Communication Security: Web Based Services • Chapter 5  267

                         4. Another quick way to see if you are running a rogue Web server
                             is to go to a command prompt and type netstat –na, as seen in
                             Figure 5.5. On the second line you can see that you have TCP
                             port 80 LISTENING. This means that you are using the HTTP ser-
                             vice on your machine, which again, indicates that you have a
                             Web server running. In looking at this figure, you’ll also notice
                             that the Web server is listening on port 443, meaning that it was
                             either intentional (as a certificate had to be installed to turn on
                             Hypertext Transfer Protocol Secure sockets [HTTPS]) or someone
                             configured the server to listen on that port in addition to port
                             80. Because HTTPS is being used, it is possible that the user might
                             be testing an application using HTTPS, or it is a server not in the
                             current list of Web servers on your network.



                 NOTE

                      Port 80 is the default port on which a Web server listens for requests
                      from Web clients. However, Web servers can also be configured to listen
                      on a different port, so the fact that this port is not listed does not guar-
                      antee that there is no Web server running.



                 Figure 5.5 Using the netstat Command to See Port 80 in Use































                                                                              www.syngress.com