很有可能您遇到过这篇文章,因为您尝试运行的应用程序抱怨“端口”被阻止,或者您已经了解在网络上保持某些“端口”打开可能是一个安全问题.
无论哪种方式,在本文结束时,您不仅会知道每个人都在处理的这些端口是什么,而且还会知道如何检查您的计算机以找到打开或关闭的端口。
什么是网络端口?(What Is a Network Port?)
您应该知道的第一件事是我们在这里提到的端口是虚拟(virtual)的。它与路由器、电视、控制台或计算机上的物理网络硬件端口无关。端口只是您的网络硬件和软件组织信息流量的一种方式。
想想道路上的预留车道。人行道是供行人使用的。可能有专门的自行车道。拼(Carpool)车和公共汽车也有自己的车道。端口具有相同的功能。一个端口可能用于接收电子邮件,而另一个端口则承载文件传输请求或网站流量。
有两种常见的端口类型,在我们继续检查系统上哪些端口是打开的,哪些没有打开之前,需要对它们进行简要说明。
什么是 TCP 和 UDP 端口?(What Are TCP & UDP Ports?)
现代网络上两种常见的端口类型称为TCP和UDP端口。分别是传输控制协议(Transmission Control Protocol)和用户数据报协议(User Datagram Protocol )。所以这两种端口类型使用不同的网络协议。
您可以将其视为关于如何发送和接收信息位的独特规则集。这两种端口类型都建立在使互联网和家庭网络正常工作的基本(work)互联网协议(Internet Protocol)(IP) 之上。但是,它们适用于不同的应用。
最大的区别在于,当您通过UDP发送信息时,发送方不必在开始对话之前先与接收方建立连接。这有点像寄信。您不知道对方是否收到了您的消息,并且您无法保证一定会收到任何反馈。
(TCP)另一方面,TCP更像是打电话。接收者必须“接听”连接,并且有一个来回的信息流,直到有人故意挂断。
UDP消息通常通过网络广播给在指定UDP端口上侦听的任何人。这使其非常适合与运行网络本身相关的内务类消息。它也非常适合 IP 语音流、在线视频游戏和流广播。
为什么?这些应用程序受益于 UDP 的低延迟和持续不断的信息流,这些信息不必完美无缺。毕竟,您的 Skype 聊天中的一点点损坏远没有少量延迟那么重要。
TCP比UDP更常见,并且绝对确保接收到的所有数据都没有错误。几乎所有不需要UDP特定优势的东西都使用TCP。
哪些端口通常默认打开?(Which Ports Are Usually Open By Default?)
有很多(LOT)端口。端口号可以是 0 到 65535 之间的任何值!这并不意味着任何应用程序都可以选择任何端口。有既定的标准和范围,可以帮助我们理解噪音。
端口 0-1023 与一些最重要和最基础的网络服务相关联。这是有道理的,因为首先分配了编号较低的端口。例如,用于电子邮件的SMTP协议仅由端口 25 使用。(SMTP)
端口 1024-49151 被称为“注册端口”,分配给重要的公共服务,例如端口 1194 上的OpenVPN或端口 1433 和 1434 上的Microsoft SQL 。
其余端口号称为“动态”或“私有”端口。这些端口没有保留,任何人都可以在网络上使用它们来支持特定服务。当同一网络上的两个或多个服务使用同一端口时,唯一的问题就会出现。
虽然不可能列出每一个重要的端口,但这些常见的端口对于熟记是有用的:
- 20 – FTP(文件传输协议)
- 22 -安全外壳(Secure Shell)(SSH)
- 25 -简单邮件传输协议(Simple Mail Transfer Protocol)(SMTP)
- 53 - 域名系统(Domain Name System)(DNS)
- 80 -超文本传输协议(Hypertext Transfer Protocol)( HTTP )
- 110 – 邮局协议 (POP3)
- 143 -互联网消息访问协议(Internet Message Access Protocol)( IMAP )
- 443 - HTTP 安全(HTTPS)
由于有成千上万个通用端口号,最简单的方法是记住范围。这(Which)将告诉您给定端口是否被保留。感谢Google,您还可以立即查看哪些服务使用特定端口。
在 Windows 中查找打开的端口(Find Open Ports In Windows)
现在我们已经掌握了有关TCP和UDP端口的所有基本知识,是时候开始寻找计算机上打开和使用的端口的过程了。
好消息是,Windows内置了一个非常有用的命令,可以显示各种应用程序和服务当前在计算机上使用的端口。
- 您要做的第一件事是打开“开始”菜单(Start Menu)并搜索CMD。
- 现在,右键单击CMD并以管理员身份运行。(Run as Administrator.)
网络统计-ab(Netstat -ab)
- 不要担心一长串信息滚动的速度比您阅读它的速度快。您可以简单地使用CTRL+C 和CTRL+V 将信息复制并粘贴到记事本(Notepad)或任何其他文本编辑器中。
- 括号中的信息是使用端口的程序的名称。TCP或UDP是指在该端口上使用的协议。该编号由 IP 地址和冒号后的端口号组成。
扫描阻塞端口(Scanning For Blocked Ports)
它负责查找哪些端口正在使用以及哪个应用程序正在使用,但它不会告诉我们哪些端口正在被Windows 防火墙(Windows Firewall)主动阻止。
- 再次打开开始菜单(Start Menu)并搜索CMD。
- 右键单击CMD并以管理员身份运行。(Run as Administrator.)
- 打开命令提示符后,键入:
netsh 防火墙显示状态(netsh firewall show state)
这是根据您的Windows 防火墙(Windows Firewall)配置显示的被阻止和打开的端口。
您会看到有关此命令已被弃用的注释,但新命令并未向我们显示我们想要的信息。因此,目前使用“show state”命令仍然是获取端口信息的最快和最简单的方法。
仅仅因为Windows 防火墙(Windows Firewall)没有阻止端口,并不意味着您的路由器或ISP没有。所以我们要做的最后一件事是检查是否发生了任何外部阻塞。
- 打开开始菜单并搜索CMD。
- 现在,右键单击CMD并以管理员身份运行。(Run as Administrator.)
- 打开命令提示符后,键入:
netstat -ano | findstr -i SYN_SENT
如果您没有列出任何命中,则说明没有任何内容被阻止。如果列出了某些端口,则表示它们被阻止。如果此处显示未被 Windows 阻止的端口,您可能需要检查您的路由器或向您的ISP发送电子邮件,如果不能选择切换到其他端口。
有用的应用程序来映射您的端口状态(Useful Apps To Map Out Your Port Status)
虽然命令提示符(Command Prompt)是一个很好的快速而肮脏的工具,但还有更精致的第三方应用程序可以帮助您了解端口配置。这里突出显示的两个只是流行的例子。
SolarWinds 免费端口扫描器(SolarWinds Free Port Scanner)(SolarWinds Free Port Scanner)
SolarWinds要求您提交您的姓名和详细信息才能下载它,但您是否将真实信息放入表单中取决于您。在选择SolarWinds(SolarWinds)之前,我们尝试了几个免费工具,但它是唯一一个既能在Windows 10下正常工作又具有简单界面的工具。
它也是唯一没有触发误报病毒标志的。端口扫描软件的一大问题是安全公司倾向于将它们视为恶意软件。因此,大多数用户会忽略此类工具附带的任何病毒警告。这是一个问题,因为您无法在这些应用程序中区分误报和真正的病毒。
SolarWinds 可能附带一些附加条件,但它实际上像宣传的那样工作并且易于使用。
你可以看到我吗(CanYouSeeMe)(CanYouSeeMe)
正如您可能知道的那样,这是一个网站服务,而不是一个应用程序。看看外部数据是否可以通过您的本地端口,这是一个很好的第一个呼叫端口。它会自动检测您的 IP 地址,您所要做的就是指定要测试的端口。
然后它会告诉您端口是否被阻塞,然后您必须确定阻塞是在计算机、路由器还是在服务提供商级别。
结论
对于大多数用户来说,端口不是您需要担心的事情。它们由您的操作系统、应用程序和网络硬件管理。
然而,当出现问题时,最好有工具在手,它可以让您找到开放端口以嗅探可疑活动或找出您的宝贵信息到底在哪里撞到了砖墙。
How to Find Open and Blocked TCP/UDP Ports
There’s a good chance you’ve happеned upоn this article because an application you’re trying to run is complaіning aboυt a “port” being blocked or you’ve read about hоw leaving certain “ports” open on your network can bе а security prоblem.
Either way, by the end of this piece you’ll not only know what these ports everyone is going on about are, but how to check your computer to find open or closed ports.
What Is a Network Port?
The first thing you should know is that the ports we’re referring to here are virtual. It has nothing to do with the physical network hardware ports on your router, TV, consoles or computers. Ports are simply a way for your network hardware and software to organize information traffic.
Think of reserved lanes on a road. The sidewalk is for pedestrians. There might be a dedicated bike lane. Carpool vehicles and buses have their own lanes too. Ports serve the same function. One port might be used for receiving emails, while another carries file transfer requests, or website traffic.
There are two common types of ports, which need a brief explanation before we move on to checking which ports on your system are open and which aren’t.
What Are TCP & UDP Ports?
The two common types of ports on modern networks are known as TCP and UDP ports. That is Transmission Control Protocol and User Datagram Protocol respectively. So these two port types use different network protocols.
Which you can think of as distinctive sets of rules for how bits of information should be sent and received. Both port types are built on the fundamental Internet Protocol (IP) that makes the internet and home networks, well, work. However, they are suitable for different applications.
The big difference is that when you send information over UDP, the sender doesn’t first have to establish a connection with the receiver before starting the conversation. It’s a bit like sending a letter. You don’t know if the other person received your message and you have no guarantee that you’ll get any feedback.
TCP, on the other hand, is more like making a phone call. The receiver has to “pick up” the connection and there’s a back-and-forth flow of information until someone deliberately hangs up.
UDP messages are generally broadcast over a network to anyone who is listening on the specified UDP port. This makes it perfect for housekeeping type messages that relate to running the network itself. It’s also perfect for voice-over-IP streaming, online video games and streaming broadcasts.
Why? These applications benefit from UDP’s low latency and constant stream of information that doesn’t have to be perfect to be useful. A little corruption in your Skype chat is far less important than low amounts of lag, after all.
TCP is much more common than UDP and absolutely makes sure that all data is received free from errors. Just about everything that doesn’t need the specific advantages of UDP, uses TCP instead.
Which Ports Are Usually Open By Default?
There are a LOT of ports. A port number can be anything from 0 to 65535! That doesn’t mean any application can just pick any port. There are established standards and ranges, which helps us make sense of the noise.
Ports 0-1023 are associated with some of the most important and fundamental network services. This makes sense, since the lower-numbered ports were assigned first. The SMTP protocol for email, for example, is exclusively used by port 25.
Ports 1024-49151 are known as “registered ports” and are assigned to important common services such as OpenVPN on port 1194 or Microsoft SQL on ports 1433 and 1434.
The rest of the port numbers are known as “dynamic” or “private” ports. These ports aren’t reserved and anyone can use them on a network to support a particular service. The only problem crops up when two or more services on the same network are using the same port.
While it’s impossible to list every single important port, these common ports are useful to know by heart:
Since there are so many thousands of common port numbers, the easiest approach is to remember the ranges. Which will tell you if a given port is reserved or not. Thanks to Google, you can also look up which services use a specific port in no time at all.
Find Open Ports In Windows
Now that we’ve got all the basic knowledge about TCP and UDP ports out of the way, it’s time to get down to the process of finding which ports are open and in use on your computer.
The good news is that Windows has a pretty useful command built into it that will show you what ports are currently being used on your computer by various applications and services.
- The first thing you want to do is open the Start Menu and search for CMD.
- Now, right-click on CMD and Run as Administrator.
- With the Command Prompt open, type:
Netstat -ab
- Don’t worry about a long list of info scrolling by faster than you can read it. You can simply use CTRL+C and CTRL+V to copy and paste the information into Notepad or any other text editor.
- The information in brackets is the name of the program that’s using the port. TCP or UDP refers to the protocol being used on that port. The number consists of an IP address and then the port number after the colon.
Scanning For Blocked Ports
That takes care of finding which ports are being used and by which application, but it doesn’t tell us which ports are being actively blocked by the Windows Firewall.
- Once again, open the Start Menu and search for CMD.
- Right-click on CMD and Run as Administrator.
- With the Command Prompt open, type:
netsh firewall show state
This is a display of blocked and open ports as per the configuration of your Windows Firewall.
You’ll see a note about this command being deprecated, but the new command doesn’t show us the information we want. So for now using the ‘show state’ command is still the fastest and easiest way to get port information.
Just because the Windows Firewall isn’t blocking a port, that doesn’t mean your router or ISP aren’t. So the last thing we want to do is check if any external blocking is happening.
- Open the Start Menu and search for CMD.
- Now, right-click on CMD and Run as Administrator.
- With the Command Prompt open, type:
netstat -ano | findstr -i SYN_SENT
If you don’t get any hits listed, then nothing is being blocked. If some ports are listed, it means they are being blocked. If a port not blocked by Windows shows up here, you may want to check your router or pop an email to your ISP, if switching to a different port isn’t an option.
Useful Apps To Map Out Your Port Status
While the Command Prompt is a good quick and dirty tool, there are more refined third-party applications that can help you get a picture of your port configuration. The two highlighted here are just popular examples.
SolarWinds requires that you submit your name and details in order to download it, but it’s up to you whether you put your real information into the form or not. We tried several free tools before settling on SolarWinds, but it was the only tool that both worked properly under Windows 10 and had an easy interface.
It was also the only one not to trigger a false positive virus flag. One of the big problems with port scanning software is that security companies tend to see them as malware. So most users ignore any virus warning that come with such tools. That’s a problem because you can’t tell the difference between a false positive and a real virus in these apps.
SolarWinds might come with some strings attached, but it actually works as advertised and is easy to use.
This is, as you can probably tell, a website service rather than an application. It’s a good first port of call to see if external data can get through your local port or not. It auto-detects your IP address and all you have to do is specify which port to test.
It will then tell you if the port is blocked or not and you’ll then have to figure out whether the blockage is on the computer, router or at the service provider level.
Conclusion
For most users, ports aren’t something you need to worry about. They are managed by your operating system, applications and network hardware.
When things go wrong however, it’s good to have the tool in hand that let you find open ports to sniff out suspicious activity or figure out where exactly your precious information is hitting a brick wall.