netstat -a question

Discussion in 'Computer Security' started by Patrick Sullivan, Jul 19, 2005.

  1. I have been trying to figure out why this computer (Jim) has all these
    ded.pacbell.net listeners in it. It's my boss's systenm, uses the same
    connections I do, same software etc. But mine (w2005) looks more normal.
    TIA!

    Active Connections (in computer Jim)

    Proto Local Address Foreign Address State
    TCP jim:epmap ded.pacbell.net:0 LISTENING
    TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING
    TCP jim:1025 ded.pacbell.net:0 LISTENING
    TCP jim:1026 ded.pacbell.net:0 LISTENING
    TCP jim:10110 ded.pacbell.net:0 LISTENING
    UDP jim:microsoft-ds *:*

    Active Connections (in computer w2005)

    Proto Local Address Foreign Address State
    TCP w2005:epmap w2005:0 LISTENING
    TCP w2005:microsoft-ds w2005:0 LISTENING
    TCP w2005:1025 w2005:0 LISTENING
    TCP w2005:1026 w2005:0 LISTENING
    TCP w2005:10110 w2005:0 LISTENING
    UDP w2005:microsoft-ds *:*
    UDP w2005:isakmp *:*

    Patrick
     
    Patrick Sullivan, Jul 19, 2005
    #1
    1. Advertising

  2. Patrick Sullivan wrote:

    > I have been trying to figure out why this computer (Jim) has all these
    > ded.pacbell.net listeners in it. It's my boss's systenm, uses the same
    > connections I do, same software etc. But mine (w2005) looks more normal.
    > TIA!
    >
    > Active Connections (in computer Jim)
    >
    > Proto Local Address Foreign Address State
    > TCP jim:epmap ded.pacbell.net:0 LISTENING
    > TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING
    > TCP jim:1025 ded.pacbell.net:0 LISTENING
    > TCP jim:1026 ded.pacbell.net:0 LISTENING
    > TCP jim:10110 ded.pacbell.net:0 LISTENING
    > UDP jim:microsoft-ds *:*
    >
    > Active Connections (in computer w2005)
    >
    > Proto Local Address Foreign Address State
    > TCP w2005:epmap w2005:0 LISTENING
    > TCP w2005:microsoft-ds w2005:0 LISTENING
    > TCP w2005:1025 w2005:0 LISTENING
    > TCP w2005:1026 w2005:0 LISTENING
    > TCP w2005:10110 w2005:0 LISTENING
    > UDP w2005:microsoft-ds *:*
    > UDP w2005:isakmp *:*
    >
    > Patrick


    try the "-n" flag on the netstat command line. That'll show you the IP
    addresses instead of the names, which might give you the clues you need.
    My first guess would be that there's some oddiosity with the DNS.

    How many network cards does the machine have?

    What operating system are you using?

    Chris
    --
    Minimal false-possitive packet matching for complex protocols with Linux
    and IpTables .. http://www.lowth.com/rope
     
    Wolfman's Brother, Jul 21, 2005
    #2
    1. Advertising

  3. Using Win2k on both machines, no NICs, just modems. I'll see what -n says
    tomorrow, thanks.


    "Wolfman's Brother" <> wrote in message
    news:voNDe.9603$...
    > Patrick Sullivan wrote:
    >
    > > I have been trying to figure out why this computer (Jim) has all these
    > > ded.pacbell.net listeners in it. It's my boss's systenm, uses the same
    > > connections I do, same software etc. But mine (w2005) looks more normal.
    > > TIA!
    > >
    > > Active Connections (in computer Jim)
    > >
    > > Proto Local Address Foreign Address State
    > > TCP jim:epmap ded.pacbell.net:0 LISTENING
    > > TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING
    > > TCP jim:1025 ded.pacbell.net:0 LISTENING
    > > TCP jim:1026 ded.pacbell.net:0 LISTENING
    > > TCP jim:10110 ded.pacbell.net:0 LISTENING
    > > UDP jim:microsoft-ds *:*
    > >
    > > Active Connections (in computer w2005)
    > >
    > > Proto Local Address Foreign Address State
    > > TCP w2005:epmap w2005:0 LISTENING
    > > TCP w2005:microsoft-ds w2005:0 LISTENING
    > > TCP w2005:1025 w2005:0 LISTENING
    > > TCP w2005:1026 w2005:0 LISTENING
    > > TCP w2005:10110 w2005:0 LISTENING
    > > UDP w2005:microsoft-ds *:*
    > > UDP w2005:isakmp *:*
    > >
    > > Patrick

    >
    > try the "-n" flag on the netstat command line. That'll show you the IP
    > addresses instead of the names, which might give you the clues you need.
    > My first guess would be that there's some oddiosity with the DNS.
    >
    > How many network cards does the machine have?
    >
    > What operating system are you using?
    >
    > Chris
    > --
    > Minimal false-possitive packet matching for complex protocols with Linux
    > and IpTables .. http://www.lowth.com/rope
    >
     
    Patrick Sullivan, Jul 22, 2005
    #3
  4. Patrick Sullivan

    winged Guest

    Patrick Sullivan wrote:
    > Using Win2k on both machines, no NICs, just modems. I'll see what -n says
    > tomorrow, thanks.
    >
    >
    > "Wolfman's Brother" <> wrote in message
    > news:voNDe.9603$...
    >
    >>Patrick Sullivan wrote:
    >>
    >>
    >>>I have been trying to figure out why this computer (Jim) has all these
    >>>ded.pacbell.net listeners in it. It's my boss's systenm, uses the same
    >>>connections I do, same software etc. But mine (w2005) looks more normal.
    >>>TIA!
    >>>
    >>>Active Connections (in computer Jim)
    >>>
    >>> Proto Local Address Foreign Address State
    >>> TCP jim:epmap ded.pacbell.net:0 LISTENING
    >>> TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING
    >>> TCP jim:1025 ded.pacbell.net:0 LISTENING
    >>> TCP jim:1026 ded.pacbell.net:0 LISTENING
    >>> TCP jim:10110 ded.pacbell.net:0 LISTENING
    >>> UDP jim:microsoft-ds *:*
    >>>
    >>>Active Connections (in computer w2005)
    >>>
    >>> Proto Local Address Foreign Address State
    >>> TCP w2005:epmap w2005:0 LISTENING
    >>> TCP w2005:microsoft-ds w2005:0 LISTENING
    >>> TCP w2005:1025 w2005:0 LISTENING
    >>> TCP w2005:1026 w2005:0 LISTENING
    >>> TCP w2005:10110 w2005:0 LISTENING
    >>> UDP w2005:microsoft-ds *:*
    >>> UDP w2005:isakmp *:*
    >>>
    >>>Patrick

    >>
    >>try the "-n" flag on the netstat command line. That'll show you the IP
    >>addresses instead of the names, which might give you the clues you need.
    >>My first guess would be that there's some oddiosity with the DNS.
    >>
    >>How many network cards does the machine have?
    >>
    >>What operating system are you using?
    >>
    >>Chris
    >>--
    >>Minimal false-possitive packet matching for complex protocols with Linux
    >>and IpTables .. http://www.lowth.com/rope
    >>

    >
    >
    >

    I would think of potential ms rpc compromise though i can't be sure from
    what's provided. Are these machines going through a common firewall or
    is w2005 (your maachine) using boss machine as a network gateway?

    I must be tired to ask the question...
    winged
     
    winged, Jul 22, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?V2FsbHk=?=

    Netstat command

    =?Utf-8?B?V2FsbHk=?=, Mar 25, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    748
  2. tokyosky

    netstat question

    tokyosky, Dec 28, 2005, in forum: Firefox
    Replies:
    13
    Views:
    3,742
    Adrian
    Dec 29, 2005
  3. Curley Bur¢h

    netstat.exe foreign address

    Curley Bur¢h, Sep 7, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    20,846
    m.nouman
    Dec 19, 2010
  4. velc

    netstat

    velc, Jun 29, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    4,306
    Blinky the Shark
    Jun 30, 2004
  5. Jacko

    netstat/port question

    Jacko, Aug 22, 2003, in forum: Computer Security
    Replies:
    3
    Views:
    13,209
    Jacko
    Aug 22, 2003
Loading...

Share This Page