Wilders Security Forums  

Go Back   Wilders Security Forums > Security Products > other firewalls
Reload this Page netstat help
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old July 12th, 2002, 08:58 PM
Bethrezen's Avatar
Bethrezen Bethrezen is offline
Frequent Poster
  
Join Date: Apr 2002
Posts: 546
Default netstat help
hi

i ran netstat as i do now and then and iv noticed a number of suspect conections

one that has just come up now is this

tcp 1060 staticline420.toya.net.pl:1214 fin_wait_2

and id like to know what conections like this are

is this possable evidence of infection by eather spy tec or a trojen ??
__________________
Una Salus Victus
  #2  
Old July 12th, 2002, 09:20 PM
MyNethingyman
 
Posts: n/a
Default Re:netstat help
No..It is normal to see at times.
http://httpd.apache.org/docs/misc/fin_wait_2.html
  #3  
Old July 13th, 2002, 06:18 PM
Bethrezen's Avatar
Bethrezen Bethrezen is offline
Frequent Poster
  
Join Date: Apr 2002
Posts: 546
Default Re:netstat help
hi thanks for ya reply

ok just to clarify

when i run netstat how do i tell whats a normal conection to the web and somthing suspect that i need to be concerned about ??
__________________
Una Salus Victus
  #4  
Old July 14th, 2002, 03:20 PM
Rickster
 
Posts: n/a
Default Re:netstat help
Hi Brethrezen: That can be a challenge, but as you become familiar with what applications connect and what ports they associate with, it will beome a matter of elimination. Some include AV and other software you have set for automatic updating. For instance, assuming I’ve closed my browser from the internet, am free of spyware and have all updates set to manual, the only remote connection I expect to see established is my e-mail program connecting to my ISP’s mail server to check for mail. Another process I might expect to see is my AV’s e-mail scrubber. I also use a free little utility called Active Ports: http://www.ntutility.com/?from=prog_aports (For Win2K/NT/XP) that combines features of netstat and process lists, helping me determine what applications (by their path) are using what ports and port status, i.e., Listening or Time_Wait. If your platform doesn’t support this, others always have suggestions.

I routinely check netstat after closing from the net and sometimes find connections hanging on, temporary but I kill ‘em anyway just be sure. Frequenting Wilders has provided many useful links, ideas, awareness and applications. It’s a primary reason why nothing gets in or out of my system without legitimate reason. Probably time to shoot Paul e-mail about membership. Registered in February, but always shows me as a guest. Won’t let me re-register, saying my e-mail address is already in use. Best Regards, Rick
  #5  
Old July 14th, 2002, 03:45 PM
controler's Avatar
controler controler is offline
Massive Poster
  
Join Date: Jun 2002
Posts: 3,268
Default Re:netstat help
Windows XP

CTL-ALT-DEL and look at processes = Filenames

OR

START, RUN, MSCONFIG and look at Services

These two are NOT showing the same info
 

Wilders Security Forums > Security Products > other firewalls « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 01:18 PM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums