Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > netstat.exe foreign address

Reply
Thread Tools

netstat.exe foreign address

 
 
Curley Burh
Guest
Posts: n/a
 
      09-07-2003
What does it signify when a port's "Foreign Address" is *:* . The "State"
field is always blank with these ports.

I have several ports with this disposition. An external probe never shows
them to be responsive.

Thanks for any information on this.




 
Reply With Quote
 
 
 
 
pcbutts1
Guest
Posts: n/a
 
      09-07-2003
The foreign address is the IP address that, what ever is using that port, is
connected to.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
Sharpvision simply the best http://www.seedsv.com



"Curley Burh" <(E-Mail Removed)> wrote in message
news8G6b.2499$(E-Mail Removed) k.net...
> What does it signify when a port's "Foreign Address" is *:* . The "State"
> field is always blank with these ports.
>
> I have several ports with this disposition. An external probe never shows
> them to be responsive.
>
> Thanks for any information on this.
>
>
>
>



 
Reply With Quote
 
 
 
 
why?
Guest
Posts: n/a
 
      09-07-2003

On Sun, 07 Sep 2003 13:12:03 GMT, Curley Bur¢h wrote:

>What does it signify when a port's "Foreign Address" is *:* . The "State"
>field is always blank with these ports.


It's only against Proto UDP that the address is *.*

ftp://ftp.isi.edu/in-notes/rfc768.txt
User Datagram Protocol

http://www.webopedia.com/TERM/U/User..._Protocol.html

I should know the answer to this, something to do with my job
However I guess it's because UDP is a connectionless protocol.

<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/netstat.asp>

You may like to try another couple of utilities, GUI versions of
netstat.

www.sysinternals.com
TDImon
TCPview


<snip>
Me
 
Reply With Quote
 
ǵrle rh
Guest
Posts: n/a
 
      09-08-2003
x-no-archive: yes

Thanks very much for these links! Especially sysinternals. Very useful stuff
there.

I'm left in the lurch about the open UDP ports. Does this mean my system has
something to distribute? I'm a little concerned that there is an undetected
trojan resident....

Regards

why? wrote:
> On Sun, 07 Sep 2003 13:12:03 GMT, Curley Burh wrote:
>
>> What does it signify when a port's "Foreign Address" is *:* . The
>> "State" field is always blank with these ports.

>
> It's only against Proto UDP that the address is *.*
>
> ftp://ftp.isi.edu/in-notes/rfc768.txt
> User Datagram Protocol
>
> http://www.webopedia.com/TERM/U/User..._Protocol.html
>
> I should know the answer to this, something to do with my job
> However I guess it's because UDP is a connectionless protocol.
>
>

<http://www.microsoft.com/technet/tre...chnet/prodtech
nol/winxppro/proddocs/netstat.asp>
>
> You may like to try another couple of utilities, GUI versions of
> netstat.
>
> www.sysinternals.com
> TDImon
> TCPview
>
>
> <snip>
> Me



 
Reply With Quote
 
why?
Guest
Posts: n/a
 
      09-08-2003
X-No-Archive: Yes
On Mon, 08 Sep 2003 12:31:12 GMT, ǵrleý ßûr¢h wrote:

>x-no-archive: yes
>
>Thanks very much for these links! Especially sysinternals. Very useful stuff
>there.
>
>I'm left in the lurch about the open UDP ports. Does this mean my system has


http://www.faqs.org/rfcs/rfc955.html
A good example, TCP used to update a DNS database i.e. it must be
reliable. Then it mentions why UDP is not a good choice.

>something to distribute? I'm a little concerned that there is an undetected
>trojan resident....


As long as yo have spyware / trojan detection and kept up to date there
is a low chance of one of those being something nasty.

As an example,

UDP pc:bootps *:*
UDP pc:ntp *:*
UDP pc:epmap *:*
UDP pc:snmp *:*


My PC has DHCP, SNMP and a NTP client. This I know so it's okay, epmap
on port 135 (RPC) calls, exploited by some worms etc. Generally this is
http://www.webopedia.com/TERM/D/DCE.html
closed to Internet traffic blocked by router/firewall but I have it
enabled to local trusted PC addresses only.

>Regards
>
>why? wrote:
>> On Sun, 07 Sep 2003 13:12:03 GMT, Curley Bur¢h wrote:
>>
>>> What does it signify when a port's "Foreign Address" is *:* . The
>>> "State" field is always blank with these ports.


Quick and dirty summary -

You may not want to buy these books (below is 1 of the 3) , it's a bit
heavy going check the library and copy a few pages maybe.

TCP/IP Illustrated Vol 1, The Protocols
W.Richard Stevens
ISBN 0-201-63346-9
approx USD 65
http://makeashorterlink.com/?W63C125D5 (on amazon.com)
Pg 164.

Most UDP servers wildcard local IP address create a UDP endpoint.
Incoming UDP datagram destined for server port will be accepted on an
local interface.

Ex. Start a UDP server (Sun Unix with a sock utility) Don't have a Win
OS example handy.

sock -u -s 7777

netstat output is

Local Address *.7777
Foreign *.*

Server creates endpoint specify either host's local IP, incl. broadcast
addresses (my comment - as used in DHCP, it's a broadcast client to
server) Incoming UDP datagrams passed to endpoint only if dest addr
matches local IP addr. To restrict UDP to a specific port

sock -u -s 140.252.1.29 777

If server sent a datagram to 140.252.13.35 an ICMP port unreachable is
returned. The server never sees the data.

If an IP is specified, it has priority over wild card *.* addresses.



Restricting Foreign IP Addresses
Foreign IP/Port is shown as *.* endpoint will accept incoming UDP
datagram from any IP address and any port.

- my comments again -
This is where using a firewall and restrictions at you Internet
connection is used to block foreign posrt i.e. like *.137 i.e block all
addresses port 137, one of the netbios ports.

If it's blocked at fw, then netstat will show it's allowed locally,

-back to book-

Local Address / Foreign Address / Description

localIP.lport / foreignIP.fport / restricted to one client

localIP.lport / *.* / restricted to datagrams arriving on one local
interface.

*.lport / *.* / receives all datagrames sent to lport

-my comment-
what this looks like is again routing an incoming Public IP port 80
(for a web server) to a local IP on another port. Fowarding.
-end coment-

>>
>> It's only against Proto UDP that the address is *.*
>>
>> ftp://ftp.isi.edu/in-notes/rfc768.txt
>> User Datagram Protocol
>>

<snip>

Me
 
Reply With Quote
 
m.nouman m.nouman is offline
Junior Member
Join Date: Dec 2010
Posts: 1
 
      12-19-2010
following is the output:
TCP <HOST>:2331 114.71.61.77:microsoft-ds SYN_SENT 824
TCP <HOST>:2332 69.19.193.85:microsoft-ds SYN_SENT 824
TCP <HOST>:2333 70.61.21.14:microsoft-ds SYN_SENT 824
TCP <HOST>:2334 180.101.190.53:microsoft-ds SYN_SENT 824
TCP <HOST>:2335 78.127.48.82:microsoft-ds SYN_SENT 824
TCP <HOST>:2336 215.67.211.71:microsoft-ds SYN_SENT 824
TCP <HOST>:2337 220.73.64.67:microsoft-ds SYN_SENT 824


please update.

regards,
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Survey - implementing CRUD with "foreign name" instead of foreign key. H5N1 ASP .Net 0 05-03-2006 11:36 PM
Foreign network appearing on my laptop - please help Guy de Bossy Wireless Networking 4 07-04-2005 04:20 PM
Foreign Alphabet Characters nta@pipeline.com Firefox 1 10-31-2004 06:47 PM
WinME w/NortonAV boots with http to foreign IP address jayjwa Computer Security 6 10-04-2003 07:14 AM
mozilla in foreign languages? Ivan Sofa n.1 Firefox 1 09-24-2003 04:28 PM



Advertisments