Who's this on my port?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Who's this on my port?

  1. #1

    Question Who's this on my port?

    I just recently learned about the netstat command (ok, ok, I'm a little behind, sue me), so I just tried it out on my home computer, and would ya know, this appeared:

    TCP knight:3565 texasrealtors.com:http TIME_WAIT 0
    TCP knight:3566 texasrealtors.com:http TIME_WAIT 0

    What's up with this? I didn't have my web browser open at the time so I don't know why that website's there. I've got antispyware and my cookies are blocked, so what does this mean? Pardon me if it's a stupid question, but ya gotta start somewhere.

  2. #2
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Try running your anti spyware in safe mode, it looks like its spyware and it looks like its running, your anti spyware can do absolutly nothing to anything thats running.
    I am the uber duck!!1
    Proxy Tools

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,049
    Relax its just you sending a request to texasrealtors.com

    the TIME_WAIT means its waiting for the final packets from your web browser to tear down the connection were you on the website at all ?
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  4. #4
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    If that were true, wouldnt the port number be 80 or 8080? Not 3565 right?
    I am the uber duck!!1
    Proxy Tools

  5. #5
    Member
    Join Date
    Aug 2003
    Posts
    44
    No because the 3565 port is the source port on his (AngelicKnight) computer. your computer picks a random source port above 1024 and below a certain port (whos number I don't remember atm) to send data from. The service port (80 for http, 22 for SSH, etc.) is on the server end. Thus
    TCP knight:3565 texasrealtors.com:http TIME_WAIT 0
    shows that the connection is from his computer (knight) source port 3565 to texasrealtors.com port 80 (http).

  6. #6
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    that was me...sorry, I was just using your bathroom. I'll leave now...but I wouldn't go in there for a while if I was you...kinda stinks.

  7. #7
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    aw, I see, so you use a port to connect to port 80, but his port was still closing the information when he lost connection to port 80, right? Or at least do I have a good general idea?
    I am the uber duck!!1
    Proxy Tools

  8. #8
    I think he's right. Though I didn't have a browser open at the time, I had just closed one. Sounds like it just wasn't quite finished doing its thing at the time I tooke the snapshot. I checked again later and it had disappeared.

    But whatever helps me understand this concept better is good for me...

  9. #9
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    a few things to bear in mind when examining connections....

    Most services connect TO specified ports (ex. port 80 for http, 25 for smtp, etc) and FROM high ports (ports above 1024). This is important to consider not only when watching connections but when firewalling a machine that offers services.... (DNS is an excellent example on port 53) if I decide to only allow UDP to port 53 of my DNS server FROM port 53 of the client I will inevitably lock out the client and have a fairly useless rule, as the client will connect from a random high port.

    and of course, closing your browser wont stop connections already in progress, it simply does what you told it, exits the browser application the connections time out by themselves (those good little connections)
    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

  10. #10
    But still it's better that he did infact post it here, just in case there was something a little evil going on behind the scenes..
    I wish more noobies would be like this dude.
    I loved the way he worded he's question and presented the information..Kudos to him.


    cheers
    front2back:.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides