We are revisiting great applications in this series that we reviewed in the past. In this episode of Blast from the Past: Nirsoft's CurrPorts application.
We reviewed the freeware CurrPorts back in 2010 for the first time here on Ghacks Technology News. The free application displays all open ports of a system running Windows when you execute it. It displays a list of applications with Internet or network connectivity, as well as system services and tools with open ports or connections.
CurrPorts is a free program for Microsoft Windows devices by one of our favorite developers Nirsoft. It is compatible with all Windows operating system versions including the latest ones (and it goes back to Windows NT and 2000). The program is portable and you may run it from any location.
In a nutshell: CurrPorts displays open ports on systems running Windows. You may use it to detect applications with network connectivity and check which ports are open on the system; great to harden the system by closing ports or verifying applications with network connectivity.
The Windows system tool netstat and Windows PowerShell offer similar options but both need to be run from the command line. Check out LiveTCPUDPWatch as an alternative, or the port-focused programs PortExpert or PortScan.
CurrPorts displays a list of all open TCP and UDP ports on the system when it is run. Each entry displays detailed information that includes the process name, ports, addresses, protocols, process path on the local system, and more. Each data column, e.g process name, local port, or remote address supports sorting.
Tip: Download the IP to Country database file from the Nirsoft website and place it in the same directory as the CurrPorts executable file to add IP to country look-ups to the application. You may download the ASN database file to display the ASN and company name of remote IP addresses.
The application refreshes the list of ports automatically in 2 second intervals by default. You can change the interval or disable auto-refresh under Options > Auto Refresh. Disabling is a good option if you need to analyze a certain state.
CurrPorts offers lots of options; you can use filters to display only a subset of ports, disable IPv6, UDP, or TCP, or enable audio feedback whenever new ports are detected. Advanced filters like include:remote:tcp:80 or exclude:both:tcpupd:6881 may be used to include or exclude certain listings. The first filter displays only TCP 80 port processes, the second excludes BitTorrent traffic provided that the default port 6881 is used.
CurrPorts supports more than just reporting. You can close processes right from the application's interface or by using the command line. The commands /close * * * 80 and /close * * 192.168.1.10 80 for example close all connections that use the local port 80 or all connections with the remote port 80 and the remote address specified in the command.
That's only a temporary change though and if you want to prevent an application or system process from opening ports, you need to find other ways to prevent that from happening, e.g. by creating new firewall rules, changing the state of Services on the system, or changing a program's configuration.
Check out our tutorial on blocking and closing ports on Windows as a start.
CurrPorts supports the generation of HTML reports. You can create new reports from the interface or by using the parameter /shtml.
I like CurrPorts a lot; it is one of those tiny Nirsoft applications for Windows that offers tremendous value. I use it to check open ports on Windows systems to make sure that only ports that are needed are open on the system.
It takes a bit of research to find out why a port is open; while that is easy enough to tell for applications that you can identify by looking at the process name, e.g. firefox.exe or chrome.exe, it may not be as easy when it comes to Services or Windows processes; you may need to research the port numbers if you cannot identify the service or system tool directly.
Now You: Do you use CurrPorts or have you used it?Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.