[Dshield] Netstat output from XP machine

Chuck Lewis clewis at iquest.net
Wed Feb 4 19:50:36 GMT 2004


Jon,

I'm running W2K Pro and netstat -ano does nothing. I know that netstat -a is
connections and listening ports and netstat -n is addresses and port
numbers. 
What is netstat -ano ?

Thanks:-)

Chuck

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Portz, Jon
Sent: Wednesday, February 04, 2004 2:22 PM
To: General DShield Discussion List
Subject: RE: [Dshield] Netstat output from XP machine

>Try a "netstat -ano" and cross-reference the PIDs with those listed in
>the Task Manager process list. Also, if the PID is not listed in taskman
>try fport from foundstone
>(http://www.foundstone.com/resources/freetools/fport.zip), it will map
>port usage to applications. If the PID doesn't show up in the process
>list, I would consider that as a definitive heads-up. Processes that try
>to hide in that manner are, IMHO, dangerously written. Is it possible he
>is running P2P software of some kind? TCP 9420 does not sound too
>familiar....

>Heh, if it were me I'd throw a snort box on it...

>Jon Portz





More information about the list mailing list