Suggest A Fix PC Support Forums

Full Version: Netstat

Suggest A Fix PC Support Forums > Security > Security Tools and Articles > Security Procedures - read only

73-997563179

Aug 23 2001, 02:07 PM

HKEd
Moderator
Posts: 1025
From:Hong Kong
Registered: Sep 2000

Moderates: Malicious code: Virii and Trojans, Music

posted 01-23-2001 11:59 PM
--------------------------------------------------------------------------------
An important security consideration is regular checking of your net status - using Windows netstat.exe.
This requires a drop to DOS while online, typing netstat -a -n at the prompt.

Here's a little batch file that will automate the process:

echo off
netstat -a -n > c:\windows\desktop\netstat.txt
cls

Paste the above into NotePad, save it as netstat.bat and drag it to the Start button. It will now be easily accessible on your Start menu.

Here's my current status:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:1549 0.0.0.0:34898 LISTENING
TCP 0.0.0.0:1555 0.0.0.0:21534 LISTENING
TCP 0.0.0.0:1557 0.0.0.0:48212 LISTENING
TCP 203.198.100.80:1538 209.1.224.17:80 TIME_WAIT
TCP 203.198.100.80:1540 209.1.224.17:80 TIME_WAIT
TCP 203.198.100.80:1545 209.1.224.17:80 TIME_WAIT
TCP 203.198.100.80:1549 203.105.35.15:80 CLOSE_WAIT
TCP 203.198.100.80:1551 203.105.35.15:80 TIME_WAIT
TCP 203.198.100.80:1552 203.105.35.15:80 TIME_WAIT
TCP 203.198.100.80:1553 203.105.35.15:80 TIME_WAIT
TCP 203.198.100.80:1555 209.1.225.211:80 CLOSE_WAIT
TCP 203.198.100.80:1557 209.1.224.247:80 CLOSE_WAIT

As you can see, the Listening ports (1549, 1555, 1557) are matched with Time_Wait or Close_Wait, all on port 80, the standard HTTP port - a very secure setup that makes me practically invisible on the net, without running a firewall.

Regular netstat checking - at least once per session - can tell you a lot about any vulnerabilities in your system setup. This is particularly important for those using DSL (the non-PPPoE variety) and cable.

AnnMarie

Jun 10 2002, 01:04 AM

Posted by HKEd on Aug 24 2001, 09:07 AM
--------------------------------------------------------------------------------

An important security consideration is regular checking of your net status - using Windows netstat.exe.
This requires a drop to DOS while online, typing netstat -a -n at the prompt.

Here's a little batch file that will automate the process:

echo off
netstat -a -n > c:\windows\desktop\netstat.txt
cls

Paste the above into NotePad, save it as netstat.bat and drag it to the Start button. It will now be easily accessible on your Start menu.

Here's my current status:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:1549 0.0.0.0:34898 LISTENING
TCP 0.0.0.0:1555 0.0.0.0:21534 LISTENING
TCP 0.0.0.0:1557 0.0.0.0:48212 LISTENING
TCP 203.198.100.80:1538 209.1.224.17:80 TIME_WAIT
TCP 203.198.100.80:1540 209.1.224.17:80 TIME_WAIT
TCP 203.198.100.80:1545 209.1.224.17:80 TIME_WAIT
TCP 203.198.100.80:1549 203.105.35.15:80 CLOSE_WAIT
TCP 203.198.100.80:1551 203.105.35.15:80 TIME_WAIT
TCP 203.198.100.80:1552 203.105.35.15:80 TIME_WAIT
TCP 203.198.100.80:1553 203.105.35.15:80 TIME_WAIT
TCP 203.198.100.80:1555 209.1.225.211:80 CLOSE_WAIT
TCP 203.198.100.80:1557 209.1.224.247:80 CLOSE_WAIT

As you can see, the Listening ports (1549, 1555, 1557) are matched with Time_Wait or Close_Wait, all on port 80, the standard HTTP port - a very secure setup that makes me practically invisible on the net, without running a firewall.

Regular netstat checking - at least once per session - can tell you a lot about any vulnerabilities in your system setup. This is particularly important for those using DSL (the non-PPPoE variety) and cable.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.