Help interpreting Windows netstat -ab command results

R

Ron Drake

Can someon advise a beginner on the netstat -ab results?

Looking for hidden listening devices, with nothing overtly running, I
see the following results.

C:\> netstat -ab
Active Connections
Proto Local Address Foreign Address State PID
TCP PC:microsoft-ds PC:0 LISTENING 4 [System]
TCP PC:netbios-ssn PC:0 LISTENING 4 [System]
UDP PC:microsoft-ds *:* 4 [System]
UDP PC:netbios-dgm *:* 4 [System]
UDP PC:netbios-ns *:* 4 [System]

Can you help a newbie?
Do you have insight as to what these strange connections are?
 
W

Walter Mautner

Ron said:
Can someon advise a beginner on the netstat -ab results?

Looking for hidden listening devices, with nothing overtly running, I
see the following results.

C:\> netstat -ab
Active Connections
Proto Local Address Foreign Address State PID
TCP PC:microsoft-ds PC:0 LISTENING 4 [System]
TCP PC:netbios-ssn PC:0 LISTENING 4 [System]
UDP PC:microsoft-ds *:* 4 [System]
UDP PC:netbios-dgm *:* 4 [System]
UDP PC:netbios-ns *:* 4 [System]
These are the well-known services for netbios file and print sharing.
Look at your
windows/system32/drivers/etc/services (text file, to open with editor) for
reference.
 
D

Dom

C:\> netstat -ab
Active Connections
Proto Local Address Foreign Address State PID
TCP PC:microsoft-ds PC:0 LISTENING 4 [System]
TCP PC:netbios-ssn PC:0 LISTENING 4 [System]
UDP PC:microsoft-ds *:* 4 [System]
UDP PC:netbios-dgm *:* 4 [System]
UDP PC:netbios-ns *:* 4 [System]

These are not connections. These simply indicate sockets on which the
computer is listening.
 
R

Ramesh, MS-MVP

From Eric Fitzgerald [MS]

NetBIOS-SSN is port 139 tcp. It's used for SMB communications between
Windows machines. If you are all Windows 2000, you can try disabling
NetBIOS in network connections/<your connection>/TCP/IP
properties/Advanced/WINS. If you start having file sharing or printing
problems, though, you'll need to turn it back on.

microsoft-ds:
http://groups.google.com/group/microsoft.public.windows.server.security/msg/ae67c864301fd4a4?hl=en&


--
Regards,

Ramesh Srinivasan, Microsoft MVP [Windows XP Shell/User]
Windows® XP Troubleshooting http://www.winhelponline.com


Can someon advise a beginner on the netstat -ab results?

Looking for hidden listening devices, with nothing overtly running, I
see the following results.

C:\> netstat -ab
Active Connections
Proto Local Address Foreign Address State PID
TCP PC:microsoft-ds PC:0 LISTENING 4 [System]
TCP PC:netbios-ssn PC:0 LISTENING 4 [System]
UDP PC:microsoft-ds *:* 4 [System]
UDP PC:netbios-dgm *:* 4 [System]
UDP PC:netbios-ns *:* 4 [System]

Can you help a newbie?
Do you have insight as to what these strange connections are?
 
W

Wayne McGlinn

Ron Drake said:
Can someon advise a beginner on the netstat -ab results?

Looking for hidden listening devices, with nothing overtly running, I
see the following results.

C:\> netstat -ab
Active Connections
Proto Local Address Foreign Address State PID
TCP PC:microsoft-ds PC:0 LISTENING 4 [System]
TCP PC:netbios-ssn PC:0 LISTENING 4 [System]
UDP PC:microsoft-ds *:* 4 [System]
UDP PC:netbios-dgm *:* 4 [System]
UDP PC:netbios-ns *:* 4 [System]

Can you help a newbie?
Do you have insight as to what these strange connections are?

Ron, try this link, should help you heaps! (I entered "help for netstat
output" into Google, minus the quotes)
http://www.securitydocs.com/library/3318

Wayne McGlinn
Brisbane, Oz
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top