NETSTAT and monitoring your ports

Posted on 2007-10-09
Last Modified: 2013-12-07
a couple questions i need help on (overall concept should do) --

at a CMD prompt you type netstat -a -o -n....  note any TCP entries with status of ESTABLISHED and foreign address OTHER than  

what's the deal with these sites / ports?   are they actually monitoring port 80 traffic & if so, what can they see?   do keystroke readers operate in that fashion (simply monitoring ports or something).

i'm interested in understanding more about those entries.  please explain.
Question by:nespa
    LVL 4

    Accepted Solution

    from what i know about netstat -ano  it will view all the ip address that is connected to you and the port they are using to connect...

    let say, you are not doing anything, but you heard your HD very busy, and you are wondering what's going on..    you have nothing open.. so you went to the command prompt and found that you are hosting a ftp server, but you have no idea about it.. and don't even remember installing it..   but the port 21 is point..  

    you can now trace the ip connected to you by tracert or some software outthere.. DIG and see where they are and report them to their ISP ..  anway... im out of tract as far as your question..

    what i use netstat -an  is to see and make sure i'm not running or no one is connected to me without me knowing it...

    hope that help man.
    LVL 1

    Author Comment

    this is very helpful info & resonates w/ what i thought was true; i figured they're connecting w/out my permission & are scanning.

    question then:  i'm noticing ports (various from 3716 - 3900) are connected to/ being watched by an external IP.    should i simply block my router from forwarding on these ports to prevent the activity?   or would that just cripple certain functions / make browsing or internet apps slower?   i'm using WPA on a linksys router for security.

    last question:  should i instead limit the connectivity to router to my MAC address (and if someone comes over for a visit throw their MAC address in the map so they can connect)... that is, would that also prevent that kind of activity described above?    
    LVL 32

    Assisted Solution

    You might want to use "netstat -abn" instead. That will show you which program (on your PC) is using each of those connections/ports. If you find any unexplained entries don't hesitate to post them here.

    There are many programs on your PC that check for updates etc. (everything from Windows to Java to Realaudio to Adobe to Quicktime to...) that make network connections. Some are more useful than others, so I would not disable anything without first checking who and why.

    I am assuming you are running Win XP Sp2. Do check that the Windows Firewall is enabled, though that does not block outgoing traffic.

    Some more details on netstat:
    LVL 1

    Author Comment

    >You might want to use "netstat -abn" instead.

    thanks for that - good trick.

    by the way - I'm using something I found to be pretty good:'s antiVirus /Firewall.   it's great, love it...just like ZoneAlarm in my opin. (both are worlds better, to me, than McAffee and F-Secure and ZoneAlarm give a lot of protection and don't ask a lot of questions.

    and thanks everyone for the info.   that's exactly what i use netstat for - make sure there are no other connex w/out my permission.   however every now & then i see odd activity that's *not* related to things that i'm i was curious how others use netstat / tracert and how people interpret the results.
    LVL 32

    Expert Comment

    Thanks and good luck.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
    The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now