|
|
|
|
07-19-2005, 10:39 PM
|
#1 |
netstat -a question
I have been trying to figure out why this computer (Jim) has all these
ded.pacbell.net listeners in it. It's my boss's systenm, uses the same connections I do, same software etc. But mine (w2005) looks more normal. TIA! Active Connections (in computer Jim) Proto Local Address Foreign Address State TCP jim:epmap ded.pacbell.net:0 LISTENING TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING TCP jim:1025 ded.pacbell.net:0 LISTENING TCP jim:1026 ded.pacbell.net:0 LISTENING TCP jim:10110 ded.pacbell.net:0 LISTENING UDP jim:microsoft-ds *:* Active Connections (in computer w2005) Proto Local Address Foreign Address State TCP w2005:epmap w2005:0 LISTENING TCP w2005:microsoft-ds w2005:0 LISTENING TCP w2005:1025 w2005:0 LISTENING TCP w2005:1026 w2005:0 LISTENING TCP w2005:10110 w2005:0 LISTENING UDP w2005:microsoft-ds *:* UDP w2005:isakmp *:* Patrick Patrick Sullivan |
|
|
|
07-21-2005, 02:26 PM
|
#2 |
|
Posts: n/a
|
Re: netstat -a question
Patrick Sullivan wrote:
> I have been trying to figure out why this computer (Jim) has all these > ded.pacbell.net listeners in it. It's my boss's systenm, uses the same > connections I do, same software etc. But mine (w2005) looks more normal. > TIA! > > Active Connections (in computer Jim) > > Proto Local Address Foreign Address State > TCP jim:epmap ded.pacbell.net:0 LISTENING > TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING > TCP jim:1025 ded.pacbell.net:0 LISTENING > TCP jim:1026 ded.pacbell.net:0 LISTENING > TCP jim:10110 ded.pacbell.net:0 LISTENING > UDP jim:microsoft-ds *:* > > Active Connections (in computer w2005) > > Proto Local Address Foreign Address State > TCP w2005:epmap w2005:0 LISTENING > TCP w2005:microsoft-ds w2005:0 LISTENING > TCP w2005:1025 w2005:0 LISTENING > TCP w2005:1026 w2005:0 LISTENING > TCP w2005:10110 w2005:0 LISTENING > UDP w2005:microsoft-ds *:* > UDP w2005:isakmp *:* > > Patrick try the "-n" flag on the netstat command line. That'll show you the IP addresses instead of the names, which might give you the clues you need. My first guess would be that there's some oddiosity with the DNS. How many network cards does the machine have? What operating system are you using? Chris -- Minimal false-possitive packet matching for complex protocols with Linux and IpTables .. http://www.lowth.com/rope |
|
|
|
07-22-2005, 06:38 AM
|
#3 |
|
Posts: n/a
|
Re: netstat -a question
Using Win2k on both machines, no NICs, just modems. I'll see what -n says
tomorrow, thanks. "Wolfman's Brother" <> wrote in message news:voNDe.9603$... > Patrick Sullivan wrote: > > > I have been trying to figure out why this computer (Jim) has all these > > ded.pacbell.net listeners in it. It's my boss's systenm, uses the same > > connections I do, same software etc. But mine (w2005) looks more normal. > > TIA! > > > > Active Connections (in computer Jim) > > > > Proto Local Address Foreign Address State > > TCP jim:epmap ded.pacbell.net:0 LISTENING > > TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING > > TCP jim:1025 ded.pacbell.net:0 LISTENING > > TCP jim:1026 ded.pacbell.net:0 LISTENING > > TCP jim:10110 ded.pacbell.net:0 LISTENING > > UDP jim:microsoft-ds *:* > > > > Active Connections (in computer w2005) > > > > Proto Local Address Foreign Address State > > TCP w2005:epmap w2005:0 LISTENING > > TCP w2005:microsoft-ds w2005:0 LISTENING > > TCP w2005:1025 w2005:0 LISTENING > > TCP w2005:1026 w2005:0 LISTENING > > TCP w2005:10110 w2005:0 LISTENING > > UDP w2005:microsoft-ds *:* > > UDP w2005:isakmp *:* > > > > Patrick > > try the "-n" flag on the netstat command line. That'll show you the IP > addresses instead of the names, which might give you the clues you need. > My first guess would be that there's some oddiosity with the DNS. > > How many network cards does the machine have? > > What operating system are you using? > > Chris > -- > Minimal false-possitive packet matching for complex protocols with Linux > and IpTables .. http://www.lowth.com/rope > |
|
|
|
07-22-2005, 07:58 AM
|
#4 |
|
Posts: n/a
|
Re: netstat -a question
Patrick Sullivan wrote:
> Using Win2k on both machines, no NICs, just modems. I'll see what -n says > tomorrow, thanks. > > > "Wolfman's Brother" <> wrote in message > news:voNDe.9603$... > >>Patrick Sullivan wrote: >> >> >>>I have been trying to figure out why this computer (Jim) has all these >>>ded.pacbell.net listeners in it. It's my boss's systenm, uses the same >>>connections I do, same software etc. But mine (w2005) looks more normal. >>>TIA! >>> >>>Active Connections (in computer Jim) >>> >>> Proto Local Address Foreign Address State >>> TCP jim:epmap ded.pacbell.net:0 LISTENING >>> TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING >>> TCP jim:1025 ded.pacbell.net:0 LISTENING >>> TCP jim:1026 ded.pacbell.net:0 LISTENING >>> TCP jim:10110 ded.pacbell.net:0 LISTENING >>> UDP jim:microsoft-ds *:* >>> >>>Active Connections (in computer w2005) >>> >>> Proto Local Address Foreign Address State >>> TCP w2005:epmap w2005:0 LISTENING >>> TCP w2005:microsoft-ds w2005:0 LISTENING >>> TCP w2005:1025 w2005:0 LISTENING >>> TCP w2005:1026 w2005:0 LISTENING >>> TCP w2005:10110 w2005:0 LISTENING >>> UDP w2005:microsoft-ds *:* >>> UDP w2005:isakmp *:* >>> >>>Patrick >> >>try the "-n" flag on the netstat command line. That'll show you the IP >>addresses instead of the names, which might give you the clues you need. >>My first guess would be that there's some oddiosity with the DNS. >> >>How many network cards does the machine have? >> >>What operating system are you using? >> >>Chris >>-- >>Minimal false-possitive packet matching for complex protocols with Linux >>and IpTables .. http://www.lowth.com/rope >> > > > I would think of potential ms rpc compromise though i can't be sure from what's provided. Are these machines going through a common firewall or is w2005 (your maachine) using boss machine as a network gateway? I must be tired to ask the question... winged |
|
|
