Netstat -a

Discussion in 'other firewalls' started by polo, Jul 13, 2002.

Thread Status:
Not open for further replies.
  1. polo

    polo Guest

    System: Plain standlone home PC (Win 95) with dial-up 56K modem.

    Before connection to the net there's no output. Now as I understand it when I connect to a site I should only see that site's information, as a connection. When I connect to a mail server or news server I see additional lines for them. So as long as I do "netstat -a" frequently and see output I expect everything *ought* to be OK? Is a firewall a more advanced version of "netstat" in layman terms?
     
  2. polo

    polo Guest

    And?
     
  3. controler

    controler Guest

    Yes add a number after the a to get it to repeat over and over and over

    NETSTAT -a 5

    will repeat every 5 seconds

    NETSTAT -N 5

    NETSTAT -AN 20 EQUALS 20 SECONDS

    ECT.. YOU GET DA IDEA
     
  4. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    "Before connection to the net there's no output."
    >I assume you mean traffic?

    "Now as I understand it when I connect to a site I should only see that site's information, as a connection. When I connect to a mail server or news server I see additional lines for them."
    >When you are connect to a site you will probably see several ports showing traffic from your browser. Other programs will show traffic, yes.

    "So as long as I do "netstat -a" frequently and see output I expect everything *ought* to be OK?"
    >No. That does not mean everything is ok. You need to understand what traffic to look for and what entries might spark concern. Sometimes there are entries in netstat that are not immediately identifiable as friendly traffic. At least I can't always tell just by netstat whats going on.

    "Is a firewall a more advanced version of "netstat" in layman terms?"
    >Yes and no. There is a lot more to a firewall than just showing traffic. For instance, a firewall is to block certain ports that may be open, from communication to and from the net. A firewall will regulate port traffic to and from applications. A firewall will protect you from certain attacks, and in some cases do a lot more.

    I'm not sure what you are looking for here, but hope I have helped a little.
    Didn't know that aboot the numbers controler, thanks.

    :D
     
  5. polo

    polo Guest

    This is in reply to snowy in the other thread regarding ports.

    But since I never see any strange output when doing "netstat -a" why do I need a firewall?

    When I connect to "www.xxxxxxxx.com" I see that site in the output, and so on as I expect.
     
  6. snowy

    snowy Guest

    POLO

    let me be one of the first to encourage you to ask questions and seek other opinions.....I would encourage anyone to do so.
    as Root stated... an now me "I am not sure what you are looking for"
    if you are seeking a reason not to use a firewall......I can not honestly provided you with one......its your computer do however you so please......do whatever makes you feel comfortable............be your own person.......
    personally there wont be any further replies made by me........I've already made the most honest suggestions I
    can.......so now I will wish you the very best....an go my merry way...
    Peace and Joy
    snowman
     
  7. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Polo, please see my reply to your other thread.
    Any port monitoring is done in real time. When you click your browser to go to a new site, sometimes hundreds of connections are opened going here and there to pick up gifs, links, and God knows what.
    Windows 95 is a giant security risk right now anyway, so I just suggest you don't keep any important information on your computer.
    As for the rest, do what you will.
    Conventional wisdom for those that are not experts is to us an av, an at, and a firewall as bare minimum security. Also a spyware checker is nice to have. :D
     
  8. NetWatchman

    NetWatchman Security Expert

    Joined:
    Jul 24, 2002
    Posts:
    31
    Not exactly.

    Yes, netstat will show you the sites that you are connecting too.

    However, connecting to ONE web site, often results in *many* connections to *many* physical sites.

    In the age of content distribution networks (e.g. akamai, mirror-image, inktomi, etc..) large web sites often rely on third parties to host some or all of their web content.

    So for example, when you surf to www.cnn.com, you will probably see 6-7 connections in netstat...some to the actually cnn.com site...several connections to akamai web caches (for photo images)...and several to ad servers.

    In order to validate that these connections are associated with your surfing to cnn.com, you need to review the HTML source of their web page...or (my preference) use a packet analyzer to actually monitor the details of all these connections and the specific content that is being fetched from each one (as your surf).

    Here's the beginnings of my 'Idiot's guide to network analysis':

    http://www.mynetwatchman.com/pckidiot/

    Here's what simply surfing to cnn.com generates as far as connections...note all the *different* destination IP addresses:
    http://www.mynetwatchman.com/images/cnn.gif
     
Thread Status:
Not open for further replies.