Results 1 to 10 of 10

Thread: netstat

  1. #1
    Junior Member
    Join Date
    Feb 2005
    Posts
    2

    Question netstat

    Hello, i just signed up yesterday as my search for an answer to a question brought me to this board, but i am going to have to ask the question since it was not answered and this looks like the place with the people in the knowwho could answer my question plus i am tired of googling it .

    Now i have several question on this topic .

    The other day on a chat service a chatter was telling people that if they feared someone hacking their computer to use a comand line promt {msdos} of netstat 10 and you could see the ip of the person hacking you and report them True or False ? .. netstat 10 does bring up connections to your computer but what i am wondering is if the run this is it like pinging or giving away my own ip at the same time it is showing incomming connections to my computer or is netstat 10 only showing the connections at 10 second intervals ?
    i know anolog x has a program called nestat live that i think does a simular job.

  2. #2
    Senior Member Kite's Avatar
    Join Date
    Jan 2005
    Location
    Underground Bunker, somewhere in Antarctica
    Posts
    109
    the command netstat 10 shows you foriegn connections to your computer and refreshes every ten seconds. you could see the ip address, but you would have to destinguish it from all the others that come up.
    I know your type, you think "I'll just get me a costume, rip off the neighborhood kids". Next thing you know, you've got a jet shaped like a skull with lasers on the front!
    -The Monarch.

  3. #3
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    ...if they feared someone hacking their computer to use a comand line promt {msdos} of netstat 10 and you could see the ip of the person hacking you and report them...
    Well, this is a vague or presumptive question, so we really can't give you a definitive answer for the whole thing. Let me explain:

    What is causing the belief that you're being attacked? That will (or should) dictate any and all actions you take. C:\> netstat 10 will certainly show you WHO is attacking you IF you are being actively attacked EXTERNALY in a method that will be displayed via the netstat command. But it will also show you any and all other external connections...which one is the attack, and which is not?

    Let me lay out a scenario:
    You think you're being attacked. You run C:\> netstat 10 and get an IP address that is attacking you*. You report it to your ISP.
    * or so you think
    You've just wrongly reported your neighbor as attacking you, simply because you both use the same ISP, and have Windows running without full blown firewalls and have the standard background BS traffic associated with Windows (AND OTHER! Not just MS) networks.

    Just because you think you're being attacked and you see an IP in the C:\> netstat 10 output does not definitively prove that said IP is attacking you. That's a false conclusion.

    I'd say that 99.99999995% of Internet users should NEVER, EVER call and report something if they *think* it's an attack. If they *KNOW* it's a threat, problem, or an attack, than yes, they should be responsible netizens and do the right thing. But the quintissential point of this is the phrase IF THEY @#$!KNOW!$#@. For further insight into this, see the first line of my .SIG below.

    ((extracted for posterity sake: "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf))
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Netstat /?
    will give you a list of the commands you can use and a discription of the information you can glean from using it. It will not give out any information, in the way that Ping/tracert will. It only looks at the tcp/ip stack on your machine for connections to and from your pc.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    To answer the questions:-

    you could see the ip of the person hacking you and report them True or False ?
    Both.... If the attack is external to your computer and if the attacker has connected within the session timeout of the protocol he used then yes his IP address would show up in a netstat. Note that when I say external I mean the attacker at some point connects to your computer remotely _or_ your computer connects to him as a result of a program that he has already installed on your computer. However, this could all be a little misleading since, let's say, your attacker has installed a key logger and is sending your activity to him via email. You will see the keyloggers connection to the mail server the attacker is using..... have fun reporting that to AOL.... <LOL> Netstat only shows existing or "untimed-out" network connections to your computer.... It gives you no indication of the nature of the traffic unless you are sophisticated enough to look at the output and know that the connection to xxx.xxx.xxx.xxx on port 25 is an email connection, that you didn't recently send an email and that you don't have a virus.... In this case a keylogger is a reasonable first assumption. See, it's all a bit more complicated than first sight might indicate..... Forget your friend's advice... You will end up on more wild goose chases than you have time for in your life......

    is it like pinging or giving away my own ip at the same time
    No, netstat is entirely passive in it's activity. The whole subject is a little long to go into now but computers "establish" connections between each other and, for the benefit of efficiency, they remember the connections for a while in case they have need to continue the "conversation". Netstat is showing you the current and "remembered" connections by looking at it's own connection table.... No need to go asking other computers questions.....

    netstat 10 only showing the connections at 10 second intervals ?
    The "10" is the refresh interval... How many seconds netstat will wait before it takes another look at the connection table and shows you what it found.

    i know anolog x has a program called nestat live that i think does a simular job.
    Probably..... But if you don't really understand the output of netstat what's the point? You aren't really going to understand the output from netstat live are you?

    My advice: Learn about _safe_ computing practices, get yourself a firewall of your choice and learn about how it works, why it works and how you can use it to protect yourself. You will be much better off than worrying about netstat..... Trust me.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Junior Member
    Join Date
    Feb 2005
    Posts
    2
    Thanks for the quick answers guys , i got what i was worried about answered .

    THANKS GUYS & GALS

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    117
    Just to add, there are some programs that use sockets instead of ports. One that comes to mind is team speak. If you did a netstat you would miss it unless you were looking for socket connections.
    Luck--TSM
    Atlanta, GA


  8. #8
    Junior Member
    Join Date
    Jan 2005
    Posts
    8
    I thought a socket was composed of a port and an IP. Did I miss something?

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Chimp, you brought up a good point. I actually do not know what lucktsm is
    talking about - this might be a matter of the definition of the words - in particular
    since my netstat does list the teamspeak server and client, as well on linux as on
    windows. lucktsm, I would appreciate if you could clarify.
    The only thing that comes to my mind is to substitude "socket" with "listening port".
    Then, a "netstat -a[no]" is needed, but still, netstat is capable of showing it.

    netstat

    There are several ways to detect applications related to tcp or udp connections. A few
    are described in an other post here on AO[1], in addition there is also the way of
    Code:
     (PVOID) GetProcAddress( LoadLibrary( "iphlpapi.dll"), 
    				"AllocateAndGetTcpExTableFromStack" );
     (PVOID) GetProcAddress( LoadLibrary( "iphlpapi.dll"), 
    				"AllocateAndGetUdpExTableFromStack" );
    which explicitly shows the teamspeak server. There were/are ways to hide processes,
    but there is no motivation to the teamspeak developers to do so.

    sockets and tcp/ip

    Sockets have been invented at Berkeley to provide generic access to "all" IPC's (interprocess
    communication). TCP/UDP are just particular instances - in this case, at least an IP number
    and a port is needed. If teamspeak would use AppleTalk, netstat obviously would not
    show it However, teamspeak uses tcp/udp.

    Cheers

    [1] http://www.antionline.com/showthread...195#post817195
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  10. #10

    Cool

    To view what TCP/UDP connections your computer is connected to I would advise you download tcpview. It's free and it tells you exactly which applications or services are being used. Hope that helps!


    -DOOBERT

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •