Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

netstat mystery on Win XP Home computer

Posted on 2009-05-09
5
Medium Priority
?
543 Views
Last Modified: 2013-12-01
Experts:

I am using a PC named Blackhawk which is running Windows XP Home.  I ran the Shields Up program at the Gibson Research website (grc.com) on Blackhawk and it said that I have ports 21, 22, 23, and 80 open. That's ftp, ssh, telnet, and http.  I went to another office (several miles away) where I have a linux computer and did an nmap scan of Blackhawk's IP address.  It also showed the same 4 ports open on Blackhawk.

But when I do a netstat -a | find LIST on Blackhawk, none of those ports show up.  The output of the netstat command on Blackhawk is below:

TCP    blackhawk:epmap        blackhawk:0            LISTENING
  TCP    blackhawk:microsoft-ds  blackhawk:0            LISTENING
  TCP    blackhawk:873          blackhawk:0            LISTENING
  TCP    blackhawk:2002         blackhawk:0            LISTENING
  TCP    blackhawk:4454         blackhawk:0            LISTENING
  TCP    blackhawk:1030         blackhawk:0            LISTENING
  TCP    blackhawk:1241         blackhawk:0            LISTENING
  TCP    blackhawk:10080        blackhawk:0            LISTENING
  TCP    blackhawk:10110        blackhawk:0            LISTENING
  TCP    blackhawk:13128        blackhawk:0            LISTENING
  TCP    blackhawk:18080        blackhawk:0            LISTENING
  TCP    blackhawk:netbios-ssn  blackhawk:0            LISTENING

To my knowledge I have no ftp, ssh, telent, or http servers running on blackhawk.  So why does grc and nmap show the ports open and netstat does not??????  It is my understanding that an open port means that there is some software listening on that port which will respond when contacted.  I have no firewall at Blackhawk other than Windows firewall.

Thanks,

T Nickey
Memphis TN
0
Comment
Question by:tayloenic
5 Comments
 
LVL 7

Accepted Solution

by:
tharstern earned 500 total points
ID: 24344448
More than likely its showing the ports open on your router, not your pc.

Have a look in your router to see if these ports are available.

you can also test if these ports are actually open on your pc by using telnet 127.0.0.1 followed by the ports ie

telnet 127.0.0.1 23
telnet 127.0.0.1 21  etc etc

and see if you get a response.




0
 
LVL 8

Expert Comment

by:thetmanvn
ID: 24344472
Hi tayloenic,

Follow tharstern post above, check your firewall port forwarding if two office are not connected to each other.

Anyway, do not need to go to linux box at your office to scan your current PC. Just use nmap for windows instead for the same result

http://nmap.org/dist/nmap-4.85BETA8-setup.exe

Or if you can understand telnet, do as above
0
 
LVL 5

Expert Comment

by:sykojester
ID: 24344476
I will assume that Blackhawk is behind some sort of router/firewall & not connected directly to cable/dsl modem.

It may be that your router/firewall either has ports forwarded for those services (even to a different machine) or that it's simply giving false readings when being scanned from the internet.

The easiest way to test this is from the Linux machine you mentioned by doing the following nmap scan:

nmap -sV IPaddress

This is a Version scan that will attempt to complete a TCP/IP 3 way handshake and identify the service of any open ports.

Another possibly is that you have a rootkit on your machine which could hide results from netstat amongst other things.
0
 
LVL 5

Expert Comment

by:DTAHARLEV
ID: 24344520
yup, it's showing your router, not your machine.
0
 

Author Comment

by:tayloenic
ID: 24388464
Experts:

Sorry for the delay in getting back to you.  ....

It was my router, as several of you suggested.  I didn't realize that the DSL "modem" was a router.  I called Birch telecom and got the username and password for the router and opened up the web interface to the router.  I saw that the 4 ports I listed in my question were open on the router.  I was able to temporarily close them and verify that they were closed by using grc.com and nmap from my other office.

I am giving points to tharstern since he was first with correct answer.  Thanks to everybody who answered!!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question