Firewall / netstat(?)

Discussion in 'other firewalls' started by SG1, Apr 27, 2003.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Jan 16, 2003
    (a) Hope I'm not posting this in wrong spot, first off.
    (b) If I'm in right spot to post this note, can you tell me about these two netstat reports? Are they "good" or "bad?" The reports vary of course, depending where I'm at/what I'm doing, exactly.
    --Thanks, for info SG1 (Pat)


    Active Connections

    Proto Local Address Foreign Address State
    TCP home:2367 ESTABLISHED
    TCP home:2371 TIME_WAIT
    TCP home:2370 TIME_WAIT
    TCP home:81 TIME_WAIT



    Active Connections

    Proto Local Address Foreign Address State
    TCP home:2572 CLOSE_WAIT
    TCP home:2574 CLOSE_WAIT
    TCP home:2576 CLOSE_WAIT
    TCP home:2541 TIME_WAIT
    TCP home:81 TIME_WAIT
    TCP home:2539 ESTABLISHED
  2. The Snowman

    The Snowman Guest


    Don't know is just a good/bad reply would be totally correct......
    when visiting a website its common to have an "establish" connection.......leaving the site a "close-wait" connection until it times out....a more complex explanation could be given but you should understand from whats been said...........connect=established left site=close-wait

    there is such a thing as "keep-alive".....also

    so.....perhaps a question would be.....who are those websites/urls...............were you at them and, the versign connection that regards certificates.....a site certificate could have been verified.......

    ports: each listing you posted had a port open or a port being you use a firewall.......anti virus..anti trogan...have you done a port scan to make sure your firewall is blocking all ports........everything layered one brich upon other
    the connections you posted were all outbound.....netstat could reveal a trogan "outbound" would should where you are at......BUT.......once you left those sites...whenin a reasonable time those connections should now to confuse you....sometimes the connections don't close..but its a legal connection just the you may understand why a good/bad answer may by mis-leading.............
    instead......I would ask you.....were you at those websites and do you have a firewall that you did a port scan on recently
  3. CrazyM

    CrazyM Firewall Expert

    Feb 9, 2002
    BC, Canada
    HI SG1

    Well if you were at the established connections, and had just been to the ones in the various states of closing, those netstats appear fairly normal.

    If you had not initiated those connections, then you may have something to worry about.


  4. Patrice

    Patrice Registered Member

    Apr 15, 2003
    Hi SG1!

    Let's just analyze these two connections:
    First it means that these connections are TCP. You visited the homepage of Gibson Research Center with your browser. That's why you have this entry This means port 80 (used for internet) was opened from you. At your computer port 2367 (Home) was opened to retrieve the information you wanted. If you would block these ports, you wouldn't be able to surf around and retrieve any information from the web. At the end you see ESTABLISHED, that means, as they already mentioned above, that the connection is currently active. Let's say information is being sent to your computer.

    The second connection is again with Gibson Research Center. This time port 2371 was opened on your computer. But as you can see in the end, the process is finished so far (TIME_WAIT).

    I hope that helps! If you wanna know more about connections made, try out PortExplorer from DCS.

    Best regards!

Thread Status:
Not open for further replies.