,若还有其他端口开放,就应引起重视,进一步判断是否为木马入侵。以下列出几个流行的木马所使用的通信端口有的木马端口可以重定义下面只是其默认端口
BO31337YAI1999DEEP THROAT21403150NETBUS12345冰河7626SUB7124327374
FTP端口:21;
TELNET端口23
SMTP端口25
DNS端口53
HTTP端口80
POP3端口110
WINDOWS中开放的端口:139;
除此之外,若还有其他端口开放,就应引起重视,进一步判断是否为木马入侵。以下列出几个流行的木马所使用的通信端口有的木马端口可以重定义下面只是其默认端口
BO31337YAI1999DEEP THROAT21403150NETBUS12345冰河7626SUB7124327374
