System: Plain standlone home PC (Win 95) with dial-up 56K modem. Before connection to the net there's no output. Now as I understand it when I connect to a site I should only see that site's information, as a connection. When I connect to a mail server or news server I see additional lines for them. So as long as I do "netstat -a" frequently and see output I expect everything *ought* to be OK? Is a firewall a more advanced version of "netstat" in layman terms?
Yes add a number after the a to get it to repeat over and over and over NETSTAT -a 5 will repeat every 5 seconds NETSTAT -N 5 NETSTAT -AN 20 EQUALS 20 SECONDS ECT.. YOU GET DA IDEA
"Before connection to the net there's no output." >I assume you mean traffic? "Now as I understand it when I connect to a site I should only see that site's information, as a connection. When I connect to a mail server or news server I see additional lines for them." >When you are connect to a site you will probably see several ports showing traffic from your browser. Other programs will show traffic, yes. "So as long as I do "netstat -a" frequently and see output I expect everything *ought* to be OK?" >No. That does not mean everything is ok. You need to understand what traffic to look for and what entries might spark concern. Sometimes there are entries in netstat that are not immediately identifiable as friendly traffic. At least I can't always tell just by netstat whats going on. "Is a firewall a more advanced version of "netstat" in layman terms?" >Yes and no. There is a lot more to a firewall than just showing traffic. For instance, a firewall is to block certain ports that may be open, from communication to and from the net. A firewall will regulate port traffic to and from applications. A firewall will protect you from certain attacks, and in some cases do a lot more. I'm not sure what you are looking for here, but hope I have helped a little. Didn't know that aboot the numbers controler, thanks.
This is in reply to snowy in the other thread regarding ports. But since I never see any strange output when doing "netstat -a" why do I need a firewall? When I connect to "www.xxxxxxxx.com" I see that site in the output, and so on as I expect.
POLO let me be one of the first to encourage you to ask questions and seek other opinions.....I would encourage anyone to do so. as Root stated... an now me "I am not sure what you are looking for" if you are seeking a reason not to use a firewall......I can not honestly provided you with one......its your computer do however you so please......do whatever makes you feel comfortable............be your own person....... personally there wont be any further replies made by me........I've already made the most honest suggestions I can.......so now I will wish you the very best....an go my merry way... Peace and Joy snowman
Polo, please see my reply to your other thread. Any port monitoring is done in real time. When you click your browser to go to a new site, sometimes hundreds of connections are opened going here and there to pick up gifs, links, and God knows what. Windows 95 is a giant security risk right now anyway, so I just suggest you don't keep any important information on your computer. As for the rest, do what you will. Conventional wisdom for those that are not experts is to us an av, an at, and a firewall as bare minimum security. Also a spyware checker is nice to have.
Not exactly. Yes, netstat will show you the sites that you are connecting too. However, connecting to ONE web site, often results in *many* connections to *many* physical sites. In the age of content distribution networks (e.g. akamai, mirror-image, inktomi, etc..) large web sites often rely on third parties to host some or all of their web content. So for example, when you surf to www.cnn.com, you will probably see 6-7 connections in netstat...some to the actually cnn.com site...several connections to akamai web caches (for photo images)...and several to ad servers. In order to validate that these connections are associated with your surfing to cnn.com, you need to review the HTML source of their web page...or (my preference) use a packet analyzer to actually monitor the details of all these connections and the specific content that is being fetched from each one (as your surf). Here's the beginnings of my 'Idiot's guide to network analysis': http://www.mynetwatchman.com/pckidiot/ Here's what simply surfing to cnn.com generates as far as connections...note all the *different* destination IP addresses: http://www.mynetwatchman.com/images/cnn.gif
