The netstat tool is very good, and it can give you lots of good information about what's going on with your network services. The slight downside is that you have to log in to every individual host on your network in order to use it.
If you'd like to remotely audit your network to see what services are running on each computer, without having to log in to each and every one, then you need a tool such as Nmap. It's available for all the major operating systems, so even if you're stuck having to use Windows on your workstation, you're in luck. An up to date version is built into Kali Linux, if that's what you're using. It's also in the repositories of every major Linux distro, but the version that's in the Linux repositories is usually quite old. So, if you're using something other than Kali, your best bet is just to download Nmap from its creator's website.
In all cases, you'll also find instructions for installation.
You'll use Nmap the same way on all operating systems, with only one exception. On Linux and macOS machines, you'll preface certain Nmap commands with sudo, while on Windows machines, you won't. (Although, on Windows 10, you might have to open the command.exe terminal as an administrator.) Since I just happen to be working on my trusty openSUSE workstation, I'll show you how it works on Linux. Let's start by doing a SYN packet scan:
donnie@linux-0ro8:~> sudo nmap -sS 192.168.0.37
Starting Nmap 6.47 ( http://nmap.org ) at 2017-12-24 19:32 EST
Nmap scan report for 192.168.0.37
Host is up (0.00016s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
515/tcp open printer
631/tcp open ipp
5900/tcp open vnc
MAC Address: 00:0A:95:8B:E0:C0 (Apple)
Nmap done: 1 IP address (1 host up) scanned in 57.41 seconds
donnie@linux-0ro8:~>
Here's the breakdown:
- -sS: The lowercase s denotes the type of scan that we want to perform. The uppercase S denotes that we're doing a SYN packet scan. (More on that in a moment.)
- 192.168.0.37: In this case, I'm only scanning a single machine. However, I could also scan either a group of machines or an entire network.
- Not shown: 996 closed ports: The fact that it's showing all of these closed ports instead of filtered ports tells me that there's no firewall on this machine. (Again, more on that in a moment.)
Next, we can see a list of ports that are open. (More on that in a moment.)
The MAC address of this machine indicates that it's an Apple product of some sort. In a moment, I'll show you how to get more details about what kind of Apple product that it might be.
Now, let's look at this more in detail.