Figuring Out What IP Addresses and Ports a Program is Accessing

September 08, 2020

In this new interconnected world every program uses different ports to connect to the internet, here we want to go through how programs connect to the internet while any device has only one ip address attributed to them, also how we can have access to viewing these ports. Then we will discuss what the roles of the these IP addresses and ports are in general and why we should be concerned what ports are used by what programs.

what ports is my program using?

How Do Applications Connect to The Internet

As you might know each device connecting to a router at a time should have a unique ip address asigned to it. This is true for any network and even the internet. But the routers have a built in features such as NAT that automatically translates local ip addresses to internet ip addresses. But how can we open so many tabs on a single browser and have them respond to the single IP address provided to our device?

This is where ports come into play, because there are so many different applications that need access to the network simultaneously, ports are used for each of these applications to facilitate a good connection. This is essentially why we can open two different tabs at the same time with no problem. Because the IP address stays the same but the port number changes for each of the different tabs we are trying to access. These port numbers are paired with an IP address which create a socket , these sockets are then passed in the fourth layer of the OSI model and are creating thus a part of the whole network model.

How Ports Function and Why it Matters

As we discussed it before essentially ports are one of the main parts of the 7 layered OSI model or the fourth layer of the TCI-IP model which is used by all of the equipment functionening today. This ports let a single application connect to the network but this is precisely why this matters. These applications use default ports by design so there is no overlap between them, for example browsers use 80 for the http protocol. It is better to say that the protocols that these application are using to connect to the network use default port numbers.

well known ports

But what happens why you are not looking? Well these default ports are mostly open all the time and listening, so when some party over the network gives them a request for connection they will automatically connect. And thus providing a connection to the other part. This is how hackers and other malicious agents can try and infiltrate a system. Because of the fact that these ports are always open and listening, just the knowledge of an open port can provide hackers with the means to connect to one of these ports. Although not all protocols are at risk here because of the security measures each of them has in place in them by desing. Many protocols such as RDP have been identified to be used by malicious agents and be exploitable by them. So you may want to know what is going on when these ports are open and listening so malicious activity can be detected, but how is this possible?

How to View Open Ports in Windows

By now you understand how ports function and what their role is but how can we view ports in windows and see what application are using what ports? The netstat program can be used for this .At the command prompt with administrator rights, enter:

netstat -a -b

This gives you a list of all connections used. Local ip addresses and remote ip addresses that the application is connected to, it also gives you a list of statuses of the different. The twi function are used because: -a displays all connections and -b displays the name of the exe files that are using the port so you know what application is using what port at any time. Also to know what ports are used you can also check out the TCPView tool provided by microsoft which also gives you a good view of the programs and their respective port numbers.

netstat command

Conclusion

We discovered how IP addresses are distributed and translated in local networks, then we discussed what ports are and how they are used in the network. Then we discussed how open ports can be abused by malicious agents and then we got to the meat of the discussion. Where we provided you with a way to view these open ports and how to see them in action. But there is also the discussion that how can we close these ports? This can be easily done by the windows firewall by providing a rule in it that can close a certain incoming or outgoing port with it's protocol. There is also the discussion about source and destination ports which is much bigger than the scope of this article. We wish you have gotten some useful information from this article and if you want you can follow our blog for more discussions about network monitoring every week.