CMIT 265 Name:_______________________ TCP Ports Close your web browser. and any other network applications you or hackers have installed on your computer. In CMD do 'netstat', which by itself lists TCP connections. There probably won't be any established connections. (Firefox and VMware makes some connections to itself on the same host, ignore those, only look at "Foreign address" that are not localhost) Notice that the "Foreign address" might be truncated to fit that column's width, so run: 'netstat -f' If there are any connections, paste them here: _____________________________________________ Open a web browser, go to the class web site. Do netstat again, what connection(s) have been made: (if nothing new, Refresh browser and netstat until you catch it) _______________________________________________ _______________________________________________ _______________________________________________ What well-known port at the server is being used:_______ What ephemeral port(s) on your system is/are being used:_______ netstat -o to see the PID of the associated process. Open Task Manager (Ctrl Shift Esc), Processes tab (8: Details tab), (XP/7: if PID column is not shown then in View | Select columns... check on PID) Look up that PID in the processes list. What program ("[Image] Name") is it:__________________________ (If the previous connection has timed out, reopen a connection by clicking a link at the web site, or Refresh/Reload.) netstat by default shows DNS names and port names instead of IP addresses and port numbers. The -n option shows the numerics. Do the same with netstat -n What well-known port on the server is being used:_______ (If the previous connection timed out, reopen a connection by clicking a link at the web site.) netstat 1 so it displays continuously once per second, notice that the Established connections change to Close_wait, Fin, Time_wait and other states and eventually disappear (you might not catch these other states in the snapshots that netstat is taking). The HTTP web protocol is not persistent, a connection is established to reliably transfer a web page or an image, then is torn down. ************************************************************* netstat -a -p tcp shows connections and TCP "listeners", i.e. servers that are waiting for connection requests from clients. What are the names and well-known port numbers (-n) of these listeners on your host: _______________________________________________ _______________________________________________ _______________________________________________ Use the -o option to see the PID of the listening processes. Use Task Manager to find the program names of these processes: (some of these are Windows networking processes) _______________________________________________ _______________________________________________ _______________________________________________ Run 'netstat 1' in one CMD. In another CMD continuously ping -t your default gateway. Is a connection established for the pings?:_____ (ICMP does not use TCP, so no connecting, no ports are used.) ipconfig /release releases the host's IP configuration lease. Do it. Verify that your host no longer has its IP configuration, although it might fallback to the APIPA Autoconfig network 169.254.*.* Run 'netstat 1' in one CMD. In another CMD do: ipconfig /renew which will go thru the DHCP process to get a new lease from a DHCP server. Is a connection established for the DHCP process?:_____ (DHCP uses UDP instead of TCP. UDP does not establish a connection, although it does use ports [separate from TCP's ports.) ************************************************************* /windows/system32/drivers/etc/services is the file that every IP host is supposed to have that contains a list of the well-known ports. Look at it to find out what service/protocol uses port 1812:_______________ What is the name and port of the Border Gateway Protocol (the routing protocol that is used in the Internet backbones):____________________ What port 'doom' supposedly uses:_______________ What are the names and aliases of the service that listens at TCP port 80: ___________________________________ ********* optional SKIP **************************************************** Running a (simple) server. If you have Java JDK and a Java programming IDE like JCreator installed. A networking client and server software can be as simple as these small programs. Download the SimpChatServer.java from the class web site. Start JCreator from the desktop. Open SimpChatServer.java in it. Run | Run file In the General Output pane should be "Server waiting..." netstat -a -p tcp What port is this SimpleChatServer listening on:_______ Work with your neighbor: unless Windows Firewall prevents this, then do both on your own computer. Download the SimpChatClient.java from the class web site. Open it in JCreator. Run | Run file Input the IP address of your neighbor. Do some chatting. Both of you can be running a server and a client that connects to your neighbor's server. If the firewall prevents this, run both the server and client on the same computer. netstat -n What ephemeral port is your client using for this connection:_____ netstat -o -n What is the PID and what program is that:____________________ ********* END SKIP ****************************************************