Re: Netstat



On Sun, 14 Jan 2007 23:32:13 -0800, Lew/+Silat wrote:
Im trying to learn about all this but need some help. So I hope this question is a good place to start.
What does the following mean?

it shows what ports are connected to what ip addresses.

Want to know what a port connection MIGHT mean. You can use these two sites:

http://isc.sans.org/port.html?port= <== put port # of intrest here
http://www.dshield.org/port_report.html?port=



I opened cmd and typed netstat.
If there are things wrong what am I supposed to do?

Get rid of the offending software opening the port. :(

Active Connections


TCP :1025 localhost:1137 ESTABLISHED
TCP :1137 localhost:1025 ESTABLISHED

http://isc.sans.org/port.html?port=1025
Check the write up and see if you have any of the indicated services running.


TCP :3189 comcast.dca.giganews.com:nntp ESTABLISHED

That is your Usenet connection where you posted this message.


TCP :3198 wwwbaytest2.microsoft.com:http ESTABLISHED

Guessing you have a browser open and connected to Micro$oft or it's
Micro$oft code calling home :(

TCP :3192 po-in-f104.google.com:http ESTABLISHED

Looks like a google search page connection. Maybe something in the
task bar.

TCP :3202 63.236.1.139:http ESTABLISHED

On my Linux OS, that ip addy lookup shows
$ whois 63.236.1.139
Qwest Communications Corporation QWEST-INET-9 (NET-63-236-0-0-1)
63.236.0.0 - 63.239.255.255
Qwest Cybercenters QWEST-CYBERCENTER (NET-63-236-0-0-2)
63.236.0.0 - 63.236.127.255
Akamai Technologies, Inc. QWEST-BUC-AKAMAI (NET-63-236-1-128-1)
63.236.1.128 - 63.236.1.255

So I'll guess one of the Micro$oft connections has a connection into
Akamai Tech. Why you ask, because I know Micro$not uses them to host
some of their servers. Linux server boxes as I misunderstand it. :-)


You can look up ip addresses or net block owner lookup somewhere like
http://samspade.org/
http://www.webyield.net/domainquery.html
http://www.geektools.com/whois.php

.