I am running Windows XP Professional, all latest, SP,
critical updates and security patches applied. Regarding
netstat -a output, I can identify all LISTENING TCP
ports, except for one that continues to change, not good.
The port number has been 13802, 15489 and now 12900. I
realize that this is limited info, any advice as to how
to track down the service, other than turning off all
services 1 by 1 ?
netstat output ... the process that is using the port (which may have one ...>critical updates and security patches applied. ...>netstat -a output, I can identify all LISTENING TCP... (microsoft.public.windowsxp.security_admin)
Re: hacked? ... So I ssh'd in and did a netstat and saw what looked like an unwanted SSH connection... ... On the local host type nmap -sV localhost -p 1-65535 to see what ports respond and which apps/services. ... (comp.os.linux.misc)
Win2k Netstat sockets interpretation ... BUT, netstat /a indicates netbios ports 137,138,139,445 listening when I allow ZA to allow T-bird to act as a server to connect to the ... but Akamaitech~ is frequently there and firefox always has 4 connections local and 4 remote open inaddition to the url i am browsing???? ... The output from Ethereal showed a big download in the background from google...hex and what looks like certificates or host file additions to banks .....I no option to control F.F. updates and like to know when/what is updated since permissions and options have a nasty habit of being reset to 'lame' when updates happen silently ... (alt.computer.security)
Re: a tool like nestat ...netstat -b that will show you the programs associated with the ports in use. ... > a certified computer examiner, learn to recover trace data left behind by ... (Security-Basics)
Re: Win2k Netstat sockets interpretation ... I have deleted "file and print sharing" under "internet connections and disbled most recognizable "remote access" services under 'services.msc' but ZA detects a few remote access modules running and gives them permission if select "OK" to the suggested query. ...notice randomly ports assigned to urls or ip addresss. ...'netstat' on Win2K provides a view on the state of the *TDI interface*, ... something appearing as 0.0.0.0 listening means "an outstanding request to ... (alt.computer.security)
