Results 1 to 10 of 10

Thread: Netstat Question?

  1. #1
    Senior Member
    Join Date
    Apr 2003
    Posts
    125

    Netstat Question?

    C:\>netstat

    Active Connections

    Proto Local Address Foreign Address State
    TCP server:3036 ##.###.###.###:http TIME_WAIT
    TCP server:#### ##-###-##-##.client.attbi.com:#### ESTABLISHED
    TCP server:4838 dialup-67.75.152.22.Dial1.Atlanta1.Level3.net:12
    14 FIN_WAIT_1

    C:\>

    Do you see where it says dialup-67.75.152.22.Dial1.Atlanta1.Level3.net:12

    Im curious what that is? Any suggestions

  2. #2
    Senior Member SirSub's Avatar
    Join Date
    May 2003
    Location
    Groom Lake, Nevada
    Posts
    148
    My guess is thats your ISP that your computer is dialing to through port 4838
    It is impossible to make anything foolproof because fools are so ingenious. - Murphy

  3. #3
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    r you surfing a site ....maybe that the server of the site ..or hmmm ... what ISP are you using ... maybe that the ISP server or dialup location .... it could also be a remote connection .... why dont u close it and see what happens

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    if your on dialup it may be the modem on the other end yes, but most likely it's a connection for a file sharing util like gnutella/kazaa/etc it could be ICQ as well (though chat client connections are usually quick and dont hang out long)

    kill off your file sharing and any chat clients and check it again.... that'll letcha know
    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

  5. #5
    It would be a safe bet to say that it is your ISP host, or the computer that you dialed into. -Twisted-

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    67.75.152.22 is a dial up accoumt:

    22.152.75.67.in-addr.arpa PTR (Pointer) dialup-67.75.152.22.Dial1.Atlanta1.Level3.net

    Pointers are usually assigned dynamically at login time.

    port 4838 is registered as varadero-1 (whatever in hell that is) but because it is registered i doubt it would be used by a commercial file sharing network. Although i could be totally off the wall here.

    i suggest you go to this link at foundstond.com and download fport:

    http://www.foundstone.com/index.htm?...desc/fport.htm

    Put it in your search path (c:\windows\ or c:\\winnt\) open a dos prompt and enter fport. it will map the open ports to the program thats using it.

    Let us know what you find
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Wow great reply answer Tedob1. Must of really thought about that one. -Twisted-

  8. #8
    Junior Member
    Join Date
    May 2003
    Posts
    13
    Notice the format
    'Proto' 'Local Address' 'Foreign Address' 'State'
    'TCP' 'server:4838 'dialup-67.75.152.22.Dial1.Atlanta1.Level3.net:1214' 'FIN_WAIT_1'
    Interesting that the machine you run netstat on is logged on as (named) "server".
    What this says is 'dialup-67-etc' connected to 'server' (your machine) on port:4838.
    State FIN_WAIT_1 indicates that the dialup client initiated a disconnect however the
    server application on your machine has yet to acknowledge the disconnect.
    Not much else to be said without knowing what software on your machine was listening
    on that port.

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    TCP server:4838 dialup-67.75.152.22.Dial1.Atlanta1.Level3.net:12
    The weird bit is the fact that your machine is conected to this other box (which looks like your ISP machine for handling modem connections) on port 12. Port 12 is a low port AND it's not assigned. This could indicate that the remote server is running some sort of non standard monitoring/authenticating for dailin users. It's hard to say without doing some more digging around. Try telneting to that machine on port 12 and see if you get a banner back in the response that gives you a clue.
    OpenBSD - The proactively secure operating system.

  10. #10
    Senior Member
    Join Date
    Jun 2002
    Posts
    405
    TCP server:4838 dialup-67.75.152.22.Dial1.Atlanta1.Level3.net:1214 FIN_WAIT_1
    Which simply means that this is someone you were connected to with Kazaa (port 1214). my_wan explained what FIN_WAIT_1 means (understandable considering the context of a p2p program). If you close Kazaa, and then do a netstat, you should see a bunch of entries in the list with FIN_WAIT_1.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •