PDA

View Full Version : A ? about netstat in DOS.


Capt. Murphy
11-01-05, 16:38
What can we learn from this information?

For those that don't know: you can go into DOS and type netstat -an and it gives you some information. I don't understand all of this. Things like TCP and UDP, Local Address (I'm sure I know what this is), Foreign Address (this should be the site you are connecting to), and state. Under state is usually Listening and Established.

What are some other things we can do with 'netstat'? I know you can also use 'netstat -a', and 'netstat -n'. Anything else?

I hope this topic is okay and discussing it doesn't get into anything bad like how to hack stuff. I was wanting to know because I think someone tried to hack my computer using an Earthlink DSL from Atlanta Georgia. http://www.tombraiderforums.com/images/smilies/redface.gif I used it (netstat -an) to see if I could find something out. But Zone Alarm blocked whoever it was.

In fact I have had up to 4 attempts in a span of about 20 minutes. :mad: Lamer. http://www.tombraiderforums.com/images/smilies/violent.gif

Or it's spyware. Guess it's time for another multi anti-spyware application scan session. http://www.tombraiderforums.com/images/smilies/c-4.gif

Joseph
11-01-05, 17:34
Capt. Murphy, i copied from a book i have here:
Switch = What it does
-a = Displays all open connections and ports.
-e = Displays Ethernet statistics about packets transmitted and received. Can be combined with the -s switch.
-n = Displays the adresses and ports in numeric, IP adress form.
-o = Displays the process identifier (PID) that owns each connection.
-p proto = Displays the connections used by the protocol, which can be IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r = Displays the network's routing table.
-s = Displays statistics for each protocol. It lists all statistics for all protocols, but you can list only those for a specified protocol if you combine it with the -p switch.
interval value = Run netstat repeatedly, pausing value seconds between each new display. To stop the display, press Ctrl+C.

Example:
Active Connections
Proto ......... Local Address .......... Foreign Adress ............ State
TCP ......... PrestonGralla:1031 ... localhost:2929 .......... ESTABLISHED
TCP ......... PrestonGralla:2887... 192.168.1.103:netbios-ssn ..... TIME_WAIT

etcetera. This is without the dots, i put them there otherwise i could not make a table. Hope you can do something with this info Capt.Murphy.

[edited spelling coneection to connection ]

[ 12. January 2005, 00:15: Message edited by: joseph ]

Capt. Murphy
11-01-05, 22:55
I tried some of those. Interesting info it gives you. Although I don't understand most of it.

I wish I knew what was going on. http://www.tombraiderforums.com/images/smilies/redface.gif

Thank you Joseph for this info. :cool:

a e n o p r s. Gotta remember those. :D

Simulation
12-01-05, 20:22
Hi Capt. Murphy,

Sounds like you need to check how secure your internet connection is?

Have a look at this free tool that reports where you are vunrable. Shields Up. (http://www.grc.com/default.htm) (The link is just over half way down the page)

Do you have a Firewall installed?