Results 1 to 2 of 2

Thread: netstat

  1. #1
    Junior Member
    Join Date
    Dec 2001
    Posts
    17

    netstat

    hello again thanks for the earlier replys helped alot....anyway

    running netstat -a on w2k and finding on my dos promptĀ“(besides some tcp and other UDp's)

    Proto local address foreignaddress state
    UDP 'usergroup:38037 *.*
    UDP 'usergroup:isakmp' *.*


    What does UDP that TCP does not and on such a high port number?
    isakmp what is that??
    What range on the port numbers listening are normal (I heard somepeople open backdoors on high portnumbers)?


    New to security and networking,

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    157

    Arrow port 38037 + TCP + UDP

    Welcome to Our World: Have fun!


    Port 38037 = UDP C:\WINNT\System32\MsgSys.EXE
    could've been the port netstat was running on

    The Internet standard protocols and networking applications run on lower numbered ports but there are many higher numbered ports that registered apps operate on.

    You need to use more than one tool/technique to find out what's happening with your system.

    ---- TCP ---
    TCP offers reliability by providing connection-oriented, end-to-end reliable packet delivery through an internetwork.
    It does this by sequencing bytes with a forwarding acknowledgment number that indicates to the destination the
    next byte the source expects to receive. Bytes not acknowledged within a specified time period are retransmitted.
    The reliability mechanism of TCP allows devices to deal with lost, delayed, duplicate, or misread packets. A time-out
    mechanism allows devices to detect lost packets and request retransmission.

    TCP offers efficient flow control, which means that, when sending acknowledgments back to the source,
    the receiving TCP process indicates the highest sequence number it can receive without overflowing its internal buffers.

    Full-duplex operation means that TCP processes can both send and receive at the same time.

    Finally, TCP's multiplexing means that numerous simultaneous upper-layer conversations can be multiplexed
    over a single connection


    ---- UDP ---

    Unlike the TCP, UDP adds no reliability, flow-control, or error-recovery functions to IP.
    Because of UDP's simplicity, UDP headers contain fewer bytes and consume less network overhead than TCP.

    UDP is useful in situations where the reliability mechanisms of TCP are not necessary, such as in cases where
    a higher-layer protocol might provide error and flow control.

    UDP is the transport protocol for several well-known application-layer protocols, including Network File System (NFS),
    Simple Network Management Protocol (SNMP), Domain Name System (DNS), and Trivial File Transfer Protocol (TFTP).

    --------
    ISAKMP
    Internet Security Association and Key Management Protocol.
    Internet IPSec protocol [RFC 2408] that negotiates, establishes, modifies, and deletes security associations.

    It also exchanges key generation and authentication data (independent of the details of any specific key generation technique),key establishment protocol, encryption algorithm, or authentication mechanism.
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
    Noah built the ark BEFORE it rained.


    http://ld.net/?rn
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •