help with netstat & netstat -ano
Hello fellow members of Antionline. my system has being lagging while I been searching the net. So I opened the command prompt for windows vista (basic edition) and here is the output
Quote:
Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Mike>NETSTAT
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.100:56236 channel-ic-13-01-snc7:https ESTABLISHED
TCP 192.168.1.100:56340 media:http ESTABLISHED
TCP 192.168.1.100:56341 media:http ESTABLISHED
TCP 192.168.1.100:56343 69.25.24.23:http ESTABLISHED
TCP 192.168.1.100:56396 a23-3-9-50:http TIME_WAIT
TCP 192.168.1.100:56400 a23-3-9-50:http TIME_WAIT
TCP 192.168.1.100:56501 64.214.118.240:http ESTABLISHED
TCP 192.168.1.100:56502 64.214.118.240:http ESTABLISHED
TCP 192.168.1.100:56508 64.214.118.235:http ESTABLISHED
TCP 192.168.1.100:56515 m-nb:http ESTABLISHED
TCP 192.168.1.100:56521 208:http ESTABLISHED
TCP 192.168.1.100:56589 69.25.24.23:http ESTABLISHED
TCP 192.168.1.100:56600 a23-0-66-77:http ESTABLISHED
TCP 192.168.1.100:56611 64.214.118.235:http ESTABLISHED
TCP 192.168.1.100:56615 mia05s08-in-f28:http ESTABLISHED
TCP 192.168.1.100:56639 mia05s08-in-f28:http ESTABLISHED
TCP 192.168.1.100:56664 mia05s08-in-f3:http ESTABLISHED
TCP 192.168.1.100:56679 64.214.118.240:http ESTABLISHED
TCP 192.168.1.100:56710 mia05s08-in-f13:http ESTABLISHED
TCP 192.168.1.100:56745 mia05s08-in-f25:http ESTABLISHED
TCP 192.168.1.100:56758 a23-0-68-46:http ESTABLISHED
TCP 192.168.1.100:56778 a23-0-69-186:https ESTABLISHED
TCP 192.168.1.100:56792 a23-0-72-124:https ESTABLISHED
TCP 192.168.1.100:56829 157.55.134.114:https ESTABLISHED
TCP 192.168.1.100:56840 a23-0-72-124:https ESTABLISHED
TCP 192.168.1.100:56841 a23-0-72-124:https ESTABLISHED
TCP 192.168.1.100:56842 a23-0-72-124:https ESTABLISHED
TCP 192.168.1.100:56846 157.56.19.158:https ESTABLISHED
TCP 192.168.1.100:56978 a65-126-84-99:http ESTABLISHED
TCP 192.168.1.100:56999 a184-50-36-46:http ESTABLISHED
TCP 192.168.1.100:57012 216.151.187.168:http TIME_WAIT
TCP 192.168.1.100:57052 a65-126-84-114:http ESTABLISHED
TCP 192.168.1.100:57060 a65-126-84-120:http ESTABLISHED
TCP 192.168.1.100:57083 a65-126-84-74:http TIME_WAIT
TCP 192.168.1.100:57190 a65-126-84-115:http ESTABLISHED
TCP 192.168.1.100:57191 216.52.92.23:http ESTABLISHED
TCP 192.168.1.100:57200 a65-126-84-80:http ESTABLISHED
TCP 192.168.1.100:57210 74.217.78.161:http ESTABLISHED
TCP 192.168.1.100:57237 74.217.78.146:http ESTABLISHED
TCP 192.168.1.100:57238 74.217.78.146:http ESTABLISHED
TCP 192.168.1.100:57239 216.52.92.23:http ESTABLISHED
TCP 192.168.1.100:57250 216.151.187.171:http ESTABLISHED
TCP 192.168.1.100:57416 a184-28-116-66:http ESTABLISHED
TCP 192.168.1.100:57437 75.98.62.248:http ESTABLISHED
TCP 192.168.1.100:57450 domain:http ESTABLISHED
TCP 192.168.1.100:57461 199.38.166.150:http ESTABLISHED
TCP 192.168.1.100:57485 a184-28-117-231:http ESTABLISHED
TCP 192.168.1.100:57630 mia05s08-in-f4:http ESTABLISHED
TCP 192.168.1.100:57634 origin:http ESTABLISHED
TCP 192.168.1.100:57636 origin:http ESTABLISHED
TCP 192.168.1.100:57644 72.21.203.149:https ESTABLISHED
TCP 192.168.1.100:57645 72.21.203.149:https ESTABLISHED
TCP 192.168.1.100:57646 a65-126-84-104:http ESTABLISHED
TCP 192.168.1.100:57649 mia05s08-in-f13:http ESTABLISHED
TCP 192.168.1.100:57654 a184-50-40-124:http ESTABLISHED
TCP 192.168.1.100:57655 a184-50-40-124:http ESTABLISHED
TCP 192.168.1.100:57659 mia05s08-in-f25:http ESTABLISHED
TCP 192.168.1.100:57684 a184-50-40-124:http ESTABLISHED
TCP 192.168.1.100:57695 a184-50-40-124:http ESTABLISHED
TCP 192.168.1.100:57696 a184-50-40-124:http ESTABLISHED
TCP 192.168.1.100:57720 198.144.112.64:http ESTABLISHED
TCP 192.168.1.100:57722 198.144.112.64:http ESTABLISHED
TCP 192.168.1.100:57724 img-dc6:http ESTABLISHED
TCP 192.168.1.100:57729 198.144.112.64:http ESTABLISHED
TCP 192.168.1.100:57730 198.144.112.64:http ESTABLISHED
TCP 192.168.1.100:57731 198.144.112.64:http ESTABLISHED
TCP 192.168.1.100:57732 198.144.112.64:http ESTABLISHED
TCP 192.168.1.100:57736 198.144.112.75:http ESTABLISHED
TCP 192.168.1.100:57760 64.4.21.40:http ESTABLISHED
TCP 192.168.1.100:57761 65.55.142.229:http ESTABLISHED
TCP 192.168.1.100:57764 a23-2-45-165:http ESTABLISHED
TCP 192.168.1.100:57779 a23-2-45-165:https ESTABLISHED
TCP 192.168.1.100:57780 a23-2-45-165:https ESTABLISHED
TCP 192.168.1.100:57781 a23-2-165-186:http ESTABLISHED
TCP 192.168.1.100:57782 a23-2-45-165:https ESTABLISHED
TCP 192.168.1.100:57789 a23-2-46-227:http ESTABLISHED
TCP 192.168.1.100:57799 mia04s05-in-f3:https ESTABLISHED
TCP 192.168.1.100:57881 ip-68-71-249-118:http ESTABLISHED
TCP 192.168.1.100:57888 198.144.112.66:http ESTABLISHED
TCP 192.168.1.100:57891 69.25.24.26:http ESTABLISHED
TCP 192.168.1.100:57893 65.55.5.232:http ESTABLISHED
TCP 192.168.1.100:57909 sync:http ESTABLISHED
TCP 192.168.1.100:57910 sync:http ESTABLISHED
TCP 192.168.1.100:57914 ec2-50-19-87-179:http CLOSE_WAIT
TCP 192.168.1.100:57929 ec2-184-72-246-237:https ESTABLISHED
TCP 192.168.1.100:57930 ec2-184-72-246-237:https ESTABLISHED
TCP 192.168.1.100:57940 65.55.5.231:http ESTABLISHED
TCP 192.168.1.100:57945 198.144.112.83:http ESTABLISHED
TCP 192.168.1.100:57950 server-216-137-47-50:http ESTABLISHED
TCP 192.168.1.100:57986 95.154.251.53:http FIN_WAIT_2
TCP 192.168.1.100:57989 64.188.63.5:https ESTABLISHED
TCP 192.168.1.100:57990 media:http TIME_WAIT
TCP 192.168.1.100:57991 ox-173-241-250-123:http TIME_WAIT
C:\Users\Mike>
It seems there are a lot different connections... connecting to *higher port numbers* I keep my system up-to-date with AVG, apply the latest OS updates, I also have spybot search and destroy up-to-date, and anti-malware well as hijack this. AVG found no threats, spybot only found one item which i deleted. I have my firewall enabled the one that comes with windows vista configured for inbound and outbound traffic. also, i'm behind a cisco router. Is there anything you would worry about if so, please let me know thanks mike.
Thank you for all the replies.
Quote:
TCP 192.168.1.100
That is part of your local lan. A private IP number.
Check your computer for p2p type programs having been installed and portforwarding in you router.
TCP 192.168.1.100:62728 8.19.18.172:
Now that line tells me your router is using port 62728 to connect to 8.19.18.172 in New York city. A ad server from the looks of things and yes those ad servers can really slow/mess things up.
I know 192.168.1.100 is the one assigned to me from the router but i was not sure about the port it what using so thank you for the information i greatly appreciated.
Quote:
Check your computer for p2p type programs having been installed and portforwarding in you router.
I looked through my system and didn't find any p2p applications. I scanned my system with spybot, malware antimalware, and AVG and hijack this and everything came out fine. However, when i check netstat -ano this is the latest output
Quote:
Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Mike>netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1088
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 784
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1184
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1480
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 1220
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 840
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 828
TCP 0.0.0.0:49251 0.0.0.0:0 LISTENING 3524
TCP 127.0.0.1:9421 0.0.0.0:0 LISTENING 3524
TCP 127.0.0.1:9422 0.0.0.0:0 LISTENING 3524
TCP 127.0.0.1:9423 0.0.0.0:0 LISTENING 3524
TCP 169.254.16.78:139 0.0.0.0:0 LISTENING 4
TCP 192.168.1.100:139 0.0.0.0:0 LISTENING 4
TCP 192.168.1.100:49216 209.107.220.188:443 ESTABLISHED 3524
TCP 192.168.1.100:49318 69.171.227.71:443 ESTABLISHED 3840
TCP 192.168.1.100:49767 173.194.37.0:80 ESTABLISHED 3840
TCP 192.168.1.100:50279 69.171.227.71:443 ESTABLISHED 3840
TCP 192.168.1.100:50417 173.194.37.1:80 ESTABLISHED 3840
TCP 192.168.1.100:50450 184.84.252.250:80 ESTABLISHED 3840
TCP 192.168.1.100:50451 184.84.252.250:80 ESTABLISHED 3840
TCP 192.168.1.100:50458 184.84.252.250:80 ESTABLISHED 3840
TCP 192.168.1.100:50461 184.84.252.215:80 ESTABLISHED 3840
TCP 192.168.1.100:50470 184.28.189.231:80 ESTABLISHED 3840
TCP 192.168.1.100:50473 184.84.252.215:80 ESTABLISHED 3840
TCP 192.168.1.100:50495 173.194.37.4:80 ESTABLISHED 3840
TCP 192.168.1.100:50496 173.194.37.5:80 ESTABLISHED 3840
TCP 192.168.1.100:50497 173.194.37.5:80 ESTABLISHED 3840
TCP 192.168.1.100:50498 173.194.37.5:80 ESTABLISHED 3840
TCP 192.168.1.100:50499 173.194.37.6:80 ESTABLISHED 3840
TCP 192.168.1.100:50500 173.194.37.6:80 ESTABLISHED 3840
TCP 192.168.1.100:50501 173.194.37.6:80 ESTABLISHED 3840
TCP 192.168.1.100:50502 173.194.37.6:80 ESTABLISHED 3840
TCP 192.168.1.100:50504 173.194.37.7:80 ESTABLISHED 3840
TCP 192.168.1.100:50505 173.194.37.7:80 ESTABLISHED 3840
TCP 192.168.1.100:50507 173.194.37.3:80 ESTABLISHED 3840
TCP 192.168.1.100:50508 173.194.37.2:443 ESTABLISHED 3840
TCP 192.168.1.100:50509 173.194.29.146:80 ESTABLISHED 3840
TCP 192.168.1.100:50510 173.194.37.3:80 ESTABLISHED 3840
TCP 192.168.1.100:50511 173.194.41.111:80 ESTABLISHED 3840
TCP 192.168.1.100:50512 173.194.37.8:80 ESTABLISHED 3840
TCP 192.168.1.100:50513 173.194.41.111:443 ESTABLISHED 3840
TCP [::]:135 [::]:0 LISTENING 1088
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:5357 [::]:0 LISTENING 4
TCP [::]:49152 [::]:0 LISTENING 784
TCP [::]:49153 [::]:0 LISTENING 1184
TCP [::]:49154 [::]:0 LISTENING 1480
TCP [::]:49155 [::]:0 LISTENING 1220
TCP [::]:49156 [::]:0 LISTENING 840
TCP [::]:49157 [::]:0 LISTENING 828
UDP 0.0.0.0:123 *:* 1480
UDP 0.0.0.0:500 *:* 1220
UDP 0.0.0.0:3702 *:* 1480
UDP 0.0.0.0:3702 *:* 1480
UDP 0.0.0.0:4500 *:* 1220
UDP 0.0.0.0:5355 *:* 1600
UDP 0.0.0.0:62091 *:* 1480
UDP 0.0.0.0:64872 *:* 3524
UDP 0.0.0.0:64874 *:* 3524
UDP 127.0.0.1:1900 *:* 1480
UDP 127.0.0.1:52291 *:* 3524
UDP 127.0.0.1:57623 *:* 1220
UDP 127.0.0.1:61564 *:* 1480
UDP 127.0.0.1:64873 *:* 3524
UDP 169.254.16.78:137 *:* 4
UDP 169.254.16.78:138 *:* 4
UDP 169.254.16.78:1900 *:* 1480
UDP 169.254.16.78:61563 *:* 1480
UDP 192.168.1.100:137 *:* 4
UDP 192.168.1.100:138 *:* 4
UDP 192.168.1.100:1900 *:* 1480
UDP 192.168.1.100:61562 *:* 1480
UDP [::]:123 *:* 1480
UDP [::]:500 *:* 1220
UDP [::]:3702 *:* 1480
UDP [::]:3702 *:* 1480
UDP [::]:5355 *:* 1600
UDP [::]:62092 *:* 1480
UDP [::1]:1900 *:* 1480
UDP [::1]:61560 *:* 1480
UDP [fe80::100:7f:fffe%9]:1900 *:* 1480
UDP [fe80::100:7f:fffe%9]:61561 *:* 148
0
UDP [fe80::4df9:543a:a3a2:104e%12]:1900 *:*
1480
UDP [fe80::4df9:543a:a3a2:104e%12]:61559 *:*
1480
UDP [fe80::f456:f2f2:6a95:321a%8]:1900 *:*
1480
UDP [fe80::f456:f2f2:6a95:321a%8]:61558 *:*
1480
C:\Users\Mike>
i checked the routers logs all icoming & outgoing (outgoing was full) incoming like 1 or 2. Also, port forwarding is not enabled.
There's something on this system that is connecting out thing is i have a firewall monitoring incomming/outgoing connections so thinkin w.t.f anyways, thank you guys for your help. :D