Active Connections
Proto Local Address Foreign Address State PID
TCP 192.168.1.81:1292 64.191.197.245:706 ESTABLISHED 2160
TCP 192.168.1.81:1863 192.168.1.1:5819 ESTABLISHED 3828
TCP 192.168.1.81:1894 70.109.139.219:52525 ESTABLISHED 3828
TCP 192.168.1.81:1919 192.168.1.1:5819 ESTABLISHED 3828
TCP 192.168.1.81:1967 24.8.195.195:30809 ESTABLISHED 3828
TCP 192.168.1.81:1971 81.93.108.73:46123 ESTABLISHED 3828
TCP 192.168.1.81:1972 75.134.131.167:16470 ESTABLISHED 3828
TCP 192.168.1.81:2031 84.190.103.54:6881 ESTABLISHED 3828
What is all this stuff? Why is it running and listening on all of these ports? If you want to get a quick view of what processes are using the network, pop open a CMD window and run netstat –aonbv. The –n disables DNS lookups (for speed), the –o shows the Parent Process ID, and the –b and the –v work in conjunction to show the name of the executable currently using the connection. GNU/Linux administrators should get in the habit of popping off netstat –aopl —numeric–hosts, which does the same thing, just with different letters. If the machine has been heavily compromised and is running a rootkit, don't expect netstat to show truthful data. Windows administrators can download a copy of TCPView from internet .
which is from the Sysinternals tool suite .I really like this tool. It's like a combination of netstat and the Windows Task Manager, and it allows you to right-click on a process to either examine the properties or kill the process.
0 comments:
Post a Comment