netstat mystery on Win XP Home computer

Experts:

I am using a PC named Blackhawk which is running Windows XP Home.  I ran the Shields Up program at the Gibson Research website (grc.com) on Blackhawk and it said that I have ports 21, 22, 23, and 80 open. That's ftp, ssh, telnet, and http.  I went to another office (several miles away) where I have a linux computer and did an nmap scan of Blackhawk's IP address.  It also showed the same 4 ports open on Blackhawk.

But when I do a netstat -a | find LIST on Blackhawk, none of those ports show up.  The output of the netstat command on Blackhawk is below:

TCP    blackhawk:epmap        blackhawk:0            LISTENING
  TCP    blackhawk:microsoft-ds  blackhawk:0            LISTENING
  TCP    blackhawk:873          blackhawk:0            LISTENING
  TCP    blackhawk:2002         blackhawk:0            LISTENING
  TCP    blackhawk:4454         blackhawk:0            LISTENING
  TCP    blackhawk:1030         blackhawk:0            LISTENING
  TCP    blackhawk:1241         blackhawk:0            LISTENING
  TCP    blackhawk:10080        blackhawk:0            LISTENING
  TCP    blackhawk:10110        blackhawk:0            LISTENING
  TCP    blackhawk:13128        blackhawk:0            LISTENING
  TCP    blackhawk:18080        blackhawk:0            LISTENING
  TCP    blackhawk:netbios-ssn  blackhawk:0            LISTENING

To my knowledge I have no ftp, ssh, telent, or http servers running on blackhawk.  So why does grc and nmap show the ports open and netstat does not??????  It is my understanding that an open port means that there is some software listening on that port which will respond when contacted.  I have no firewall at Blackhawk other than Windows firewall.

Thanks,

T Nickey
Memphis TN
tayloenicAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
tharsternConnect With a Mentor Commented:
More than likely its showing the ports open on your router, not your pc.

Have a look in your router to see if these ports are available.

you can also test if these ports are actually open on your pc by using telnet 127.0.0.1 followed by the ports ie

telnet 127.0.0.1 23
telnet 127.0.0.1 21  etc etc

and see if you get a response.




0
 
thetmanvnCommented:
Hi tayloenic,

Follow tharstern post above, check your firewall port forwarding if two office are not connected to each other.

Anyway, do not need to go to linux box at your office to scan your current PC. Just use nmap for windows instead for the same result

http://nmap.org/dist/nmap-4.85BETA8-setup.exe

Or if you can understand telnet, do as above
0
 
sykojesterCommented:
I will assume that Blackhawk is behind some sort of router/firewall & not connected directly to cable/dsl modem.

It may be that your router/firewall either has ports forwarded for those services (even to a different machine) or that it's simply giving false readings when being scanned from the internet.

The easiest way to test this is from the Linux machine you mentioned by doing the following nmap scan:

nmap -sV IPaddress

This is a Version scan that will attempt to complete a TCP/IP 3 way handshake and identify the service of any open ports.

Another possibly is that you have a rootkit on your machine which could hide results from netstat amongst other things.
0
 
DTAHARLEVCommented:
yup, it's showing your router, not your machine.
0
 
tayloenicAuthor Commented:
Experts:

Sorry for the delay in getting back to you.  ....

It was my router, as several of you suggested.  I didn't realize that the DSL "modem" was a router.  I called Birch telecom and got the username and password for the router and opened up the web interface to the router.  I saw that the 4 ports I listed in my question were open on the router.  I was able to temporarily close them and verify that they were closed by using grc.com and nmap from my other office.

I am giving points to tharstern since he was first with correct answer.  Thanks to everybody who answered!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.