• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3792
  • Last Modified:

netstat

hi All,

 I have winxp with SP2 and the firewall is on, I use some downloading programs like IMesh, but when I open this program and without making any downloading or searching, I can see some transactions.
 When I used netstat -an command, I found alot of established connections.
How can I disconnect or disable this unwanted connections.
 Is there a program can show me all these sessions and give me the access to control these connections?
the netstat example is below :


C:\>netstat -an

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1214           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3531           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:16314          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1025         0.0.0.0:0              LISTENING
  TCP    217.16.205.52:139     0.0.0.0:0              LISTENING
  TCP    217.16.205.52:1217    212.179.66.8:8010      ESTABLISHED
  TCP    217.16.205.52:1234    67.167.210.11:6346     ESTABLISHED
  TCP    217.16.205.52:2219    82.251.125.60:6346     ESTABLISHED
  TCP    217.16.205.52:2343    24.0.74.18:6346        ESTABLISHED
  TCP    217.16.205.52:2515    213.107.129.137:6346   FIN_WAIT_1
  TCP    217.16.205.52:2551    84.101.221.60:6346     TIME_WAIT
  TCP    217.16.205.52:2581    67.83.141.14:30667     TIME_WAIT
  TCP    217.16.205.52:2588    24.105.209.65:6346     ESTABLISHED
  TCP    217.16.205.52:2593    70.69.178.218:35687    FIN_WAIT_2
  TCP    217.16.205.52:2595    80.119.111.53:16246    TIME_WAIT
  TCP    217.16.205.52:2599    82.234.230.192:6346    TIME_WAIT
  TCP    217.16.205.52:2639    69.201.25.57:6346      FIN_WAIT_2
  TCP    217.16.205.52:2650    66.24.48.115:6346      TIME_WAIT
  TCP    217.16.205.52:2653    68.20.17.45:6346       ESTABLISHED
  TCP    217.16.205.52:2655    65.188.180.34:6346     ESTABLISHED
  TCP    217.16.205.52:2656    141.152.26.127:6346    SYN_SENT
  TCP    217.16.205.52:2657    67.23.250.155:6346     SYN_SENT
  TCP    217.16.205.52:3531    217.219.151.239:3996   FIN_WAIT_1
  TCP    217.16.205.52:4160    212.199.220.98:3531    CLOSE_WAIT
  TCP    217.16.205.52:4170    212.199.220.98:3531    CLOSE_WAIT
  TCP    217.16.205.52:4699    145.53.43.165:3018     ESTABLISHED
  UDP    0.0.0.0:1              *:*
  UDP    0.0.0.0:445            *:*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:1041           *:*
  UDP    0.0.0.0:1064           *:*
  UDP    0.0.0.0:1214           *:*
  UDP    0.0.0.0:1223           *:*
  UDP    0.0.0.0:3531           *:*
  UDP    0.0.0.0:3724           *:*
  UDP    0.0.0.0:3726           *:*
  UDP    0.0.0.0:4500           *:*
  UDP    0.0.0.0:16314          *:*
  UDP    0.0.0.0:16327          *:*
  UDP    127.0.0.1:123          *:*
  UDP    127.0.0.1:1032         *:*
  UDP    127.0.0.1:1206         *:*
  UDP    127.0.0.1:1900         *:*
  UDP    217.16.205.52:123     *:*
  UDP    217.16.205.52:137     *:*
  UDP    217.16.205.52:138     *:*
  UDP    217.16.205.52:1900    *:*

C:\>

Thanks and best regards
0
deyaa
Asked:
deyaa
1 Solution
 
JohnK813Commented:
From what I could gather, 6436 is a file sharing port.  If I remember correctly, isn't IMesh a two-way deal, where people can also connect to you and browse your files?  That's probably what's going on here.

Do a "netstat -a" instead of -an, and it will give you the host names of those IP addresses, which could be more helpful.

You might want to do a virus and spyware scan, just to be safe.

>>Is there a program can show me all these sessions and give me the access to control these connections?

I'm not an expert in this area, but you may be able to do this with a better firewall.  Maybe someone here could give you suggestions on one.
0
 
r-kCommented:
Even better, type "netstat -ab" and that will give you the name of each program that is using those connections. Be patient, the "netstat -ab" command runs a bit slow.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now