What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

More exploit files ...

How to Look for Vulnerabilities

Now let's start someplace where you are unlikely to get punched in the nose by looking at some ports on your own computer. You can do this by typing 'netstat -a' at the command prompt.

You should see something such as:

Active Connections

Proto Local Address       Foreign Address     State
TCP   localhost:1027           LISTENING
TCP   localhost:135           LISTENING
TCP   localhost:135           LISTENING
TCP   localhost:1026           LISTENING
TCP   localhost:1026      localhost:1027      ESTABLISHED
TCP   localhost:1027      localhost:1026      ESTABLISHED
TCP   localhost:137           LISTENING
TCP   localhost:138           LISTENING
TCP   localhost:nbsession           LISTENING
UDP   localhost:135       *:*
UDP   localhost:nbname    *:*
UDP   localhost:nbdatagram *:*

Hhhmm...nothing much going on here. The 'Local Address' (ie, my local machine) seem to be listening on ports 135, 137, 138, and 'nbsession' (which translates to port 139...type 'netstat -an' to see just the port numbers, not the names of the ports). This is okay...those ports are part of Microsoft networking, and need to be active on the LAN my machine is connected to.

Now we connect our Web browser to ttp://www.happyhacker.org and at the same time run Windows telnet and connect to a shell account at example.com. Let's see what happens. Here's the output of the 'netstat -a' command, slightly abbreviated:

Active Connections

Proto Local Address     Foreign Address     State
TCP   localhost:1027           LISTENING
TCP   localhost:135           LISTENING
TCP   localhost:135           LISTENING
TCP   localhost:2508           LISTENING
TCP   localhost:2509           LISTENING
TCP   localhost:2510           LISTENING
TCP   localhost:2511           LISTENING
TCP   localhost:2514           LISTENING
TCP   localhost:1026           LISTENING
TCP   localhost:1026    localhost:1027      ESTABLISHED
TCP   localhost:1027    localhost:1026      ESTABLISHED
TCP   localhost:137           LISTENING
TCP   localhost:138           LISTENING
TCP   localhost:139           LISTENING
TCP   localhost:2508    zlliks.505.ORG:80   ESTABLISHED
TCP   localhost:2509    zlliks.505.ORG:80   ESTABLISHED
TCP   localhost:2510    zlliks.505.ORG:80   ESTABLISHED
TCP   localhost:2511    zlliks.505.ORG:80   ESTABLISHED
TCP   localhost:2514    example.com:telnet  ESTABLISHED

So what do we see now? Well, there are the ports listening for Microsoft networking, just like in the first example. And there also are some new ports listed. Four are connected to 'zlliks.505.org' on port 80, and one to 'example.com' on the telnet port. These correspond to the client connections that I set up. See, this way you know the name of the computer that was running the happy Hacker Web site at this time.

But what is with the really high port numbers? Well, remember the
'well-known' ports that we talked about above? Client pplications, such as browsers and telnet clients (clients are programs that connect to servers) need to use a port to receive data on, so they randomly select ports from outside the 'well-known' port range... above 1024. In this case, my browser has opened up four ports...2508 through 2511.

More exploit files-->> 

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group


Return to the index of Guides to (mostly) Harmless Hacking!

 © 2013 Happy Hacker All rights reserved.