Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool! If you want to have your computer scanned for open ports see this page instead (link will follow shortly).

Open Command Prompt and type:

C:'WINDOWS>netstat -an |find /i "listening"
TCP   0.0.0.0:135   0.0.0.0:0   LISTENING
TCP   0.0.0.0:445   0.0.0.0:0   LISTENING
TCP   0.0.0.0:1025   0.0.0.0:0   LISTENING
TCP   0.0.0.0:1084   0.0.0.0:0   LISTENING
TCP   0.0.0.0:2094   0.0.0.0:0   LISTENING
TCP   0.0.0.0:3389   0.0.0.0:0   LISTENING
TCP   0.0.0.0:5000   0.0.0.0:0   LISTENING

You can redirect it to a text file by adding >c:'openports.txt to the command, if you want to:

netstat -an |find /i "listening" > c:'openports.txt

netstat -an |find /i "listening" > c:'openports.txt

You can also change "listening" to "established" to see what ports your computer actually communicates with:

C:'WINDOWS>netstat -an |find /i "established"
    TCP   192.168.0.100:1084   192.168.0.200:1026   ESTABLISHED
    TCP   192.168.0.100:2094   192.168.0.200:1166   ESTABLISHED
    TCP   192.168.0.100:2305   209.211.250.3:80   ESTABLISHED
    TCP   192.168.0.100:2316   212.179.112.230:80   ESTABLISHED
    TCP   192.168.0.100:2340   209.211.250.3:110   ESTABLISHED

Note: In Windows XP and Windows Server 2003, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection:

C:'WINDOWS>netstat -ao |find /i "listening"
TCP   pro1:epmap   pro1.dpetri.net:0   LISTENING   860
TCP   pro1:microsoft-ds   pro1.dpetri.net:0   LISTENING   4
TCP   pro1:1025   pro1.dpetri.net:0   LISTENING   908
TCP   pro1:1084   pro1.dpetri.net:0   LISTENING   596
TCP   pro1:2094   pro1.dpetri.net:0   LISTENING   596
TCP   pro1:3389   pro1.dpetri.net:0   LISTENING   908
TCP   pro1:5000   pro1.dpetri.net:0   LISTENING   1068

You can use PULIST from the W2K Resource Kit (Download Free Windows 2000 Resource Kit Tools) to find the PID and see what process uses it and who started it. For example, you found out that your computer had an open connection to a remote IP address on TCP port 80, and you don't have any Internet Explorer or other browser windows open. You want to find out what process is using that session.

C:'WINDOWS>netstat -no

Active Connections

Proto Local Address Foreign Address State PID
TCP   192.168.0.100:2496   212.179.4.7:80   ESTABLISHED   1536

You can then use PULIST with the FIND command:

C:'WINDOWS>pulist |find /i "1536"

Process   PID   User
LUCOMS~1.EXE   1536   DPETRI'danielp

In this case, LUCOMS~1.EXE is run by DANIELP (myself) and as it happens, it's the Symantec Live Update process.

You can also look in Task Manager for the respective PID.

1. To set up Task Manager to show the PID column open Task Manager by using CTRL+SHIFT+ESC.
2. Go to the Processes tab, click View and then Select Columns.

1. In the Select Columns windows click to select PID and then click Ok.

1. You can sort the PID column to display the PIDs in descending or ascending order.

Notes

Document Title
Getting Support for Form Types in a Remote Output Queue (RMTOUTQ)

Document Description
When printing operating system spooled files to a LAN attached printer using a Remote Output Queue (RMTOUTQ), you will not normally receive message CPA3394 - Load form type '&4' device &5 writer &1 when the form type changes.

Getting Support for Form Types on One or More Remote Output Queues

Remote writers can support form types; however, you must start the writer with the message option set to *INQMSG (so you get an inquiry message whenever the form type changes) or change the writer after it has started. To start the writer with form type support, use the following operating system command:

STRRMTWTR OUTQ(remote-outq-name) FORMTYPE(*ALL *INQMSG)

To change an existing writer to have form type support, use the following operating system command:

CHGWTR WTR(remote-outq-name) FORMTYPE(*ALL *INQMSG)

After you have done either of these, you will receive message CPA3394 - Load form type '&4' device &5 writer &1 in the writer's message queue whenever the form type changes. However, if the writer ends and restarts automatically or manually without specifying FORMTYPE(*ALL *INQMSG), you will no longer receive message CPA3394.

Getting Support for Form Types on All Remote Output Queues

To get form type support on all of your remote output queues each time they are started, you can change the Start Remote Writer (STRRMTWTR) command to specify FORMTYPE(*ALL *INQMSG), rather than FORMTYPE(*ALL *NOMSG). That way, you will get form type support unless the STRRMTWTR command is specifically overridden to not support form types. This can be done by copying the command to another library that is higher in the library list than QSYS and then bby using the following operating system command:

CHGCMDDFT CMD(cmd-library/STRRMTWTR) NEWDFT('FORMTYPE(*ALL *INQMSG)')

Note: You can use the Change Command Default (CHGCMDDFT) command on the STRRMTWTR command that is in library QSYS, but there are two potential dangers with this, namely:

1.	If you install a newer version of the operating system or reinstall the current version of the operating system, your changes to the STRRMTWTR command will be replaced by the settings as shipped by IBM.
2.	If you make an error when changing the command defaults for a command, you can cause that command to fail every time it is run. Therefore, in this case, you might not be able to get remote writers started again without changing the command defaults back or restoring the STRRMTWTR command from your installation media.

Note: Another option is to use the LPR Print Driver (TSPLPRD) utility in a *LAN 3812 device description. This is an unsupported utility that provides the function of sending spooled files from an output queue to an ASCII printer that is attached to an LPD server. This is a similar function to what is provided using Remote Output Queues (RMTOUTQs), but it differs because this driver exit program is specified on a printer device description. Thus, it can make use of information specified about the printer in the device description that is not available on a remote output queue. Also, because it uses LPR within a printer writer, it supports page ranges, multiple copies and form types, yet it can be used with any printer that currently uses a RMTOUTQ including dot matrix and line printers.

For additional information on using the LPR Print Driver (TSPLPRD) utility, refer to the following Rochester Support Center knowledgebase document:

18762910, Configuring a *LAN 3812 Device Description that Uses the LPR Print Driver (TSPLPRD) Exit Program:

For additional information on the capabilities and limitations of RMTOUTQs and *LAN 3812 printer device descriptions, refer to the following Rochester Support Center knowledgebase documents:

14143423, Capabilities and Limitations of Remote Output Queues (RMTOUTQs):
412453666, Capabilities and Limitations of *LAN 3812 Printer Device Descriptions:

Notes

forward a port on the ASA 5505 running version 8.3 from the CLI.  Some of you prefer to use the ASDM to do you changes, so I guess I'll show you how to do it from there.  The ASDM is a bit of a learning curve for someone that's used to the CLI, and most CLI guys hate a GUI with a great passion.  I can go either way.  I use the ASDM to make some changes simply because I want to learn it and there's some guys coming into the field today that were taught on the GUI rather than a command line.

In this lesson I'm using ASDM version 6.3(1) and ASA version 8.3(1).  Since we added a  web server in the last post, let's make this one an FTP server.  The FTP server's IP is the same as the web server, 10.9.8.7/24 and we're running over the standard FTP port, 21.

First off, we want to start up the ASDM and connect to the ASA.  Once there, click on the button at the top of the screen, then the button near the bottom left, and finally select near the top left.  You'll now be at a screen that looks something like this:

Click for larger version

Now we need to create a new object, so click on "Add" under Addresses, then "Network Object".
Now we need to fill out our new window.  Once you fill out the name, IP address and description, you need to drop down the NAT box and fill it out.  Click the "Add Automatic Address Translation Rules" box, leave the type as "static" and set the translated address as the outside interface.
We now need to go to the Advanced menu from the Add Network Object window and setup the port forwarding.  The source will be inside, destination is outside.  Protocol in this instance is TCP and our port is 21, both real and mapped.
Click "OK" twice and your object will be created as well as the port forward.  Now we just need to add the access rule.  On the left side of the screen, just above the NAT Rules is your Access Rules. From there we want to click "Add" and "Access Rule".
We need to create the rule on the outside interface, coming from any IP to the FTPServer using FTP as the service.
Once you click OK, your rule is added.  You don't have to add a description like I did in the image above this one, I just did that for the hell of it.  When you click "Apply" at the bottom of the screen, the ASDM will issue the commands to the ASA.  I have preview turned on, so I can always see what commands are being sent to the device before they are actually sent.  If you followed all the steps above and you have preview turned on, you'll see the following:
And you'll notice that those are the exact 4 commands that I gave in the last post about doing it from the CLI!  Now you can forward any port you want from either the CLI or the ASDM!

On a side note, I know a lot of guys hate the ASDM.  When I was writing this post and going through all of this I was kinda upset when I saw that I had 10 pictures for 4 lines of code.  The good thing about the ASDM is that you have everything right there at your disposal and you really don't need to know the vernacular of IOS.  The drawback is that it will take you longer to get things done at first, but once you get used to it, it can be just as fast.

Notes

Nice Hack

Nice!