Professional Documents
Culture Documents
Active Connections
Proto Local Address Foreign Address State
TCP pavilion:25872 WARLOCK:1045 ESTABLISHED
TCP pavilion:25872 sy-as-09-112.free.net.au:3925 ESTABLISHED
TCP pavilion:31580 WARLOCK:1046 ESTABLISHED
TCP pavilion:2980 205.188.2.9:5190 ESTABLISHED
TCP pavilion:3039 24.66.10.101.on.wave.home.com:1031 ESTABLISHED
~~~~~~~~~~~~~~~~~~~
Now look above at the example. You will see [Proto] on the top left. This just
tells you if the protocal is TCP/UDP etc. Next to the right you will see
[Local Address] this just tells you the local IP/Hostname:Port open. Then to the
right once again you will see [Foreign Address] this will give you the persons
IP/Hostname and port in the format of IP:Port with ":" in between the port and IP.
And at last you will see [State] Which simply states the STATE of the connection.
This can be Established if it is connected or waiting connect if its listening.
Now with this knowledge we will dive into deeper on how to use this for monitering
and port activity and detecting open ports in use.
------------------------------------------------
II.Detecting Open ports
------------------------------------------------
Now so you are noticeing something funny is going on with your computer? Your cd-
rom
tray is going crazy...Opening and closing when your doing nothing. And you say
What the
phruck is going on..or you realize someones been messing with a trojan on your
computer.
So now your goal is to locate what trojan it is so you can remove it right? Well
your right.
So you goto your ms-dos prompt. Now there are many ways to use Netstat and below
is a help
menu. Look through it.
~~~~~~~~~~~~~~~~~~~~
C:\WINDOWS>netstat ?
-Tricker