Announcement

Collapse
No announcement yet.

netstat command

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • netstat command

    With Windows XP, if I run the netstat command through the command prompt, what should I be looking for? Does this tell me all the connects I currently have open and active?

  • #2
    Re: netstat command

    Try "netstat -a" for more detailed information.

    And yes, it will show all the active connections you have between your machine and other machines/networks/etc.
    Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

    Comment


    • #3
      Re: netstat command

      "netstat -?" lists all the options. "-b" looks useful. It shows what program is responsible for each connection. (Sort of like "lsof -i" on Linux.)
      Dude, seriously, WHAT handkerchief?

      snooggums' density principal: "The more dense a population, the more dense a population."

      Iliana: "You're a great friend but if we're ever chased by zombies I'm tripping you."

      Comment


      • #4
        Re: netstat command

        Thank you gentlemen. So, if I'm behind a router and/or a firewall what is a typical or reasonable amount of connections that should show up? Would several (meaning 5 or more) indicate there might be some malware present on my machine?

        Comment


        • #5
          Re: netstat command

          Originally posted by Faultline
          Thank you gentlemen. So, if I'm behind a router and/or a firewall what is a typical or reasonable amount of connections that should show up? Would several (meaning 5 or more) indicate there might be some malware present on my machine?
          Really depends on what's going on...

          If you haven't surfed the web in a while and have a bare minimum of services going, then 5 may be too high.

          If you're surfing around, got your IM client going, AV client getting updates.. Who knows. Just loading a single forum page can open several connections because images are hosted elsewhere. Then connections to one or more IM servers, Steam or something.

          Who the connections are to is more important than the number, usually, when checking for signs of malware.
          Battlefield Admin() ()
          [volun2][medic][defense3][eng2][support]
          [sg-c1][gchq-c1][tog-c1][ma-c1][taw-c1][tg-c2]
          | for | |

          Comment


          • #6
            Re: netstat command

            If you are worried, just boot up and close all of your open programs and virus stuff. Then look on the list and see where all the connections are going. Some will probably get out to m$, but other than that, they shouldn't be going anywhere else I would think.

            Comment


            • #7
              Re: netstat command

              For comparison, right now I have:

              10 IMAP connections to 3 different email accounts.
              A remote terminal connection to a partner company's lab computer.
              4 Firefox connections, 2 to other computers. (One looks like my weather extension.)
              2 HTTP connections in state TIME_WAIT (ie. in the process of closing from pages I've looked at earlier).

              (I ran "netstat -b" to see which program is responsible for each connection.)
              Dude, seriously, WHAT handkerchief?

              snooggums' density principal: "The more dense a population, the more dense a population."

              Iliana: "You're a great friend but if we're ever chased by zombies I'm tripping you."

              Comment


              • #8
                Re: netstat command

                Thanks guys, this definitely helps. :)
                With a virus scanner, router, firewall, anti spyware, etc. and being a tad paranoid I figured I can keep my system pretty clean. But this just allows me one more tool to make sure I'm not getting hit by the "baddies" out there.

                + rep all around!

                Comment


                • #9
                  Re: netstat command

                  Thought you all may want to know this helped me (after several hours scanning and researching) pin down a backdoor trojan that had been on my system. I'm on my way to recovery now, but just wanted to say thanks again :)

                  Comment


                  • #10
                    Re: netstat command

                    http://www.sysinternals.com/Utilitie...tRevealer.html - check that out in the future if you think you have someone else running the show..

                    http://www.sysinternals.com/Utilities/TcpView.html - that's another good one from the same folks.. sorta like a graphical view of netstat.

                    Those folks have all sorts of cool, free programs.
                    Battlefield Admin() ()
                    [volun2][medic][defense3][eng2][support]
                    [sg-c1][gchq-c1][tog-c1][ma-c1][taw-c1][tg-c2]
                    | for | |

                    Comment


                    • #11
                      Re: netstat command

                      Good links perry, I'll check em out when I get home.

                      In my efforts to clean my system up I found TONS of security freeware, some of it I already knew about but some of it I wouldn't have been able to get by had I not used it.

                      Comment


                      • #12
                        Re: netstat command

                        The sysinternals tools totally rock. I use them whenever I am curious or suspicious about any software.
                        Peace through fear... since 1947!

                        Comment

                        Connect

                        Collapse

                        TeamSpeak 3 Server

                        Collapse

                        Advertisement

                        Collapse

                        Twitter Feed

                        Collapse

                        Working...
                        X