netstat.exe foreign address

Discussion in 'Computer Support' started by Curley Bur¢h, Sep 7, 2003.

  1. What does it signify when a port's "Foreign Address" is *:* . The "State"
    field is always blank with these ports.

    I have several ports with this disposition. An external probe never shows
    them to be responsive.

    Thanks for any information on this.
     
    Curley Bur¢h, Sep 7, 2003
    #1
    1. Advertising

  2. Curley Bur¢h

    pcbutts1 Guest

    The foreign address is the IP address that, what ever is using that port, is
    connected to.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    Sharpvision simply the best http://www.seedsv.com



    "Curley Bur¢h" <> wrote in message
    news:D8G6b.2499$...
    > What does it signify when a port's "Foreign Address" is *:* . The "State"
    > field is always blank with these ports.
    >
    > I have several ports with this disposition. An external probe never shows
    > them to be responsive.
    >
    > Thanks for any information on this.
    >
    >
    >
    >
     
    pcbutts1, Sep 7, 2003
    #2
    1. Advertising

  3. Curley Bur¢h

    why? Guest

    On Sun, 07 Sep 2003 13:12:03 GMT, Curley Bur¢h wrote:

    >What does it signify when a port's "Foreign Address" is *:* . The "State"
    >field is always blank with these ports.


    It's only against Proto UDP that the address is *.*

    ftp://ftp.isi.edu/in-notes/rfc768.txt
    User Datagram Protocol

    http://www.webopedia.com/TERM/U/User_Datagram_Protocol.html

    I should know the answer to this, something to do with my job :)
    However I guess it's because UDP is a connectionless protocol.

    <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/netstat.asp>

    You may like to try another couple of utilities, GUI versions of
    netstat.

    www.sysinternals.com
    TDImon
    TCPview


    <snip>
    Me
     
    why?, Sep 7, 2003
    #3
  4. x-no-archive: yes

    Thanks very much for these links! Especially sysinternals. Very useful stuff
    there.

    I'm left in the lurch about the open UDP ports. Does this mean my system has
    something to distribute? I'm a little concerned that there is an undetected
    trojan resident....

    Regards

    why? wrote:
    > On Sun, 07 Sep 2003 13:12:03 GMT, Curley Bur¢h wrote:
    >
    >> What does it signify when a port's "Foreign Address" is *:* . The
    >> "State" field is always blank with these ports.

    >
    > It's only against Proto UDP that the address is *.*
    >
    > ftp://ftp.isi.edu/in-notes/rfc768.txt
    > User Datagram Protocol
    >
    > http://www.webopedia.com/TERM/U/User_Datagram_Protocol.html
    >
    > I should know the answer to this, something to do with my job :)
    > However I guess it's because UDP is a connectionless protocol.
    >
    >

    <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtech
    nol/winxppro/proddocs/netstat.asp>
    >
    > You may like to try another couple of utilities, GUI versions of
    > netstat.
    >
    > www.sysinternals.com
    > TDImon
    > TCPview
    >
    >
    > <snip>
    > Me
     
    ǵrleý ßûr¢h, Sep 8, 2003
    #4
  5. Curley Bur¢h

    why? Guest

    X-No-Archive: Yes
    On Mon, 08 Sep 2003 12:31:12 GMT, ǵrleý ßûr¢h wrote:

    >x-no-archive: yes
    >
    >Thanks very much for these links! Especially sysinternals. Very useful stuff
    >there.
    >
    >I'm left in the lurch about the open UDP ports. Does this mean my system has


    http://www.faqs.org/rfcs/rfc955.html
    A good example, TCP used to update a DNS database i.e. it must be
    reliable. Then it mentions why UDP is not a good choice.

    >something to distribute? I'm a little concerned that there is an undetected
    >trojan resident....


    As long as yo have spyware / trojan detection and kept up to date there
    is a low chance of one of those being something nasty.

    As an example,

    UDP pc:bootps *:*
    UDP pc:ntp *:*
    UDP pc:epmap *:*
    UDP pc:snmp *:*


    My PC has DHCP, SNMP and a NTP client. This I know so it's okay, epmap
    on port 135 (RPC) calls, exploited by some worms etc. Generally this is
    http://www.webopedia.com/TERM/D/DCE.html
    closed to Internet traffic blocked by router/firewall but I have it
    enabled to local trusted PC addresses only.

    >Regards
    >
    >why? wrote:
    >> On Sun, 07 Sep 2003 13:12:03 GMT, Curley Bur¢h wrote:
    >>
    >>> What does it signify when a port's "Foreign Address" is *:* . The
    >>> "State" field is always blank with these ports.


    Quick and dirty summary -

    You may not want to buy these books (below is 1 of the 3) , it's a bit
    heavy going :) check the library and copy a few pages maybe.

    TCP/IP Illustrated Vol 1, The Protocols
    W.Richard Stevens
    ISBN 0-201-63346-9
    approx USD 65
    http://makeashorterlink.com/?W63C125D5 (on amazon.com)
    Pg 164.

    Most UDP servers wildcard local IP address create a UDP endpoint.
    Incoming UDP datagram destined for server port will be accepted on an
    local interface.

    Ex. Start a UDP server (Sun Unix with a sock utility) Don't have a Win
    OS example handy.

    sock -u -s 7777

    netstat output is

    Local Address *.7777
    Foreign *.*

    Server creates endpoint specify either host's local IP, incl. broadcast
    addresses (my comment - as used in DHCP, it's a broadcast client to
    server) Incoming UDP datagrams passed to endpoint only if dest addr
    matches local IP addr. To restrict UDP to a specific port

    sock -u -s 140.252.1.29 777

    If server sent a datagram to 140.252.13.35 an ICMP port unreachable is
    returned. The server never sees the data.

    If an IP is specified, it has priority over wild card *.* addresses.



    Restricting Foreign IP Addresses
    Foreign IP/Port is shown as *.* endpoint will accept incoming UDP
    datagram from any IP address and any port.

    - my comments again -
    This is where using a firewall and restrictions at you Internet
    connection is used to block foreign posrt i.e. like *.137 i.e block all
    addresses port 137, one of the netbios ports.

    If it's blocked at fw, then netstat will show it's allowed locally,

    -back to book-

    Local Address / Foreign Address / Description

    localIP.lport / foreignIP.fport / restricted to one client

    localIP.lport / *.* / restricted to datagrams arriving on one local
    interface.

    *.lport / *.* / receives all datagrames sent to lport

    -my comment-
    what this looks like is again routing an incoming Public IP port 80
    (for a web server) to a local IP on another port. Fowarding.
    -end coment-

    >>
    >> It's only against Proto UDP that the address is *.*
    >>
    >> ftp://ftp.isi.edu/in-notes/rfc768.txt
    >> User Datagram Protocol
    >>

    <snip>

    Me
     
    why?, Sep 8, 2003
    #5
  6. Curley Bur¢h

    m.nouman

    Joined:
    Dec 19, 2010
    Messages:
    1
    NETSTAT shows public IPs while server is note connected to internet

    following is the output:
    TCP <HOST>:2331 114.71.61.77:microsoft-ds SYN_SENT 824
    TCP <HOST>:2332 69.19.193.85:microsoft-ds SYN_SENT 824
    TCP <HOST>:2333 70.61.21.14:microsoft-ds SYN_SENT 824
    TCP <HOST>:2334 180.101.190.53:microsoft-ds SYN_SENT 824
    TCP <HOST>:2335 78.127.48.82:microsoft-ds SYN_SENT 824
    TCP <HOST>:2336 215.67.211.71:microsoft-ds SYN_SENT 824
    TCP <HOST>:2337 220.73.64.67:microsoft-ds SYN_SENT 824


    please update.

    regards,
     
    m.nouman, Dec 19, 2010
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?V2FsbHk=?=

    Netstat command

    =?Utf-8?B?V2FsbHk=?=, Mar 25, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    767
  2. tokyosky

    netstat question

    tokyosky, Dec 28, 2005, in forum: Firefox
    Replies:
    13
    Views:
    3,790
    Adrian
    Dec 29, 2005
  3. velc

    netstat

    velc, Jun 29, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    4,335
    Blinky the Shark
    Jun 30, 2004
  4. sponge

    netstat -a, shows a foreign contact

    sponge, Sep 9, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    556
    sponge
    Sep 9, 2003
  5. jayjwa
    Replies:
    6
    Views:
    1,141
    jayjwa
    Oct 4, 2003
Loading...

Share This Page