M86 Security Knowledge Base

Home » Knowledgebase » MailMarshal SMTP » INFO: What is NETSTAT?

INFO: What is NETSTAT?

Expand / Collapse
 

INFO: What is NETSTAT?


This article applies to:

  • Firewall Suite 4.x
  • MailMarshal SMTP
  • Security Reporting Center 2.x
  • WebMarshal

Question:

What is NETSTAT?

Information:

You can use the NETSTAT command to check the operation of local ports to see if they are configured properly and if they are receiving data.

You can access a wealth of helpful information about the NETSTAT utility from the Help utility on your Microsoft Windows workstation or server. This information can be found by clicking START | HELP | INDEX and by entering the keyword netstat.

Port

Protocol

NETSTAT - WinNT

NETSTAT - UNIX

21

FTP

netstat -an 1 | findstr 21

netstat -an 1 | grep 21

25

SMTP

netstat -an 1 | findstr 25

netstat -an 1 | grep 25

53

DNS (Note 1)

netstat -an 1 | findstr 53

Netstat -an 1 | grep 53

80

HTTP

netstat -an 1 | findstr 80

netstat -an 1 | grep 80

99

WebTrends Remote Reporting

netstat -an 1 | findstr 99

netstat -an 1 | grep 99

110

POP3

netstat -an 1 | findstr 110

netstat -an 1 | grep 110

137

WINS (NOTE 1)

netstat -an 1 | findstr 137

netstat -an 1 | grep 137

514

SYSLOG

netstat -an 1 | findstr 514

netstat -an 1 | grep 514

18184

OPSEC LEA

netstat -an 1 | findstr 18184

netstat -an 1 | grep 18184

Note 1: Computers utilize port 137 for WINS resolution. If you notice port 137 activity during the SRC reporting process, you will know WINS resolution is enabled on the local machine. Marshal reporting products do not utilize that port and cannot be configured to do so. If WINS resolution is enabled, the resulting reports will display machine names instead of IP addresses or URLs.

WINS is the acronym for Windows Internet Naming Service, Microsoft's extension of the NetBIOS name resolution scheme.

DNS is the acronym for Domain Name Service, a name resolution scheme that originated with the Berkeley version of Unix. DNS is used throughout the Internet for host-name resolution and is a constantly evolving protocol. Along with host-name resolution, it helps in e-mail routing and other TCP/IP-based application services. The most popular Unix-based implementation of DNS is the Berkeley Internet Name Daemon, or BIND.

Security Reporting Center utilizes DNS (and port 53) exclusively for host-name resolution. MailMarshal SMTP uses DNS port 53 TCP and UDP.

Once you type the command, look for a response:

  • If nothing appears, the port is not being utilized.
    • If you are checking the response from a Marshal product, check to see if the appropriate service is running. If it is, you may need to restart the server computer and run NETSTAT again.

  • If the word "ESTABLISHED" appears, then the port is configured properly and it is receiving data.

  • If the words "TIME-WAIT" appear, the port is configured properly but it is not receiving data. In the case of ports 514 or 18184 (used to establish communications between the Security Reporting Center firewall product and the firewall itself), it means the firewall is not sending data to the port.

This article was previously published as:
NETIQKB2609


Rate this Article:
     
Tags:

Add Your Comments


Name: *
Email Address:
Web Address:
   
 
 
 
 
   
Verification Code:
*
 

Details
Article ID: 10875
Last Modified: 3/5/2008
Type: INFO
Rated 3 stars based on 24 votes.
Article has been viewed 18,069 times.
Options

Execution: 0.047. 12 queries. Compression Disabled.
Powered by InstantKB.NET