[Dshield] Netstat output from XP machine

Portz, Jon jportz at kforce.com
Wed Feb 4 20:48:24 GMT 2004


The ano option only works on xp. Th o gives the PID owner of the port.
Try using fport from the link I provided instead. Sorry, thought you
said you were using xp...

Jon Portz

KTS Network Services
Kforce Professional Staffing

Look Smarter. http://www.kforce.com


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf Of Chuck Lewis
Sent: Wednesday, February 04, 2004 2:51 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Netstat output from XP machine

Jon,

I'm running W2K Pro and netstat -ano does nothing. I know that netstat
-a is
connections and listening ports and netstat -n is addresses and port
numbers. 
What is netstat -ano ?

Thanks:-)

Chuck

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf
Of Portz, Jon
Sent: Wednesday, February 04, 2004 2:22 PM
To: General DShield Discussion List
Subject: RE: [Dshield] Netstat output from XP machine

>Try a "netstat -ano" and cross-reference the PIDs with those listed in
>the Task Manager process list. Also, if the PID is not listed in
taskman
>try fport from foundstone
>(http://www.foundstone.com/resources/freetools/fport.zip), it will map
>port usage to applications. If the PID doesn't show up in the process
>list, I would consider that as a definitive heads-up. Processes that
try
>to hide in that manner are, IMHO, dangerously written. Is it possible
he
>is running P2P software of some kind? TCP 9420 does not sound too
>familiar....

>Heh, if it were me I'd throw a snort box on it...

>Jon Portz


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list