Solved

netstat mystery on Win XP Home computer

Posted on 2009-05-09
5
530 Views
Last Modified: 2013-12-01
Experts:

I am using a PC named Blackhawk which is running Windows XP Home.  I ran the Shields Up program at the Gibson Research website (grc.com) on Blackhawk and it said that I have ports 21, 22, 23, and 80 open. That's ftp, ssh, telnet, and http.  I went to another office (several miles away) where I have a linux computer and did an nmap scan of Blackhawk's IP address.  It also showed the same 4 ports open on Blackhawk.

But when I do a netstat -a | find LIST on Blackhawk, none of those ports show up.  The output of the netstat command on Blackhawk is below:

TCP    blackhawk:epmap        blackhawk:0            LISTENING
  TCP    blackhawk:microsoft-ds  blackhawk:0            LISTENING
  TCP    blackhawk:873          blackhawk:0            LISTENING
  TCP    blackhawk:2002         blackhawk:0            LISTENING
  TCP    blackhawk:4454         blackhawk:0            LISTENING
  TCP    blackhawk:1030         blackhawk:0            LISTENING
  TCP    blackhawk:1241         blackhawk:0            LISTENING
  TCP    blackhawk:10080        blackhawk:0            LISTENING
  TCP    blackhawk:10110        blackhawk:0            LISTENING
  TCP    blackhawk:13128        blackhawk:0            LISTENING
  TCP    blackhawk:18080        blackhawk:0            LISTENING
  TCP    blackhawk:netbios-ssn  blackhawk:0            LISTENING

To my knowledge I have no ftp, ssh, telent, or http servers running on blackhawk.  So why does grc and nmap show the ports open and netstat does not??????  It is my understanding that an open port means that there is some software listening on that port which will respond when contacted.  I have no firewall at Blackhawk other than Windows firewall.

Thanks,

T Nickey
Memphis TN
0
Comment
Question by:tayloenic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 7

Accepted Solution

by:
tharstern earned 125 total points
ID: 24344448
More than likely its showing the ports open on your router, not your pc.

Have a look in your router to see if these ports are available.

you can also test if these ports are actually open on your pc by using telnet 127.0.0.1 followed by the ports ie

telnet 127.0.0.1 23
telnet 127.0.0.1 21  etc etc

and see if you get a response.




0
 
LVL 8

Expert Comment

by:thetmanvn
ID: 24344472
Hi tayloenic,

Follow tharstern post above, check your firewall port forwarding if two office are not connected to each other.

Anyway, do not need to go to linux box at your office to scan your current PC. Just use nmap for windows instead for the same result

http://nmap.org/dist/nmap-4.85BETA8-setup.exe

Or if you can understand telnet, do as above
0
 
LVL 5

Expert Comment

by:sykojester
ID: 24344476
I will assume that Blackhawk is behind some sort of router/firewall & not connected directly to cable/dsl modem.

It may be that your router/firewall either has ports forwarded for those services (even to a different machine) or that it's simply giving false readings when being scanned from the internet.

The easiest way to test this is from the Linux machine you mentioned by doing the following nmap scan:

nmap -sV IPaddress

This is a Version scan that will attempt to complete a TCP/IP 3 way handshake and identify the service of any open ports.

Another possibly is that you have a rootkit on your machine which could hide results from netstat amongst other things.
0
 
LVL 5

Expert Comment

by:DTAHARLEV
ID: 24344520
yup, it's showing your router, not your machine.
0
 

Author Comment

by:tayloenic
ID: 24388464
Experts:

Sorry for the delay in getting back to you.  ....

It was my router, as several of you suggested.  I didn't realize that the DSL "modem" was a router.  I called Birch telecom and got the username and password for the router and opened up the web interface to the router.  I saw that the 4 ports I listed in my question were open on the router.  I was able to temporarily close them and verify that they were closed by using grc.com and nmap from my other office.

I am giving points to tharstern since he was first with correct answer.  Thanks to everybody who answered!!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Isolating a VM 1 95
Fetching data from Multiple Linux Server using Shell Scripting 55 206
Expanding Subnet Mask 20 283
Change subnet - effects on server 14 44
Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any k…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question