CMIT 265 Name:_______________________ TCP Ports Close your web browser. and any other network applications you or hackers have installed on your computer. In CMD do 'netstat', which by itself lists TCP connections. There may or may not be any ESTABLISHED connections. (Firefox and VMware makes some connections to itself on the same host, ignore those, only look at "Foreign Address" that are not localhost or the name of your computer) Ignore any connections whose "Local Address" is a loopback address. Ignore TIME_WAIT etc, these are connections that are being torn down. Notice that the "Foreign Address" might be truncated to fit that column's width, so run: 'netstat -f' If there are any Established connections, paste them here: _____________________________________________ Open a web browser, go to the class web site. Do netstat again, what connection(s) have been made: (if nothing new, Refresh browser and netstat until you catch it) _______________________________________________ What well-known named port at the server is being used:_______ What ephemeral port on your system is being used:_______ Staying in the web browser, go to the web server on our network's Linux server at 192.168.200.130 Do netstat again, what connection has been made: (if nothing new, Refresh browser and netstat until you catch it) _______________________________________________ What well-known named port at the server is being used:_______ What ephemeral port on your system is being used:_______ Moral of this exercise: each web connection is a separate connection. netstat -o to see the PID of the associated process. Open Task Manager (Ctrl Shift Esc), Details tab, Look up that PID in the processes list. What program ("[Image] Name") is it:__________________________ (If the previous connection has timed out, reopen a connection by clicking a link at the web site, or Refresh/Reload.) netstat by default shows DNS names and port names instead of IP addresses and port numbers. The -n option shows the numerics. Do the same with: netstat -n What well-known port on the server is being used:_______ (If the previous connection timed out, reopen a connection by clicking a link at the web site.) netstat 1 so it displays continuously once per second, (or add the -n option to eliminate the DNS lookup) notice that the Established connections change to Close_wait, Fin, Fin_Ack1, Time_Wait and other states and eventually disappear (you might not catch these other states in the snapshots that netstat is taking). The HTTP web protocol is not persistent, a connection is established to reliably transfer a web page or an image, then is torn down. netstat -a -p tcp shows connections and TCP "listeners", i.e. servers that are waiting for connection requests from clients. Local Address is 0.0.0.0 or your IP. What are the well-known ports of these listeners on your host: _______________________________________________ _______________________________________________ _______________________________________________ Use the -o option to see the PID of the listening processes. Use Task Manager to find the program names of these processes: (some of these are Windows networking processes) _______________________________________________ _______________________________________________ _______________________________________________ Open another CMD and do 'telnet 192.168.200.254' Logon to the switch. In the other CMD do 'netstat' and paste the line pertaining to this telnet connection: ____________________________________________ What ephemeral port on your system is being used:_______ Do the same with netstat -n ____________________________________________ What well-known named port on the server is being used:_______ Do the same with netstat -o ____________________________________________ What is the PID of the process using that ephemeral port:_____ What program ("[Image] Name") is it:__________________________ Logoff the switch (closing the CMD window). Login again. What ephemeral port on your system is being used this time:_______ The system typically just increments the ephemeral ports. Logout. Run 'netstat 1' in one CMD. (or add the -n option to eliminate the DNS lookup) In another CMD continuously ping -t our default gateway. Is a connection established for the pings?:_____ (ICMP does not use TCP, so no connecting, no ports are used.) ipconfig /release releases the host's IP configuration lease. Do it. Verify that your host no longer has its IP configuration, although it might fallback to the APIPA Autoconfig network 169.254.*.* Run 'netstat 1' in one CMD. In another CMD do: ipconfig /renew which will go thru the DHCP process to get a new lease from a DHCP server. Is a connection established for the DHCP process?:_____ (DHCP uses UDP instead of TCP. UDP does not establish a connection, although it does use ports [separate from TCP's ports.) /Windows/System32/drivers/etc/services is the file that every IP host is supposed to have that contains a list of the well-known ports. Open it in Notepad to find out what service/protocol uses port 1812:_______________ What is the name and port of the Border Gateway Protocol (the routing protocol that is used in the Internet backbones):____________________ What port 'doom' supposedly uses:_______________ What are the names and aliases of the service that listens at TCP port 80: ___________________________________ What are the so-called simple services at ports 7:_____ 13:_______ 17:_______ 19:_______ UDP port 123 is what service:___________ UDP port 137 and 138 is what service:___________ ********* SKIP **************************************************** Using Windows Explorer go to \\it0003342 (ignore the password request) What IP address and port number and name has your system connected with: ____________________________ What ephemeral port(s) is your system using for this connection(s): ____________________________ ********* END SKIP **************************************************** ********* SKIP **************************************************** Running a (simple) server. Download the SimpChatServer.java from the class web site. Start JCreator from the desktop. Open SimpChatServer.java in it. Run | Run file In the General Output pane should be "Server waiting..." netstat -a -p tcp What port is this SimpleChatServer listening on:_______ Work with your neighbor: unless Windows Firewall prevents this! Download the SimpChatClient.java from the class web site. Open it in JCreator. Run | Run file Input the IP address of your neighbor. Do some chatting. Both of you can be running a server and a client that connects to your neighbor's server. If the firewall prevents this, run both the server and client on the same computer. netstat -n What ephemeral port is your client using for this connection:_____ netstat -o -n What is the PID and what program is that:____________________ ********* END SKIP **************************************************** Turn on Windows "simple TCP/IP services" Start | Windows System | Control Panel | Programs and Features | ... | Turn Windows features on or off | Simple TCPIP services (i.e. echo, daytime etc.) Then in Services (e.g. Task Manager|Services|Open Services), Start the "Simple TCP/IP Services" service. netstat -a to see them LISTENING What is the program running these services:_______________ (based on its PID) What is the Windows service name:_______________ Echo, port 7 Discard, port 9 Character Generator, port 19 Daytime, port 13 Quote of the Day, port 17 telnet localhost 13 telnet localhost 17 telnet localhost 7 interactively type characters, each is "echoed". Ctrl+] and then quit. telnet localhost 19 spew of characters. Ctrl+] to quit. telnet localhost 9 it discards you. Ctrl+] to quit. Windows 10 Firewall allow these Simple Services from other hosts: Control Panel | Windows Firewall | Advanced settings | Inbound | New Rule | ... Rule Type: Port | TCP & Specific local ports: 7, 9, 13, 17, 19 | Next Next Next... Name it maybe "TCP simple services 7 9 13 17 19"