Use Netstat to Discovery Listening Ports

A recent troubleshooting exercise got me to thinking about a useful tool that you can use to check what ports are listening on your Windows computer. The problem I was having had to do with the VMware server remote console not working. The VMware Server is running on Windows Server 2003 x64 edition. The first thing I checked was the Windows Firewall. It said that there was an exception configured for VMware Remote on TCP port 8333. However, I wasn’t able to connect the VMware remote console to the VMware server.

I thought maybe there was a problem with a VMware remote listener service not working, so I checked the Services applet. I didn’t find anything that suggested a service not starting. I then ran the netstat -nab command and found that there were VMware services listening on multiple ports. One of the ports was TCP 8333, but there were other ports, such as TCP 902 and TCP 912.

Since netstat gave me some hints, I was able to run a query on google:

VMware “virtual server” “remote console” 902

I got lucky, since I used 902 first. A Web page came up showing the default port used by the remote console for VMware Virtual Server, which is TCP port 902. I created an exception for TCP port 902 in the Windows Firewall and BAM! everything worked great.

When you run the netstat command with the -nab switch, you get information about what TCP and UDP ports the machine is listening on. You also get information about what PID (Process ID) and service is using the port. For example:

C:\Documents and Settings\Administrator>netstat -nab

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 676
RpcSs
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:902 0.0.0.0:0 LISTENING 1352
[vmware-authd.exe]

TCP 0.0.0.0:912 0.0.0.0:0 LISTENING 1352
[vmware-authd.exe]

TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 436
[lsass.exe]

TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 2104
TermService
[svchost.exe]

TCP 0.0.0.0:8222 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:8333 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING 2200
[alg.exe]

TCP 192.168.138.1:139 0.0.0.0:0 LISTENING 4
[System]

TCP 192.168.1.1:139 0.0.0.0:0 LISTENING 4
[System]

TCP 192.168.111.1:139 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:912 127.0.0.1:1050 ESTABLISHED 1352
[vmware-authd.exe]

TCP 127.0.0.1:912 127.0.0.1:1038 ESTABLISHED 1352
[vmware-authd.exe]

TCP 127.0.0.1:912 127.0.0.1:1039 ESTABLISHED 1352
[vmware-authd.exe]

TCP 127.0.0.1:912 127.0.0.1:1046 ESTABLISHED 1352
[vmware-authd.exe]

TCP 127.0.0.1:912 127.0.0.1:1049 ESTABLISHED 1352
[vmware-authd.exe]

TCP 127.0.0.1:912 127.0.0.1:1047 ESTABLISHED 1352
[vmware-authd.exe]

TCP 127.0.0.1:1038 127.0.0.1:912 ESTABLISHED 2252
[vmware-vmx.exe]

TCP 127.0.0.1:1039 127.0.0.1:912 ESTABLISHED 2012
[vmserverdWin32.exe]

TCP 127.0.0.1:1046 127.0.0.1:912 ESTABLISHED 1372
[vmware-vmx.exe]

TCP 127.0.0.1:1047 127.0.0.1:912 ESTABLISHED 2012
[vmserverdWin32.exe]

TCP 127.0.0.1:1049 127.0.0.1:912 ESTABLISHED 244
[vmware-vmx.exe]

TCP 127.0.0.1:1050 127.0.0.1:912 ESTABLISHED 2012

Next time you’re having connectivity issues or want to do a quick network security audit on a Windows host, remember to check out the netstat command.

HTH,

Tom

Thomas W Shinder, M.D.
Site: http://www.isaserver.org/

Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to 
http://tinyurl.com/2gpoo8
Email: [email protected]
MVP – Microsoft Firewalls (ISA)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top