Analysis of Netstat

NamasteMan
6 years ago

0

I have searched many hours about it but still have no real idea as to what I am looking at, have a gander here and suggest if you would be concerned or not:

C:\Windows\system32>netstat -ano

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 900
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1280 0.0.0.0:0 LISTENING 652
TCP 0.0.0.0:1281 0.0.0.0:0 LISTENING 1032
TCP 0.0.0.0:1282 0.0.0.0:0 LISTENING 1064
TCP 0.0.0.0:1283 0.0.0.0:0 LISTENING 1760
TCP 0.0.0.0:1285 0.0.0.0:0 LISTENING 784
TCP 0.0.0.0:1286 0.0.0.0:0 LISTENING 776
TCP 127.0.0.1:1284 0.0.0.0:0 LISTENING 1948
TCP 127.0.0.1:2833 127.0.0.1:2834 ESTABLISHED 1948
TCP 127.0.0.1:2834 127.0.0.1:2833 ESTABLISHED 1948
TCP 127.0.0.1:2872 127.0.0.1:2873 ESTABLISHED 1436
TCP 127.0.0.1:2873 127.0.0.1:2872 ESTABLISHED 1436
TCP 127.0.0.1:2874 127.0.0.1:2875 ESTABLISHED 4028
TCP 127.0.0.1:2875 127.0.0.1:2874 ESTABLISHED 4028
TCP 127.0.0.1:2878 127.0.0.1:2879 ESTABLISHED 4892
TCP 127.0.0.1:2879 127.0.0.1:2878 ESTABLISHED 4892
TCP 127.0.0.1:2888 127.0.0.1:2889 ESTABLISHED 2960
TCP 127.0.0.1:2889 127.0.0.1:2888 ESTABLISHED 2960
TCP 192.168.1.9:139 0.0.0.0:0 LISTENING 4
TCP 192.168.1.9:1038 40.67.254.97:443 ESTABLISHED 572
TCP 192.168.1.9:2836 213.155.156.71:443 ESTABLISHED 1948
TCP 192.168.1.9:3156 85.159.213.101:443 ESTABLISHED 1436
TCP 192.168.1.9:3160 54.210.3.254:443 ESTABLISHED 1436
TCP 192.168.1.9:3162 35.171.73.174:443 ESTABLISHED 1436
TCP [::]:135 [::]:0 LISTENING 900
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:1280 [::]:0 LISTENING 652
TCP [::]:1281 [::]:0 LISTENING 1032
TCP [::]:1282 [::]:0 LISTENING 1064
TCP [::]:1283 [::]:0 LISTENING 1760
TCP [::]:1285 [::]:0 LISTENING 784
TCP [::]:1286 [::]:0 LISTENING 776
TCP [::1]:1299 [::]:0 LISTENING 5136
UDP 0.0.0.0:500 : 1064
UDP 0.0.0.0:4500 : 1064
UDP 0.0.0.0:5355 : 1564
UDP 127.0.0.1:1900 : 1812
UDP 127.0.0.1:52777 : 1812
UDP 192.168.1.9:137 : 4
UDP 192.168.1.9:138 : 4
UDP 192.168.1.9:1900 : 1812
UDP [::]:500 : 1064
UDP [::]:4500 : 1064
UDP [::]:5355 : 1564
UDP [::1]:1900 : 1812
UDP [::1]:52776 : 1812
UDP [fe80::b171:8bed:1a66:5f18%3]:1900 : 1812

2replies
2voices
382views
dloser
6 years ago

0

Try running it with the option -b as well. The -o option is useful if you have a look on the system itself to find which process belongs to which pid. We cannot, unless we have hacked your system. ;)

The only things that seem a bit peculiar are the ports 128x and 28yz. Could be some virusscanner or firewall or something. 213.155.156.71 seems to have belonged to Kaspersky, so that would probably explain it.

NamasteMan
6 years ago

0

Yeah I thought as much, the lap top I use is all over the place at the moment, I am a complete newbie lol. I have started taking great delight in “tinkering”, the most recent one that has cropped up is the time indifference.

Running SQL and it fails in the logs it shows an hour time difference, it also does that same with online radio shows. It’s like everything is an hour ahead? Weird huu? So on the display it shows the current time of 11:32 in the uk 01/11/2018, yet in my SQL log it show the time as 12:32 in the uk 01/11/2018. I have got netsynce installed and also have checked the bios time also also CMD shows the time at 11:33.
Is this something else I should also be worried about do you recon?

Also thank’s for the response dude

You must be logged in to reply to this discussion. Login
1 of 3

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss