help with netstat & netstat -ano
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: help with netstat & netstat -ano

  1. #1
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    769

    help with netstat & netstat -ano

    Hello fellow members of Antionline. my system has being lagging while I been searching the net. So I opened the command prompt for windows vista (basic edition) and here is the output


    Microsoft Windows [Version 6.0.6000]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.


    C:\Users\Mike>NETSTAT


    Active Connections


    Proto Local Address Foreign Address State
    TCP 192.168.1.100:56236 channel-ic-13-01-snc7:https ESTABLISHED
    TCP 192.168.1.100:56340 media:http ESTABLISHED
    TCP 192.168.1.100:56341 media:http ESTABLISHED
    TCP 192.168.1.100:56343 69.25.24.23:http ESTABLISHED
    TCP 192.168.1.100:56396 a23-3-9-50:http TIME_WAIT
    TCP 192.168.1.100:56400 a23-3-9-50:http TIME_WAIT
    TCP 192.168.1.100:56501 64.214.118.240:http ESTABLISHED
    TCP 192.168.1.100:56502 64.214.118.240:http ESTABLISHED
    TCP 192.168.1.100:56508 64.214.118.235:http ESTABLISHED
    TCP 192.168.1.100:56515 m-nb:http ESTABLISHED
    TCP 192.168.1.100:56521 208:http ESTABLISHED
    TCP 192.168.1.100:56589 69.25.24.23:http ESTABLISHED
    TCP 192.168.1.100:56600 a23-0-66-77:http ESTABLISHED
    TCP 192.168.1.100:56611 64.214.118.235:http ESTABLISHED
    TCP 192.168.1.100:56615 mia05s08-in-f28:http ESTABLISHED
    TCP 192.168.1.100:56639 mia05s08-in-f28:http ESTABLISHED
    TCP 192.168.1.100:56664 mia05s08-in-f3:http ESTABLISHED
    TCP 192.168.1.100:56679 64.214.118.240:http ESTABLISHED
    TCP 192.168.1.100:56710 mia05s08-in-f13:http ESTABLISHED
    TCP 192.168.1.100:56745 mia05s08-in-f25:http ESTABLISHED
    TCP 192.168.1.100:56758 a23-0-68-46:http ESTABLISHED
    TCP 192.168.1.100:56778 a23-0-69-186:https ESTABLISHED
    TCP 192.168.1.100:56792 a23-0-72-124:https ESTABLISHED
    TCP 192.168.1.100:56829 157.55.134.114:https ESTABLISHED
    TCP 192.168.1.100:56840 a23-0-72-124:https ESTABLISHED
    TCP 192.168.1.100:56841 a23-0-72-124:https ESTABLISHED
    TCP 192.168.1.100:56842 a23-0-72-124:https ESTABLISHED
    TCP 192.168.1.100:56846 157.56.19.158:https ESTABLISHED
    TCP 192.168.1.100:56978 a65-126-84-99:http ESTABLISHED
    TCP 192.168.1.100:56999 a184-50-36-46:http ESTABLISHED
    TCP 192.168.1.100:57012 216.151.187.168:http TIME_WAIT
    TCP 192.168.1.100:57052 a65-126-84-114:http ESTABLISHED
    TCP 192.168.1.100:57060 a65-126-84-120:http ESTABLISHED
    TCP 192.168.1.100:57083 a65-126-84-74:http TIME_WAIT
    TCP 192.168.1.100:57190 a65-126-84-115:http ESTABLISHED
    TCP 192.168.1.100:57191 216.52.92.23:http ESTABLISHED
    TCP 192.168.1.100:57200 a65-126-84-80:http ESTABLISHED
    TCP 192.168.1.100:57210 74.217.78.161:http ESTABLISHED
    TCP 192.168.1.100:57237 74.217.78.146:http ESTABLISHED
    TCP 192.168.1.100:57238 74.217.78.146:http ESTABLISHED
    TCP 192.168.1.100:57239 216.52.92.23:http ESTABLISHED
    TCP 192.168.1.100:57250 216.151.187.171:http ESTABLISHED
    TCP 192.168.1.100:57416 a184-28-116-66:http ESTABLISHED
    TCP 192.168.1.100:57437 75.98.62.248:http ESTABLISHED
    TCP 192.168.1.100:57450 domain:http ESTABLISHED
    TCP 192.168.1.100:57461 199.38.166.150:http ESTABLISHED
    TCP 192.168.1.100:57485 a184-28-117-231:http ESTABLISHED
    TCP 192.168.1.100:57630 mia05s08-in-f4:http ESTABLISHED
    TCP 192.168.1.100:57634 origin:http ESTABLISHED
    TCP 192.168.1.100:57636 origin:http ESTABLISHED
    TCP 192.168.1.100:57644 72.21.203.149:https ESTABLISHED
    TCP 192.168.1.100:57645 72.21.203.149:https ESTABLISHED
    TCP 192.168.1.100:57646 a65-126-84-104:http ESTABLISHED
    TCP 192.168.1.100:57649 mia05s08-in-f13:http ESTABLISHED
    TCP 192.168.1.100:57654 a184-50-40-124:http ESTABLISHED
    TCP 192.168.1.100:57655 a184-50-40-124:http ESTABLISHED
    TCP 192.168.1.100:57659 mia05s08-in-f25:http ESTABLISHED
    TCP 192.168.1.100:57684 a184-50-40-124:http ESTABLISHED
    TCP 192.168.1.100:57695 a184-50-40-124:http ESTABLISHED
    TCP 192.168.1.100:57696 a184-50-40-124:http ESTABLISHED
    TCP 192.168.1.100:57720 198.144.112.64:http ESTABLISHED
    TCP 192.168.1.100:57722 198.144.112.64:http ESTABLISHED
    TCP 192.168.1.100:57724 img-dc6:http ESTABLISHED
    TCP 192.168.1.100:57729 198.144.112.64:http ESTABLISHED
    TCP 192.168.1.100:57730 198.144.112.64:http ESTABLISHED
    TCP 192.168.1.100:57731 198.144.112.64:http ESTABLISHED
    TCP 192.168.1.100:57732 198.144.112.64:http ESTABLISHED
    TCP 192.168.1.100:57736 198.144.112.75:http ESTABLISHED
    TCP 192.168.1.100:57760 64.4.21.40:http ESTABLISHED
    TCP 192.168.1.100:57761 65.55.142.229:http ESTABLISHED
    TCP 192.168.1.100:57764 a23-2-45-165:http ESTABLISHED
    TCP 192.168.1.100:57779 a23-2-45-165:https ESTABLISHED
    TCP 192.168.1.100:57780 a23-2-45-165:https ESTABLISHED
    TCP 192.168.1.100:57781 a23-2-165-186:http ESTABLISHED
    TCP 192.168.1.100:57782 a23-2-45-165:https ESTABLISHED
    TCP 192.168.1.100:57789 a23-2-46-227:http ESTABLISHED
    TCP 192.168.1.100:57799 mia04s05-in-f3:https ESTABLISHED
    TCP 192.168.1.100:57881 ip-68-71-249-118:http ESTABLISHED
    TCP 192.168.1.100:57888 198.144.112.66:http ESTABLISHED
    TCP 192.168.1.100:57891 69.25.24.26:http ESTABLISHED
    TCP 192.168.1.100:57893 65.55.5.232:http ESTABLISHED
    TCP 192.168.1.100:57909 sync:http ESTABLISHED
    TCP 192.168.1.100:57910 sync:http ESTABLISHED
    TCP 192.168.1.100:57914 ec2-50-19-87-179:http CLOSE_WAIT
    TCP 192.168.1.100:57929 ec2-184-72-246-237:https ESTABLISHED
    TCP 192.168.1.100:57930 ec2-184-72-246-237:https ESTABLISHED
    TCP 192.168.1.100:57940 65.55.5.231:http ESTABLISHED
    TCP 192.168.1.100:57945 198.144.112.83:http ESTABLISHED
    TCP 192.168.1.100:57950 server-216-137-47-50:http ESTABLISHED
    TCP 192.168.1.100:57986 95.154.251.53:http FIN_WAIT_2
    TCP 192.168.1.100:57989 64.188.63.5:https ESTABLISHED
    TCP 192.168.1.100:57990 media:http TIME_WAIT
    TCP 192.168.1.100:57991 ox-173-241-250-123:http TIME_WAIT


    C:\Users\Mike>



    It seems there are a lot different connections... connecting to *higher port numbers* I keep my system up-to-date with AVG, apply the latest OS updates, I also have spybot search and destroy up-to-date, and anti-malware well as hijack this. AVG found no threats, spybot only found one item which i deleted. I have my firewall enabled the one that comes with windows vista configured for inbound and outbound traffic. also, i'm behind a cisco router. Is there anything you would worry about if so, please let me know thanks mike.

  2. #2
    Administrator
    Join Date
    Apr 2011
    Location
    USA
    Posts
    238
    Did you run Netstat with your browser open? If so, close it and try again.

  3. #3
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    769

    Thanks for the help

    Steve R Jones
    Did you run Netstat with your browser open? If so, close it and try again.



    Thank you for the fast reply. Yes, I did run netstat with the browser open while online. I was only on one website facebook. I'm going to close the browser which is;(google chrome) and i will open the comand prompt with no browsers open and here is the output:


    Microsoft Windows [Version 6.0.6000]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.


    C:\Users\Mike>netstat


    Active Connections


    Proto Local Address Foreign Address State
    TCP 192.168.1.100:61153 mia05s08-in-f5:http ESTABLISHED
    TCP 192.168.1.100:61702 a184-27-38-227:http ESTABLISHED
    TCP 192.168.1.100:61949 mia05s08-in-f7:http ESTABLISHED
    TCP 192.168.1.100:62013 mia05s08-in-f28:http ESTABLISHED
    TCP 192.168.1.100:62022 mia05s08-in-f27:http ESTABLISHED
    TCP 192.168.1.100:62038 media:http ESTABLISHED
    TCP 192.168.1.100:62069 69.25.24.23:http ESTABLISHED
    TCP 192.168.1.100:62071 69.25.24.23:http ESTABLISHED
    TCP 192.168.1.100:62079 a184-24-226-77:http ESTABLISHED
    TCP 192.168.1.100:62094 204.245.190.32:http ESTABLISHED
    TCP 192.168.1.100:62112 204.245.190.9:http ESTABLISHED
    TCP 192.168.1.100:62118 204.245.190.32:http ESTABLISHED
    TCP 192.168.1.100:62148 a184-24-228-46:http ESTABLISHED
    TCP 192.168.1.100:62158 a184-24-228-46:http ESTABLISHED
    TCP 192.168.1.100:62164 204.245.190.41:http ESTABLISHED
    TCP 192.168.1.100:62181 mia05s08-in-f6:http ESTABLISHED
    TCP 192.168.1.100:62276 ip-68-71-249-118:http ESTABLISHED
    TCP 192.168.1.100:62300 204.245.190.51:http ESTABLISHED
    TCP 192.168.1.100:62330 204.245.190.19:http ESTABLISHED
    TCP 192.168.1.100:62375 204.245.190.48:http ESTABLISHED
    TCP 192.168.1.100:62380 images:http ESTABLISHED
    TCP 192.168.1.100:62471 g1:http TIME_WAIT
    TCP 192.168.1.100:62710 8.19.18.172:http ESTABLISHED
    TCP 192.168.1.100:62728 8.19.18.172:http ESTABLISHED
    TCP 192.168.1.100:62747 8.19.18.172:http ESTABLISHED
    TCP 192.168.1.100:62748 8.19.18.172:http ESTABLISHED
    TCP 192.168.1.100:62758 8.19.18.172:http ESTABLISHED
    TCP 192.168.1.100:62981 208.71.123.129:http ESTABLISHED
    TCP 192.168.1.100:62985 sta-204-144-141-26:https ESTABLISHED
    TCP 192.168.1.100:62986 sta-204-144-141-26:https ESTABLISHED
    TCP 192.168.1.100:62992 208.71.125.133:http ESTABLISHED
    TCP 192.168.1.100:63000 sta-204-144-141-28:https ESTABLISHED
    TCP 192.168.1.100:63001 sta-204-144-141-28:https ESTABLISHED
    TCP 192.168.1.100:63004 208.71.125.131:http ESTABLISHED
    TCP 192.168.1.100:63005 s3-1-w:https ESTABLISHED
    TCP 192.168.1.100:63006 s3-1-w:https ESTABLISHED
    TCP 192.168.1.100:63012 208.71.125.52:http ESTABLISHED
    TCP 192.168.1.100:63016 mia05s08-in-f25:http ESTABLISHED
    TCP 192.168.1.100:63018 69.80.196.159:http ESTABLISHED
    TCP 192.168.1.100:63020 mia05s08-in-f5:https ESTABLISHED
    TCP 192.168.1.100:63035 208.71.125.28:http ESTABLISHED
    TCP 192.168.1.100:63048 208.71.125.18:http ESTABLISHED
    TCP 192.168.1.100:63056 208.71.125.119:http ESTABLISHED
    TCP 192.168.1.100:63065 69.25.24.24:http ESTABLISHED
    TCP 192.168.1.100:63104 208-44-23-9:http ESTABLISHED
    TCP 192.168.1.100:63109 mia05s08-in-f2:http ESTABLISHED
    TCP 192.168.1.100:63110 mia05s08-in-f4:http ESTABLISHED
    TCP 192.168.1.100:63111 mia05s08-in-f3:http ESTABLISHED
    TCP 192.168.1.100:63112 mia05s08-in-f2:http ESTABLISHED
    TCP 192.168.1.100:63113 mia05s08-in-f2:http ESTABLISHED
    TCP 192.168.1.100:63114 mia05s08-in-f4:http ESTABLISHED
    TCP 192.168.1.100:63115 mia05s08-in-f5:http ESTABLISHED
    TCP 192.168.1.100:63116 mia05s08-in-f3:http ESTABLISHED
    TCP 192.168.1.100:63117 mia05s08-in-f3:http ESTABLISHED
    TCP 192.168.1.100:63118 mia05s08-in-f3:http ESTABLISHED
    TCP 192.168.1.100:63119 mia05s08-in-f3:http ESTABLISHED


    C:\Users\Mike>

    Doe it look like anything to be concered with or i should worry about?

  4. #4
    Super Moderator
    Join Date
    May 2012
    Posts
    239
    TCP 192.168.1.100

    That is part of your local lan. A private IP number.

    Check your computer for p2p type programs having been installed and portforwarding in you router.

    TCP 192.168.1.100:62728 8.19.18.172:
    Now that line tells me your router is using port 62728 to connect to 8.19.18.172 in New York city. A ad server from the looks of things and yes those ad servers can really slow/mess things up.

  5. #5
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    769

    Cool Thank you for all the replies.

    TCP 192.168.1.100


    That is part of your local lan. A private IP number.


    Check your computer for p2p type programs having been installed and portforwarding in you router.


    TCP 192.168.1.100:62728 8.19.18.172:
    Now that line tells me your router is using port 62728 to connect to 8.19.18.172 in New York city. A ad server from the looks of things and yes those ad servers can really slow/mess things up.

    I know 192.168.1.100 is the one assigned to me from the router but i was not sure about the port it what using so thank you for the information i greatly appreciated.




    Check your computer for p2p type programs having been installed and portforwarding in you router.



    I looked through my system and didn't find any p2p applications. I scanned my system with spybot, malware antimalware, and AVG and hijack this and everything came out fine. However, when i check netstat -ano this is the latest output


    Microsoft Windows [Version 6.0.6000]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.


    C:\Users\Mike>netstat -ano


    Active Connections


    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1088
    TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 784
    TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1184
    TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1480
    TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 1220
    TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 840
    TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 828
    TCP 0.0.0.0:49251 0.0.0.0:0 LISTENING 3524
    TCP 127.0.0.1:9421 0.0.0.0:0 LISTENING 3524
    TCP 127.0.0.1:9422 0.0.0.0:0 LISTENING 3524
    TCP 127.0.0.1:9423 0.0.0.0:0 LISTENING 3524
    TCP 169.254.16.78:139 0.0.0.0:0 LISTENING 4
    TCP 192.168.1.100:139 0.0.0.0:0 LISTENING 4
    TCP 192.168.1.100:49216 209.107.220.188:443 ESTABLISHED 3524
    TCP 192.168.1.100:49318 69.171.227.71:443 ESTABLISHED 3840
    TCP 192.168.1.100:49767 173.194.37.0:80 ESTABLISHED 3840
    TCP 192.168.1.100:50279 69.171.227.71:443 ESTABLISHED 3840
    TCP 192.168.1.100:50417 173.194.37.1:80 ESTABLISHED 3840
    TCP 192.168.1.100:50450 184.84.252.250:80 ESTABLISHED 3840
    TCP 192.168.1.100:50451 184.84.252.250:80 ESTABLISHED 3840
    TCP 192.168.1.100:50458 184.84.252.250:80 ESTABLISHED 3840
    TCP 192.168.1.100:50461 184.84.252.215:80 ESTABLISHED 3840
    TCP 192.168.1.100:50470 184.28.189.231:80 ESTABLISHED 3840
    TCP 192.168.1.100:50473 184.84.252.215:80 ESTABLISHED 3840
    TCP 192.168.1.100:50495 173.194.37.4:80 ESTABLISHED 3840
    TCP 192.168.1.100:50496 173.194.37.5:80 ESTABLISHED 3840
    TCP 192.168.1.100:50497 173.194.37.5:80 ESTABLISHED 3840
    TCP 192.168.1.100:50498 173.194.37.5:80 ESTABLISHED 3840
    TCP 192.168.1.100:50499 173.194.37.6:80 ESTABLISHED 3840
    TCP 192.168.1.100:50500 173.194.37.6:80 ESTABLISHED 3840
    TCP 192.168.1.100:50501 173.194.37.6:80 ESTABLISHED 3840
    TCP 192.168.1.100:50502 173.194.37.6:80 ESTABLISHED 3840
    TCP 192.168.1.100:50504 173.194.37.7:80 ESTABLISHED 3840
    TCP 192.168.1.100:50505 173.194.37.7:80 ESTABLISHED 3840
    TCP 192.168.1.100:50507 173.194.37.3:80 ESTABLISHED 3840
    TCP 192.168.1.100:50508 173.194.37.2:443 ESTABLISHED 3840
    TCP 192.168.1.100:50509 173.194.29.146:80 ESTABLISHED 3840
    TCP 192.168.1.100:50510 173.194.37.3:80 ESTABLISHED 3840
    TCP 192.168.1.100:50511 173.194.41.111:80 ESTABLISHED 3840
    TCP 192.168.1.100:50512 173.194.37.8:80 ESTABLISHED 3840
    TCP 192.168.1.100:50513 173.194.41.111:443 ESTABLISHED 3840
    TCP [::]:135 [::]:0 LISTENING 1088
    TCP [::]:445 [::]:0 LISTENING 4
    TCP [::]:5357 [::]:0 LISTENING 4
    TCP [::]:49152 [::]:0 LISTENING 784
    TCP [::]:49153 [::]:0 LISTENING 1184
    TCP [::]:49154 [::]:0 LISTENING 1480
    TCP [::]:49155 [::]:0 LISTENING 1220
    TCP [::]:49156 [::]:0 LISTENING 840
    TCP [::]:49157 [::]:0 LISTENING 828
    UDP 0.0.0.0:123 *:* 1480
    UDP 0.0.0.0:500 *:* 1220
    UDP 0.0.0.0:3702 *:* 1480
    UDP 0.0.0.0:3702 *:* 1480
    UDP 0.0.0.0:4500 *:* 1220
    UDP 0.0.0.0:5355 *:* 1600
    UDP 0.0.0.0:62091 *:* 1480
    UDP 0.0.0.0:64872 *:* 3524
    UDP 0.0.0.0:64874 *:* 3524
    UDP 127.0.0.1:1900 *:* 1480
    UDP 127.0.0.1:52291 *:* 3524
    UDP 127.0.0.1:57623 *:* 1220
    UDP 127.0.0.1:61564 *:* 1480
    UDP 127.0.0.1:64873 *:* 3524
    UDP 169.254.16.78:137 *:* 4
    UDP 169.254.16.78:138 *:* 4
    UDP 169.254.16.78:1900 *:* 1480
    UDP 169.254.16.78:61563 *:* 1480
    UDP 192.168.1.100:137 *:* 4
    UDP 192.168.1.100:138 *:* 4
    UDP 192.168.1.100:1900 *:* 1480
    UDP 192.168.1.100:61562 *:* 1480
    UDP [::]:123 *:* 1480
    UDP [::]:500 *:* 1220
    UDP [::]:3702 *:* 1480
    UDP [::]:3702 *:* 1480
    UDP [::]:5355 *:* 1600
    UDP [::]:62092 *:* 1480
    UDP [::1]:1900 *:* 1480
    UDP [::1]:61560 *:* 1480
    UDP [fe80::100:7f:fffe%9]:1900 *:* 1480


    UDP [fe80::100:7f:fffe%9]:61561 *:* 148
    0
    UDP [fe80::4df9:543a:a3a2:104e%12]:1900 *:*
    1480
    UDP [fe80::4df9:543a:a3a2:104e%12]:61559 *:*
    1480
    UDP [fe80::f456:f2f2:6a95:321a%8]:1900 *:*
    1480
    UDP [fe80::f456:f2f2:6a95:321a%8]:61558 *:*
    1480


    C:\Users\Mike>



    i checked the routers logs all icoming & outgoing (outgoing was full) incoming like 1 or 2. Also, port forwarding is not enabled.


    There's something on this system that is connecting out thing is i have a firewall monitoring incomming/outgoing connections so thinkin w.t.f anyways, thank you guys for your help.
    Last edited by Computernerd22; October 10th, 2012 at 12:15 AM.

  6. #6
    Super Moderator
    Join Date
    May 2012
    Posts
    239
    Well go back into your firewall and go through the entries one by one and I'll bet you find several that you can kill.
    Task scheduler is another place I have found quite a few HIDDEN items that I could remove..
    From the line:
    TCP 192.168.1.100:49216 209.107.220.188:443 ESTABLISHED 3524
    I googled 209.107.220.188
    and found it to be a server.
    209.107.220.188 is A server
    http://www.ip-adress.com/whois/209.107.220.188

  7. #7
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    769
    Well i went through the firewall rules like you said and it had a few applications that were checked that didn't need to be. I'm not sure how this stuff even got on my system. I download things from the internet but i scan the application before i ever run it on my system. Have any other ideas tips, tricks etc,,, that would help ps; thank you for all your help

  8. #8
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,694
    http://technet.microsoft.com/en-us/s.../bb842062.aspx

    Download this. Every technician of any sort needs these utilities.


    First, run TCPView as an administrator and grab the PIDs of any suspicious traffic source. Sometimes, the source is obvious (iexplore.exe, various updates, etc) other times you'll be stuck with svchost.exe with no way to know what is actually forcing connections.

    Once you have the PIDs, you can use Process Explorer to check out the processes. If you locate the PID, and it's a nonsense process such as rundll or svchost, you can right click and hit properties to get the actuall command line that is/was used to load the process, including GUID and other relevant info.

    Code:
    C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
    There is an incredible amount of information available now, including how and where the process was launched, security tokens and permissions, environment data, threads, etc.
    Real security doesn't come with an installer.

  9. #9
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    769

    Smile

    output of process explorer.jpgtcp view.jpg
    Download this. Every technician of any sort needs these utilities.


    First, run TCPView as an administrator and grab the PIDs of any suspicious traffic source. Sometimes, the source is obvious (iexplore.exe, various updates, etc) other times you'll be stuck with svchost.exe with no way to know what is actually forcing connections.

    Once you have the PIDs, you can use Process Explorer to check out the processes. If you locate the PID, and it's a nonsense process such as rundll or svchost, you can right click and hit properties to get the actuall command line that is/was used to load the process, including GUID and other relevant info.

    Code:
    The tools worked great. I was able to end connections that i wanted to. it seemed there was something on my system doing outbound connections, I run virtual box in a server mode but i always make sure to disconnect and kill the connection. Thank you for the help. ps; heres the latest screen shot of the applications

  10. #10
    Super Moderator
    Join Date
    May 2012
    Posts
    239
    That zoom zenga line has my curiousity up.
    That maybe in ADD/Remove in fact.

Similar Threads

  1. netstat
    By Fishful in forum Newbie Security Questions
    Replies: 9
    Last Post: February 27th, 2005, 04:04 AM
  2. Netstat
    By DeadAddict in forum Other Tutorials Forum
    Replies: 7
    Last Post: October 12th, 2003, 06:10 AM
  3. Netstat
    By LiquidWhore in forum Newbie Security Questions
    Replies: 7
    Last Post: June 3rd, 2003, 08:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •