There are two main things to remember when trying to calculate subnets. The first is that that default subnet for a range is 255.255.255.0. This subnet, that we all recognize gives you one network with 255 different addresses from 1 to 255. Fairly easy stuff so far. The second thing to remember is the formula needed to calculate a new subnet. For this we have to go back to basics and remember that the number 255 is made up in binary of 8 bits. To get the number 255, all those 8 bits would be set to 1, each one representing a number in decimal in the following sequence. (1, 2, 4, 8, 16, 32, 64, 128). If you add all these numbers together you get 255.

In order to create our subnet mask we need to “borrow” a certain number of bits from our host address. The host address is the last number in the group of four that makes up our subnet. So in the subnet 255.255.255.0, the 0 is the host address.

We can use the formula (2^n – 2) to figure out how many networks we can make by borrowing certain number of bits. Lets say for example we wanted to make six networks; we would need to borrow 3 bits, because (2^3 – 2 = 6). So we take the three bits from the left of our binary sequence and add them together. (128 + 64 + 32 = 224). So the subnet we need to use for our 6-network system is 255.255.255.224.

Now we’ve calculated our subnet, the next thing we need to do is work out the ranges of our new networks. This is a fairly easy thing to do if you remember one rule. The lowest number in the bits we borrowed from our host address is our guide. In this case, the bits we borrowed were 128, 64 and 32. The lowest of these is 32, so this is our guide number we’re going to use to set up our network ranges.

What you want to do is start off with your guide number, and that gives you the first address of our first network. For example – 192.168.0.32. To get the starting address of the second network, you just add on 32. So the second network will begin at 192.168.0.64. Keep adding the number 32 to find the other network starting points, and you’ll end up with this network address range map:

• Network 1: 192.168.0.32 – 192.168.0.63
• Network 2: 192.168.0.64 – 192.168.0.95
• Network 3: 192.168.0.96 – 192.168.0.127
• Network 4: 192.168.0.128 – 192.168.0.159
• Network 5: 192.168.0.160 – 192.168.0.191
• Network 6: 192.168.0.192 – 192.168.0.223

Note that you cannot use the first 32 or last 32 addresses of the entire 255 address range, (unless you’re using specific equipment that allows it). And there you have it, we’ve calculated our subnet mask, and we’ve worked out the ranges our networks will use. Remember the formula (2^n – 2) and your binary numbers, and you’ll be able to work out any configuration of subnets and networks.

The program is offered as a portable version and installer by its developers. Both versions offer the same functionality in all other aspects.

The software displays all listening ports, their protocol, process, process ID, associated services and company in the interface. This makes it relatively easy to identify specific ports directly in the program interface. Especially the associated services column can be helpful in identifying the responsible Windows services.

A right-click on a row opens a context menu with additional research options.

• Locate the executable file – Opens the folder that contains the process executable.
• Terminate this process – Terminates the process directly. May only be temporary if the process restarts automatically.
• Process services – Displays all services that are linked to the process.
• Google… – Research the port, process on Google.
• Wikipedia… – Research the port, process on Wikipedia.
• Usage statistics of this port – Look up statistics
• Port authority database – Provides information about most ports.

The menubar on top links to additional tools, commands and references. The tools menu links to Windows apps like the Services managements interface, the Task Manager, Registry Editor or Local Security Settings. Commands can run the netstat command to display all open connections, the task list and the system’s environment variables.

Internet references finally links to essays and white papers about ports and online security. Linked there are for instance BlackViper’s excellent website that is offering services configuration suggestions, lists of common port numbers or a Microsoft guide on how to configure a firewall for domains and trusts.

It is furthermore possible to display a short summary, and to export the current port list in detail. CloseTheDoor offers everything that one could hope for when analyzing open ports on a Windows machine. It is a solid alternative to CurrPorts. The software is compatible with all recent versions of the Microsoft Windows operating system. It tested fine on a 64-bit Windows 7 test system. Downloads of the portable version, installer and source code are available at the project website over at Sourceforge.

Installation?

Fortunately your distribution should come with the netstat command pre-installed. To check this, open up a terminal window (that’s where you will use netstat anyway) and issue the command which netsat. This command should return something like /bin/netstat. That will tell you that the tool is installed and where the executable is.

Usage

Because netstat offers such a variety of options, it might be best if I first list some of the more useful options.

a: Shows the state of all sockets and routing table entries.

c: Display information continuously.

d: Show the state of all interfaces that use DHCP.

e: Show extended information.

g: Show the multicast group membership information for both IPv4 and IPv6.

i: Display a table of all network inferfaces.

l: Limit statistics to a defined interface.

M: Show multicast routing tables.

n: Shows network addresses as numbers instead of the default symbols.

p: Show address resolution tables.

P: Limit statistics to a defined protocol.

r: Show all routing tables.

t: Show TCP connections.

u: Show UDP connections.

v: Use verbose mode for output.

So let’s take a look and see how these can be used together.

netstat

By itself (no options) this command prints out generic statistics of the host you are currently connected to.

netstat -an

This command will display all connections to the host, including source and destination addresses and ports, and displays them as numbers.

netstat -rn

This command will display the routing table for the host in numeric form.

netstat -r

This command will display your routing table for your host.

netstat -natp

This command will display active TCP connections in numerical form.

netstat -t –listening

This will show you all tcp ports you host is listening on.

Figure 1

netstat –statistics

This command will display various statistics for your host’s interfaces. Note that this command will display a LOT of statistics. A snippet of the output will look like that shown in Figure 1.

As you can see, this command will display quite a bit of information. On top of that you might need to pipe this command through the less command in order to see it more easily. That full command would look like netstat –statistics | less. Using it that way would allow you to use your arrow keys to scroll up and down through the ouput.

Final thoughts

Although not an exhaustive look at the netstat command, this will get you started and using this handy tool. Since there are so many switches and options to use with netstat, in order to cover them all, take a look at the netstat man page (issue the command man netstat) where you can see each and every switch explained.



What this means is that Fport will basically display all open ports and the applications that use them for their connection. This makes it very easy to find unauthorized connections by simply verifying the applications one by one.

Fport has to be launched from the command line or a batch script. It will display all open ports and their applications if it is executed without switches. The following switches are available:

/p (sort by port)
/a (sort by application)
/i (sort by pid)
/ap (sort by application path)

The output will look like this:

C:\>fport
FPort v2.0 – TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com
Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe

392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe

The easiest way to work with fport is to save the output into a text document for further processing. This can be done with the command fport > output.txt which will create a text document with the name output.txt in the root directory of fport.

A similar application with a graphical user interface is Cports.

NetCPS – the easier way

This little tool called NetCPS (a single executable file) is rather simplistic, no fancy features as the author (credits to Jarle Aase) says. It pumps 100MB of generated data (without accessing the HDD which could mess with the final result) and then displays the result in form of average speed stated in both KB/s and MB/s. Sourcecode is available for download as well in case you’d like to do some further tinkering with it. Freely usable unless you intend to use it on behalf of military or government.

Example of use:

Server-side end-point: netcps -server
Client-side end-point2: netcps *IP address/hostname of the host*

Additional switches to change the default port (4455) and default amount of transfered data (100MB) are supported. Use the -help switch for further instructions.

Iperf – the powerful way

This tool on the contrary is rather advanced while still maintaining its portability and small size. It can measure performance with many different settings but those are optional and not neccessary for the essential purpose of finding out what the network’s throughput is. You can affect a lot of settings by changing them with various switches. Take notice of the example screenshot for instance, where the port used is changed to 1234, amount of sent data set to 200 MB, interval of reports set to 2 seconds for better accuracy and report format set to MBytes. Iperf can be run as a solid Windows service as well. Here’s a download link to the compiled Windows version of Iperf (a single executable).

Example of use:

Server-side end-point: iperf -s -p 1234
Client-side end-point2: iperf -c *IP address/hostname of the host*

Many additional switches and settings are available for advanced use of this nifty utility. The usual -help switch brings up further instructions again.