• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5671
  • Last Modified:

NETSTAT and monitoring your ports

a couple questions i need help on (overall concept should do) --

at a CMD prompt you type netstat -a -o -n....  note any TCP entries with status of ESTABLISHED and foreign address OTHER than  

what's the deal with these sites / ports?   are they actually monitoring port 80 traffic & if so, what can they see?   do keystroke readers operate in that fashion (simply monitoring ports or something).

i'm interested in understanding more about those entries.  please explain.
  • 2
  • 2
2 Solutions
from what i know about netstat -ano  it will view all the ip address that is connected to you and the port they are using to connect...

let say, you are not doing anything, but you heard your HD very busy, and you are wondering what's going on..    you have nothing open.. so you went to the command prompt and found that you are hosting a ftp server, but you have no idea about it.. and don't even remember installing it..   but the port 21 is point..  

you can now trace the ip connected to you by tracert or some software outthere.. DIG and see where they are and report them to their ISP ..  anway... im out of tract as far as your question..

what i use netstat -an  is to see and make sure i'm not running or no one is connected to me without me knowing it...

hope that help man.
nespaAuthor Commented:
this is very helpful info & resonates w/ what i thought was true; i figured they're connecting w/out my permission & are scanning.

question then:  i'm noticing ports (various from 3716 - 3900) are connected to/ being watched by an external IP.    should i simply block my router from forwarding on these ports to prevent the activity?   or would that just cripple certain functions / make browsing or internet apps slower?   i'm using WPA on a linksys router for security.

last question:  should i instead limit the connectivity to router to my MAC address (and if someone comes over for a visit throw their MAC address in the map so they can connect)... that is, would that also prevent that kind of activity described above?    
You might want to use "netstat -abn" instead. That will show you which program (on your PC) is using each of those connections/ports. If you find any unexplained entries don't hesitate to post them here.

There are many programs on your PC that check for updates etc. (everything from Windows to Java to Realaudio to Adobe to Quicktime to...) that make network connections. Some are more useful than others, so I would not disable anything without first checking who and why.

I am assuming you are running Win XP Sp2. Do check that the Windows Firewall is enabled, though that does not block outgoing traffic.

Some more details on netstat:
nespaAuthor Commented:
>You might want to use "netstat -abn" instead.

thanks for that - good trick.

by the way - I'm using something I found to be pretty good:  F-Secure.com's antiVirus /Firewall.   it's great, love it...just like ZoneAlarm in my opin. (both are worlds better, to me, than McAffee and Symantec...as F-Secure and ZoneAlarm give a lot of protection and don't ask a lot of questions.

and thanks everyone for the info.   that's exactly what i use netstat for - make sure there are no other connex w/out my permission.   however every now & then i see odd activity that's *not* related to things that i'm doing...so i was curious how others use netstat / tracert and how people interpret the results.
Thanks and good luck.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now