Jump to content

How to identify ports to open on Firewall?


Recommended Posts

Here is a suggestion to find which ports needed to open on the firewall

Identifying the ports

  1. Start the program and try to use its network features. For example, with a multimedia program, try to start an audio stream. With a Web server, try to start the service.

  2. Click Start, click Run, type cmd, and then click OK.

  3. At the command prompt, type netstat ano > netstat.txt, and then press ENTER. This command creates the Netstat.txt file. This file lists all the listening ports.


  4. At the command prompt, type tasklist > tasklist.txt, and then press ENTER. If the program in question runs as a service, type tasklist /svc > tasklist.txt instead of tasklist > tasklist.txt so that the services that are loaded in each process are listed.


  5. Open the Tasklist.txt file, and then locate the program that you are troubleshooting. Write down the Process Identifier for the process, and then open the Netstat.txt file. Note any entries that are associated with that Process Identifier and the protocol that is used.


If the port numbers for the process are less than 1024, the port numbers will probably not change. If the numbers that are used are greater than or equal to 1024, the program may use a range of ports. Therefore, you may not be able to resolve the issue by opening individual ports.





Link to comment
Share on other sites

if you are running Vista and get the error

x: Windows Sockets initialization failed: 5

It's a Vista issue

From Microsoft

Posted by Microsoft on 2/6/2009 at 7:13 PM

Hi, there was a bogus message print in the Vista version of netstat.exe that will display “x: Windows Sockets initialization failed: 5” everytime netstat fails to open a process handle for displaying the ownership information (needed only in the -b switch). A user mode process cannot open a handle to system process because of security reasons and netstat will display “Can not obtain ownership information” for such endpoints or connections owned by system process. The bogus error message is removed in windows 7 and you should no longer see it if you try it on Windows 7 RC builds (when they are available to you).

Thanks for reporting the problem


Microsoft solution is to give them more money for the upgraded Operating System to fix the issue with Vista. Proof that Microsoft is forcing Vista users to upgrade because they will not support an OS that sux like Vista does.

Link to comment
Share on other sites

  • 5 years later...

Wouldn’t surprise me if a firewall along the way was blocking ICMP (ping) since most applications actually only need certain ports open to function. Ping is not a very reliable testing mechanism to validate if something is up and working.

Simple test that everyone has access to is telnet (ex. telnet ipaddress:port) to validate the path is open all the way through. Of course my favorite is either tcptraceroute ipaddress port (which performs a traceroute and validates every hop has that port open and if anywhere that port is blocked you can see.

Others prefer using traceroute ipaddress –T –p port

-T stands for TCP

That is a long way of saying, I would suggest finding what port the server is expecting and try one of the above functions to test if the server is up and working.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...