NETSTAT and monitoring your ports

Posted on 2007-10-09
Medium Priority
Last Modified: 2013-12-07
a couple questions i need help on (overall concept should do) --

at a CMD prompt you type netstat -a -o -n....  note any TCP entries with status of ESTABLISHED and foreign address OTHER than  

what's the deal with these sites / ports?   are they actually monitoring port 80 traffic & if so, what can they see?   do keystroke readers operate in that fashion (simply monitoring ports or something).

i'm interested in understanding more about those entries.  please explain.
Question by:nespa
  • 2
  • 2

Accepted Solution

pstrawser earned 1000 total points
ID: 20045943
from what i know about netstat -ano  it will view all the ip address that is connected to you and the port they are using to connect...

let say, you are not doing anything, but you heard your HD very busy, and you are wondering what's going on..    you have nothing open.. so you went to the command prompt and found that you are hosting a ftp server, but you have no idea about it.. and don't even remember installing it..   but the port 21 is point..  

you can now trace the ip connected to you by tracert or some software outthere.. DIG and see where they are and report them to their ISP ..  anway... im out of tract as far as your question..

what i use netstat -an  is to see and make sure i'm not running or no one is connected to me without me knowing it...

hope that help man.

Author Comment

ID: 20046161
this is very helpful info & resonates w/ what i thought was true; i figured they're connecting w/out my permission & are scanning.

question then:  i'm noticing ports (various from 3716 - 3900) are connected to/ being watched by an external IP.    should i simply block my router from forwarding on these ports to prevent the activity?   or would that just cripple certain functions / make browsing or internet apps slower?   i'm using WPA on a linksys router for security.

last question:  should i instead limit the connectivity to router to my MAC address (and if someone comes over for a visit throw their MAC address in the map so they can connect)... that is, would that also prevent that kind of activity described above?    
LVL 32

Assisted Solution

r-k earned 1000 total points
ID: 20046307
You might want to use "netstat -abn" instead. That will show you which program (on your PC) is using each of those connections/ports. If you find any unexplained entries don't hesitate to post them here.

There are many programs on your PC that check for updates etc. (everything from Windows to Java to Realaudio to Adobe to Quicktime to...) that make network connections. Some are more useful than others, so I would not disable anything without first checking who and why.

I am assuming you are running Win XP Sp2. Do check that the Windows Firewall is enabled, though that does not block outgoing traffic.

Some more details on netstat:

Author Comment

ID: 20056873
>You might want to use "netstat -abn" instead.

thanks for that - good trick.

by the way - I'm using something I found to be pretty good:  F-Secure.com's antiVirus /Firewall.   it's great, love it...just like ZoneAlarm in my opin. (both are worlds better, to me, than McAffee and Symantec...as F-Secure and ZoneAlarm give a lot of protection and don't ask a lot of questions.

and thanks everyone for the info.   that's exactly what i use netstat for - make sure there are no other connex w/out my permission.   however every now & then i see odd activity that's *not* related to things that i'm doing...so i was curious how others use netstat / tracert and how people interpret the results.
LVL 32

Expert Comment

ID: 20057373
Thanks and good luck.

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question