netstat connections
Results 1 to 7 of 7

Thread: netstat connections

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    1

    Exclamation netstat connections

    I have a 4port-ADLS router and dont use a firewall at the moment.. when I do a netstat -a in my prompt window, there are a number of connections that seem unusual.. one that stood out like a sorre thumb is:

    adsl-20-81-145.sdf.bellsouth.net

    now .. that HAS to be some dude connected to my comp?? right ??

    Another which has come up a lot is

    24-240-224-15.charter.com

    Although I DO use a P2P (kazaa) ... I thought that would open up the different namespace connections under the same port number??

    Any how, some answers would be nice and informative


    thanks

    FRobinRobin

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    The p2p client is most likely the problem, also check for chat clients.

    I've noticed that even though most p2p's stick to one port, to get around firewalls and proxies they've since adapted to the capability of using "whatever port it wants".

    Or at least thats how it seems to those of us admins that need to block theyre use he he.... try killing your p2p and running for a while, then check that'll give you a baseline.

    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    One thing that would be very helpful (and if you do it, please obscure your address), is to see the entire table. Just from those entries there, it is absolutely impossible to tell whether those are incoming or outgoing connections and on what ports (essential to tell what service is being utilized). If you can supply that information, more people would be able to offer better advice.

    Two things to keep in mind: 1 ) Any time you run a P2P service, you will have people connecting to you computer, it is the nature of the beast (unless through a firewall or some other means you are able to filter it out) 2) The columns output by netstart, first column is generally the ports/addresses listening on your pc, the second column are the destination/origination ips.
    If you are concerned about what people are connecting to your PC for, take that port that you see them connecting to (usuallly in the form of IPort) and go somewhere like :

    http://www.snort.org/ports.html

    And put that port in there and you will see what service they are utilizing (and whether or not you should be worried about it based on the results).

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Yea i think its the p2p it may be that someone is downloading a file from your shared folder do what THEJRC said and kill it and see what happens

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Also, you can try going to the foundstone site here to download fport to see if it helps you to determine what it is. It will show the application name of the connection possibly. Also, you can look at connections in somewhat realtime using tcpview on the sysinternals site here . The approach previously mentioned in the other posts should help narrow down the possibilities definitely. Take care.
    Opinions are like holes - everybody\'s got\'em.

    Smile

  6. #6
    Banned
    Join Date
    Sep 2001
    Posts
    853
    if your on win xp
    type netstat -o and it will give you what pid its running on then hit cntl alt delete and find what app is using that pid
    rioter

  7. #7
    Member
    Join Date
    Dec 2001
    Posts
    66
    The best thing is to contact your ISP/admin and tell em the situation. Its always best to keep a firewall and a virus/trojan scanner. There must be a direct connection of the clients with your router. It could be a normal thing as well.
    With great power comes great responsibility.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •