-
October 26th, 2002, 10:48 PM
#1
Junior Member
-
October 26th, 2002, 11:02 PM
#2
The p2p client is most likely the problem, also check for chat clients.
I've noticed that even though most p2p's stick to one port, to get around firewalls and proxies they've since adapted to the capability of using "whatever port it wants".
Or at least thats how it seems to those of us admins that need to block theyre use he he.... try killing your p2p and running for a while, then check that'll give you a baseline.
~THEJRC~
I\'ll preach my pessimism right out loud to anyone that listens!
I\'m not afraid to be alive.... I\'m afraid to be alone.
-
October 26th, 2002, 11:14 PM
#3
One thing that would be very helpful (and if you do it, please obscure your address), is to see the entire table. Just from those entries there, it is absolutely impossible to tell whether those are incoming or outgoing connections and on what ports (essential to tell what service is being utilized). If you can supply that information, more people would be able to offer better advice.
Two things to keep in mind: 1 ) Any time you run a P2P service, you will have people connecting to you computer, it is the nature of the beast (unless through a firewall or some other means you are able to filter it out) 2) The columns output by netstart, first column is generally the ports/addresses listening on your pc, the second column are the destination/origination ips.
If you are concerned about what people are connecting to your PC for, take that port that you see them connecting to (usuallly in the form of IPort) and go somewhere like :
http://www.snort.org/ports.html
And put that port in there and you will see what service they are utilizing (and whether or not you should be worried about it based on the results).
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
October 27th, 2002, 12:33 AM
#4
Yea i think its the p2p it may be that someone is downloading a file from your shared folder do what THEJRC said and kill it and see what happens
-
October 27th, 2002, 01:32 AM
#5
Also, you can try going to the foundstone site here to download fport to see if it helps you to determine what it is. It will show the application name of the connection possibly. Also, you can look at connections in somewhat realtime using tcpview on the sysinternals site here . The approach previously mentioned in the other posts should help narrow down the possibilities definitely. Take care.
Opinions are like holes - everybody\'s got\'em.
Smile
-
October 27th, 2002, 08:45 AM
#6
if your on win xp
type netstat -o and it will give you what pid its running on then hit cntl alt delete and find what app is using that pid
rioter
-
October 27th, 2002, 07:34 PM
#7
Member
The best thing is to contact your ISP/admin and tell em the situation. Its always best to keep a firewall and a virus/trojan scanner. There must be a direct connection of the clients with your router. It could be a normal thing as well.
With great power comes great responsibility.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|