Re: Netstat shjows "extra" connections
- From: "Mark R. Blain" <mblain@xxxxxxxxxxxxx>
- Date: Fri, 17 Feb 2006 18:19:09 -0500
On Fri, 17 Feb 2006 09:39:08 -0500, Bob wrote:
Greetings:
OK, short version of a long story... think I may have contracted a
virus yesterday. Looked in netstat, saw some connections to APNIC
addresses that should not have been there. Have installed all the
latest MS updates now as well as run lots of virus checks.. seems
close to normal operation. Client in win2kPro.
While I was having problems, I was watching netstat. There were lots
(like thirty0 connection that looked like this (different ports, of
course):
TCP system1:1025 .:http LISTENING
First question: What's with the ".http:" as a foreign address?
After my repair efforts, I do not see these connections anymore. But,
I do see a lot (10-15) of connections like the following for a while
after boot/login (varying ports):
TCP system1:1025 system1:0 LISTENING
Second question: What's with all these connections?
Third Question: Is there some way to see what process causes a
connection on win2K? I know under XP I can just do netstat -o and see
it... that option is not available on win2K. Can I just pirate the
netstat program off an XP Pro system ? Is there another way?
Thanks
Does this information about possible uses of port 1025 help?
<http://grc.com/port_1025.htm>
Grab a copy of TCPVIEW from sysinternals.com and run it as an
*administrator* to help determine what is listening on that port. If
you want netstat, check the Support Tools folder on the XP
installation CD-ROM for an enhanced version (the new "-o" option lists
the PID of the process that owns each port).
.
- Prev by Date: Re: Password Policy and Service Accounts
- Next by Date: Re: Record User Logon/Logoff with Computer Name + Username
- Previous by thread: How to change shared folder perms programmatically in user-level mode
- Next by thread: Re: Record User Logon/Logoff with Computer Name + Username
- Index(es):
Relevant Pages
|
