Solved

netstat mystery on Win XP Home computer

Posted on 2009-05-09
5
529 Views
Last Modified: 2013-12-01
Experts:

I am using a PC named Blackhawk which is running Windows XP Home.  I ran the Shields Up program at the Gibson Research website (grc.com) on Blackhawk and it said that I have ports 21, 22, 23, and 80 open. That's ftp, ssh, telnet, and http.  I went to another office (several miles away) where I have a linux computer and did an nmap scan of Blackhawk's IP address.  It also showed the same 4 ports open on Blackhawk.

But when I do a netstat -a | find LIST on Blackhawk, none of those ports show up.  The output of the netstat command on Blackhawk is below:

TCP    blackhawk:epmap        blackhawk:0            LISTENING
  TCP    blackhawk:microsoft-ds  blackhawk:0            LISTENING
  TCP    blackhawk:873          blackhawk:0            LISTENING
  TCP    blackhawk:2002         blackhawk:0            LISTENING
  TCP    blackhawk:4454         blackhawk:0            LISTENING
  TCP    blackhawk:1030         blackhawk:0            LISTENING
  TCP    blackhawk:1241         blackhawk:0            LISTENING
  TCP    blackhawk:10080        blackhawk:0            LISTENING
  TCP    blackhawk:10110        blackhawk:0            LISTENING
  TCP    blackhawk:13128        blackhawk:0            LISTENING
  TCP    blackhawk:18080        blackhawk:0            LISTENING
  TCP    blackhawk:netbios-ssn  blackhawk:0            LISTENING

To my knowledge I have no ftp, ssh, telent, or http servers running on blackhawk.  So why does grc and nmap show the ports open and netstat does not??????  It is my understanding that an open port means that there is some software listening on that port which will respond when contacted.  I have no firewall at Blackhawk other than Windows firewall.

Thanks,

T Nickey
Memphis TN
0
Comment
Question by:tayloenic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 7

Accepted Solution

by:
tharstern earned 125 total points
ID: 24344448
More than likely its showing the ports open on your router, not your pc.

Have a look in your router to see if these ports are available.

you can also test if these ports are actually open on your pc by using telnet 127.0.0.1 followed by the ports ie

telnet 127.0.0.1 23
telnet 127.0.0.1 21  etc etc

and see if you get a response.




0
 
LVL 8

Expert Comment

by:thetmanvn
ID: 24344472
Hi tayloenic,

Follow tharstern post above, check your firewall port forwarding if two office are not connected to each other.

Anyway, do not need to go to linux box at your office to scan your current PC. Just use nmap for windows instead for the same result

http://nmap.org/dist/nmap-4.85BETA8-setup.exe

Or if you can understand telnet, do as above
0
 
LVL 5

Expert Comment

by:sykojester
ID: 24344476
I will assume that Blackhawk is behind some sort of router/firewall & not connected directly to cable/dsl modem.

It may be that your router/firewall either has ports forwarded for those services (even to a different machine) or that it's simply giving false readings when being scanned from the internet.

The easiest way to test this is from the Linux machine you mentioned by doing the following nmap scan:

nmap -sV IPaddress

This is a Version scan that will attempt to complete a TCP/IP 3 way handshake and identify the service of any open ports.

Another possibly is that you have a rootkit on your machine which could hide results from netstat amongst other things.
0
 
LVL 5

Expert Comment

by:DTAHARLEV
ID: 24344520
yup, it's showing your router, not your machine.
0
 

Author Comment

by:tayloenic
ID: 24388464
Experts:

Sorry for the delay in getting back to you.  ....

It was my router, as several of you suggested.  I didn't realize that the DSL "modem" was a router.  I called Birch telecom and got the username and password for the router and opened up the web interface to the router.  I saw that the 4 ports I listed in my question were open on the router.  I was able to temporarily close them and verify that they were closed by using grc.com and nmap from my other office.

I am giving points to tharstern since he was first with correct answer.  Thanks to everybody who answered!!
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to access an IP camera remotely 25 130
hp laptop wireless issue 19 74
Strange addresses from DHCP 8 102
Remote Desktop Support Tools Like "Go to MY PC", etc 10 69
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question