W
Will DeKroney
Recently a run of 'netstat -a' produced the list of active connections
shown below. The computer is running Windows XP SP1 in a non-Domain
network. All of the connections to 'beyond.com' are particularly
interesting. I need advice about methods that could be used to
identify what programs are initiating those processes and how to shut
them down.
This is an obviously brief description so I will be ready to answer
more specific questions that are relevant to identifying the
connection source.
Will
************
Active Connections
Proto Local Address Foreign Address State
TCP kathy:time beyond.com:0 LISTENING
TCP kathy:epmap beyond.com:0 LISTENING
TCP kathy:microsoft-ds beyond.com:0 LISTENING
TCP kathy:1024 beyond.com:0 LISTENING
TCP kathy:1025 beyond.com:0 LISTENING
TCP kathy:1038 beyond.com:0 LISTENING
TCP kathy:1075 beyond.com:0 LISTENING
TCP kathy:1122 beyond.com:0 LISTENING
TCP kathy:1463 beyond.com:0 LISTENING
TCP kathy:2149 beyond.com:0 LISTENING
TCP kathy:2172 beyond.com:0 LISTENING
TCP kathy:2190 beyond.com:0 LISTENING
TCP kathy:2608 beyond.com:0 LISTENING
TCP kathy:3117 beyond.com:0 LISTENING
TCP kathy:3350 beyond.com:0 LISTENING
TCP kathy:5000 beyond.com:0 LISTENING
TCP kathy:8100 beyond.com:0 LISTENING
TCP kathy:1024 localhost:2172 ESTABLISHED
TCP kathy:1121 beyond.com:0 LISTENING
TCP kathy:1121 localhost:1122 ESTABLISHED
TCP kathy:1122 localhost:1121 ESTABLISHED
TCP kathy:2172 localhost:1024 ESTABLISHED
TCP kathy:2607 beyond.com:0 LISTENING
TCP kathy:2607 localhost:2608 ESTABLISHED
TCP kathy:2608 localhost:2607 ESTABLISHED
TCP kathy:5100 beyond.com:0 LISTENING
TCP kathy:8117 beyond.com:0 LISTENING
TCP kathy:netbios-ssn beyond.com:0 LISTENING
TCP kathy:1075 htx417-f.cce.hp.com:ftp FIN_WAIT_2
TCP kathy:1463 dux434.den.hp.com:ftp FIN_WAIT_2
TCP kathy:2149 213.244.181.53:http FIN_WAIT_2
TCP kathy:3117 mail.cablespeed.com:ftp CLOSE_WAIT
TCP kathy:3350 mail.cablespeed.com:ftp CLOSE_WAIT
UDP kathy:time *:*
UDP kathy:ntp *:*
UDP kathy:microsoft-ds *:*
UDP kathy:1026 *:*
UDP kathy:1027 *:*
UDP kathy:1028 *:*
UDP kathy:1029 *:*
UDP kathy:1030 *:*
UDP kathy:2190 *:*
UDP kathy:1534 *:*
UDP kathy:1802 *:*
UDP kathy:1900 *:*
UDP kathy:netbios-ns *:*
UDP kathy:netbios-dgm *:*
UDP kathy:1900 *:*
UDP kathy:2051 *:*
shown below. The computer is running Windows XP SP1 in a non-Domain
network. All of the connections to 'beyond.com' are particularly
interesting. I need advice about methods that could be used to
identify what programs are initiating those processes and how to shut
them down.
This is an obviously brief description so I will be ready to answer
more specific questions that are relevant to identifying the
connection source.
Will
************
Active Connections
Proto Local Address Foreign Address State
TCP kathy:time beyond.com:0 LISTENING
TCP kathy:epmap beyond.com:0 LISTENING
TCP kathy:microsoft-ds beyond.com:0 LISTENING
TCP kathy:1024 beyond.com:0 LISTENING
TCP kathy:1025 beyond.com:0 LISTENING
TCP kathy:1038 beyond.com:0 LISTENING
TCP kathy:1075 beyond.com:0 LISTENING
TCP kathy:1122 beyond.com:0 LISTENING
TCP kathy:1463 beyond.com:0 LISTENING
TCP kathy:2149 beyond.com:0 LISTENING
TCP kathy:2172 beyond.com:0 LISTENING
TCP kathy:2190 beyond.com:0 LISTENING
TCP kathy:2608 beyond.com:0 LISTENING
TCP kathy:3117 beyond.com:0 LISTENING
TCP kathy:3350 beyond.com:0 LISTENING
TCP kathy:5000 beyond.com:0 LISTENING
TCP kathy:8100 beyond.com:0 LISTENING
TCP kathy:1024 localhost:2172 ESTABLISHED
TCP kathy:1121 beyond.com:0 LISTENING
TCP kathy:1121 localhost:1122 ESTABLISHED
TCP kathy:1122 localhost:1121 ESTABLISHED
TCP kathy:2172 localhost:1024 ESTABLISHED
TCP kathy:2607 beyond.com:0 LISTENING
TCP kathy:2607 localhost:2608 ESTABLISHED
TCP kathy:2608 localhost:2607 ESTABLISHED
TCP kathy:5100 beyond.com:0 LISTENING
TCP kathy:8117 beyond.com:0 LISTENING
TCP kathy:netbios-ssn beyond.com:0 LISTENING
TCP kathy:1075 htx417-f.cce.hp.com:ftp FIN_WAIT_2
TCP kathy:1463 dux434.den.hp.com:ftp FIN_WAIT_2
TCP kathy:2149 213.244.181.53:http FIN_WAIT_2
TCP kathy:3117 mail.cablespeed.com:ftp CLOSE_WAIT
TCP kathy:3350 mail.cablespeed.com:ftp CLOSE_WAIT
UDP kathy:time *:*
UDP kathy:ntp *:*
UDP kathy:microsoft-ds *:*
UDP kathy:1026 *:*
UDP kathy:1027 *:*
UDP kathy:1028 *:*
UDP kathy:1029 *:*
UDP kathy:1030 *:*
UDP kathy:2190 *:*
UDP kathy:1534 *:*
UDP kathy:1802 *:*
UDP kathy:1900 *:*
UDP kathy:netbios-ns *:*
UDP kathy:netbios-dgm *:*
UDP kathy:1900 *:*
UDP kathy:2051 *:*