Solved

netstat mystery on Win XP Home computer

Posted on 2009-05-09
5
522 Views
Last Modified: 2013-12-01
Experts:

I am using a PC named Blackhawk which is running Windows XP Home.  I ran the Shields Up program at the Gibson Research website (grc.com) on Blackhawk and it said that I have ports 21, 22, 23, and 80 open. That's ftp, ssh, telnet, and http.  I went to another office (several miles away) where I have a linux computer and did an nmap scan of Blackhawk's IP address.  It also showed the same 4 ports open on Blackhawk.

But when I do a netstat -a | find LIST on Blackhawk, none of those ports show up.  The output of the netstat command on Blackhawk is below:

TCP    blackhawk:epmap        blackhawk:0            LISTENING
  TCP    blackhawk:microsoft-ds  blackhawk:0            LISTENING
  TCP    blackhawk:873          blackhawk:0            LISTENING
  TCP    blackhawk:2002         blackhawk:0            LISTENING
  TCP    blackhawk:4454         blackhawk:0            LISTENING
  TCP    blackhawk:1030         blackhawk:0            LISTENING
  TCP    blackhawk:1241         blackhawk:0            LISTENING
  TCP    blackhawk:10080        blackhawk:0            LISTENING
  TCP    blackhawk:10110        blackhawk:0            LISTENING
  TCP    blackhawk:13128        blackhawk:0            LISTENING
  TCP    blackhawk:18080        blackhawk:0            LISTENING
  TCP    blackhawk:netbios-ssn  blackhawk:0            LISTENING

To my knowledge I have no ftp, ssh, telent, or http servers running on blackhawk.  So why does grc and nmap show the ports open and netstat does not??????  It is my understanding that an open port means that there is some software listening on that port which will respond when contacted.  I have no firewall at Blackhawk other than Windows firewall.

Thanks,

T Nickey
Memphis TN
0
Comment
Question by:tayloenic
5 Comments
 
LVL 7

Accepted Solution

by:
tharstern earned 125 total points
Comment Utility
More than likely its showing the ports open on your router, not your pc.

Have a look in your router to see if these ports are available.

you can also test if these ports are actually open on your pc by using telnet 127.0.0.1 followed by the ports ie

telnet 127.0.0.1 23
telnet 127.0.0.1 21  etc etc

and see if you get a response.




0
 
LVL 8

Expert Comment

by:thetmanvn
Comment Utility
Hi tayloenic,

Follow tharstern post above, check your firewall port forwarding if two office are not connected to each other.

Anyway, do not need to go to linux box at your office to scan your current PC. Just use nmap for windows instead for the same result

http://nmap.org/dist/nmap-4.85BETA8-setup.exe

Or if you can understand telnet, do as above
0
 
LVL 5

Expert Comment

by:sykojester
Comment Utility
I will assume that Blackhawk is behind some sort of router/firewall & not connected directly to cable/dsl modem.

It may be that your router/firewall either has ports forwarded for those services (even to a different machine) or that it's simply giving false readings when being scanned from the internet.

The easiest way to test this is from the Linux machine you mentioned by doing the following nmap scan:

nmap -sV IPaddress

This is a Version scan that will attempt to complete a TCP/IP 3 way handshake and identify the service of any open ports.

Another possibly is that you have a rootkit on your machine which could hide results from netstat amongst other things.
0
 
LVL 5

Expert Comment

by:DTAHARLEV
Comment Utility
yup, it's showing your router, not your machine.
0
 

Author Comment

by:tayloenic
Comment Utility
Experts:

Sorry for the delay in getting back to you.  ....

It was my router, as several of you suggested.  I didn't realize that the DSL "modem" was a router.  I called Birch telecom and got the username and password for the router and opened up the web interface to the router.  I saw that the 4 ports I listed in my question were open on the router.  I was able to temporarily close them and verify that they were closed by using grc.com and nmap from my other office.

I am giving points to tharstern since he was first with correct answer.  Thanks to everybody who answered!!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now