Netstat

Permabanned
Joined
29 Aug 2003
Posts
31,330
If I am showing several listening TCP connections after typing netstat -a in command prompt is that a good indicator for malware/spyware?

ps: didn't know if to put it here or networking.. :/

Double double edit. Answered my own question, its riddled. :( :p

/End
 
Last edited:
Hmm on a fresh install they are still there.. is this normal?

I can give a screenie, perhaps it would be better if this were moved to networking.
 
I'm on MSN and got Opera open and running netstat -a here gives me a few listening TCP connections. Also some for mail servers I'm getting email over IMAP through Thunderbird.
 
use -o so it lists the process ID, then using task manager to see what process that corresponds to. That way you know what is causing the connections.
 
This was with no software running other than system processes (hadn't even downloaded MSN). Basically after SP3 and updates I re-installed the NIC drivers and went to the command prompt.. still there.

Cheers Dist I will do that, if not I'll have to come back with a screenie I'm afraid!

Thanks guys

:)
 
netstat -b will tell you the application utilising the connection.

alternatively [and way better] use sysinternals 'tcp view' application to analyse connections.
 
Soneji-netstat.JPG


Can you see how I am getting confused?

Now I know how to close down microsoft-ds (port 445/tcp) in the registry.

What on earth, if anything, can I do about the netbios-ssn (port 139/tcp)?

May I know what is epmap (port 135) used for?

:confused: pah
 
Last edited:
Back
Top Bottom