Netstat shjows "extra" connections

B

Bob

Greetings:

OK, short version of a long story... think I may have contracted a
virus yesterday. Looked in netstat, saw some connections to APNIC
addresses that should not have been there. Have installed all the
latest MS updates now as well as run lots of virus checks.. seems
close to normal operation. Client in win2kPro.

While I was having problems, I was watching netstat. There were lots
(like thirty0 connection that looked like this (different ports, of
course):

TCP system1:1025 .:http LISTENING

First question: What's with the ".http:" as a foreign address?

After my repair efforts, I do not see these connections anymore. But,
I do see a lot (10-15) of connections like the following for a while
after boot/login (varying ports):

TCP system1:1025 system1:0 LISTENING

Second question: What's with all these connections?

Third Question: Is there some way to see what process causes a
connection on win2K? I know under XP I can just do netstat -o and see
it... that option is not available on win2K. Can I just pirate the
netstat program off an XP Pro system ? Is there another way?

Thanks
 
M

Mark R. Blain

Greetings:

OK, short version of a long story... think I may have contracted a
virus yesterday. Looked in netstat, saw some connections to APNIC
addresses that should not have been there. Have installed all the
latest MS updates now as well as run lots of virus checks.. seems
close to normal operation. Client in win2kPro.

While I was having problems, I was watching netstat. There were lots
(like thirty0 connection that looked like this (different ports, of
course):

TCP system1:1025 .:http LISTENING

First question: What's with the ".http:" as a foreign address?

After my repair efforts, I do not see these connections anymore. But,
I do see a lot (10-15) of connections like the following for a while
after boot/login (varying ports):

TCP system1:1025 system1:0 LISTENING

Second question: What's with all these connections?

Third Question: Is there some way to see what process causes a
connection on win2K? I know under XP I can just do netstat -o and see
it... that option is not available on win2K. Can I just pirate the
netstat program off an XP Pro system ? Is there another way?

Thanks
Click to expand...

Does this information about possible uses of port 1025 help?
<http://grc.com/port_1025.htm>

Grab a copy of TCPVIEW from sysinternals.com and run it as an
*administrator* to help determine what is listening on that port. If
you want netstat, check the Support Tools folder on the XP
installation CD-ROM for an enhanced version (the new "-o" option lists
the PID of the process that owns each port).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

TCP Connection - Established 5
Help interpreting Windows netstat -ab command results 4
Suspicious netstat connections. Any cause for concern? 3
Remote Desktop Protocol Error between XP pro PC and NT Server 4.0 4
Port 1025 8
Security 1
netstat some versions ??? 5
NETSTAT -b option.... SYN_SEND ... SYN_SENT... 2

Top