Re: Netstat results - problem?
From: Luca Vix Visconti (vix.vix@tin.it)
Date: 03/17/03
- Previous message: David Marsh: "Netstat results - problem?"
- In reply to: David Marsh: "Netstat results - problem?"
- Next in thread: pat shuff: "Re: Netstat results - problem?"
- Reply: pat shuff: "Re: Netstat results - problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Luca Vix Visconti <vix.vix@tin.it> Date: Mon, 17 Mar 2003 17:22:55 +0100
Try netstat -a -o so you can see the PID of the process that are
listening. Next use ps ( or Spy++ ) to have the name of the servers.
If you use Mozilla there are many servers that this browser bring-up.
Vix
David Marsh wrote:
> I was reading a guide which said that if you reboot and then use the
> netstat -an command, it shouldn't show anything (other that the titles
> like 'proto').
>
> Mine showed:
>
> Proto Local Address Foreign Address State
> TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
>
> Is this something I need to concern myself with. This was immediately
> after rebooting and using The Cleaner, McAfee and Pest Patrol. I also
> use Zone Alarm Pro.
>
> When surfing, I get stuff like:
>
> roto Local Address Foreign Address State
> TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1056 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1058 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1061 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1062 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1064 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1067 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1068 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1072 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1073 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1074 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1078 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1081 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1082 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1083 0.0.0.0:0 LISTENING
> TCP 62.25.143.10:1056 64.33.6.241:80 ESTABLISHED
> TCP 62.25.143.10:1058 64.33.6.241:80 ESTABLISHED
> TCP 62.25.143.10:1061 64.49.222.164:80 ESTABLISHED
> TCP 62.25.143.10:1062 64.33.6.241:80 ESTABLISHED
> TCP 62.25.143.10:1064 64.49.222.164:80 ESTABLISHED
> TCP 62.25.143.10:1067 66.207.130.76:80 ESTABLISHED
> TCP 62.25.143.10:1068 66.207.130.76:80 ESTABLISHED
> TCP 62.25.143.10:1072 65.206.229.16:443 ESTABLISHED
> TCP 62.25.143.10:1073 66.207.130.77:80 SYN_SENT
> TCP 62.25.143.10:1074 63.209.29.151:80 ESTABLISHED
> TCP 62.25.143.10:1078 208.63.39.40:80 ESTABLISHED
> TCP 62.25.143.10:1080 195.92.228.44:80 SYN_SENT
> TCP 62.25.143.10:1081 209.34.72.200:80 SYN_SENT
> TCP 62.25.143.10:1082 216.52.210.21:80 SYN_SENT
> TCP 62.25.143.10:1083 204.42.41.150:80 SYN_SENT
> TCP 62.25.143.10:139 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:1025 127.0.0.1:1049 TIME_WAIT
> TCP 127.0.0.1:1025 127.0.0.1:1054 TIME_WAIT
> TCP 127.0.0.1:1025 127.0.0.1:1057 TIME_WAIT
> UDP 62.25.143.10:137 *:*
> UDP 62.25.143.10:138 *:*
> UDP 127.0.0.1:1026 *:*
> UDP 127.0.0.1:1051 *:*
>
> I understand that some of these are connections to websites but what
> about stuff like:
>
> TCP 0.0.0.0:1061 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1062 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1064 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1067 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1068 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1072 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1073 0.0.0.0:0 LISTENING
>
> Why would ports 1068,1072,1073, etc be trying to connect to 0.0.0.0:0?
>
> Have I a trojan or does this look like normal netstat logs? My
> original concern was the LISTENING immediately after rebooting on port
> 1025 but these logs have only fueled my concerns.
>
> Thanks in advance - appreciated greatly.
- Previous message: David Marsh: "Netstat results - problem?"
- In reply to: David Marsh: "Netstat results - problem?"
- Next in thread: pat shuff: "Re: Netstat results - problem?"
- Reply: pat shuff: "Re: Netstat results - problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
