|
|
Monday, June 14, 2010
Two Windows Command Iterations I Had Forgotten About - netstat and tasklist
Yeah, I hear you now. There is no way you forgot about netstat. You would be correct. However, there is an iteration of netstat that I have either never done, or have not done in sufficiently long enough ago to have forgotten its use.
The command is shown below along with some output.
C:\Documents and Settings\dpitts>netstat -anbov
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 180
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\inetsrv\ISATQ.dll
C:\WINDOWS\system32\inetsrv\INFOCOMM.dll
C:\WINDOWS\system32\inetsrv\SMTPSVC.dll
C:\WINDOWS\system32\inetsrv\INFOCOMM.dll
C:\WINDOWS\system32\inetsrv\SMTPSVC.dll
C:\WINDOWS\system32\inetsrv\INFOCOMM.dll
C:\WINDOWS\system32\inetsrv\SMTPSVC.dll
[inetinfo.exe]
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 180
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\inetsrv\ISATQ.dll
C:\WINDOWS\system32\inetsrv\INFOCOMM.dll
C:\WINDOWS\system32\inetsrv\w3svc.dll
C:\WINDOWS\system32\inetsrv\INFOCOMM.dll
C:\WINDOWS\system32\inetsrv\w3svc.dll
C:\WINDOWS\system32\inetsrv\INFOCOMM.dll
[inetinfo.exe]
...
(takes a couple minutes to run - your milage may vary)
This is showing me the current active open ports. As you can see, ports 25 and 80 are open to the world (0.0.0.0). The lines showing the dll’s are the processes that are running that are a part of the process inside the square brackets [] that is the service that is running - inetinfo.exe in both cases shown above. Off to the right is the process ID (PID).
This brings me to my second command - tasklist /svc.
C:\Documents and Settings\dpitts>tasklist /svc
Image Name PID Services
========================= ====== =============================================
inetinfo.exe 180 IISADMIN, SMTPSVC, W3SVC
This tells me I have 3 services running as part of inetinfo.exe on PID 180 - IISADMIN, SMTPSVC, W3SVC
Now to figure out how to use these commands in a productive way.
Page 1 of 1 pages
