View original (French)

Problem with netstat

Solved
garou -  
 paul -
Hello,
I just ran netstat, so I either lack skills and that's why I'm calling on your expertise or this is really weird, so tell me what to do, thank you for your help. I'm attaching the netstat txt, thank you for responding.

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\HP_Owner>netstat -abnov

Active Connections

Proto Local Address Remote Address State
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
-- unknown components --
[System]

UDP 0.0.0.0:500 *:* 648
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\oakley.DLL
C:\WINDOWS\system32\LSASRV.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[lsass.exe]

UDP 0.0.0.0:1260 *:* 988
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:445 *:* 4
-- unknown components --
[System]

UDP 0.0.0.0:1042 *:* 988
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:4500 *:* 648
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\oakley.DLL
C:\WINDOWS\system32\LSASRV.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[lsass.exe]

UDP 0.0.0.0:1054 *:* 988
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 85.68.242.133:123 *:* 916
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 85.68.242.133:1900 *:* 1016
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:1900 *:* 1016
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:123 *:* 916
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

C:\Documents and Settings\HP_Owner>
Configuration: Windows XP Firefox 2.0.0.11

7 answers

Answer 1 / 7
MisticRiver
 
Having "established" connections is perfectly normal, even if no applications are running.
Windows has "services" that run in the background (mostly svchost, but there can be others, especially if, for example, media player or others are configured to connect to the internet - even when not launched) and manage a lot of things necessary for the proper functioning of your PC (TCP, DHCP, DNS, Windows Update, etc., etc.). Some drivers or apps have a service running in the background to check if new versions are available, even if these apps are not running (like iTunes, for example). It's not uncommon, just after a Windows installation, to have at least 10-15 of these connections. Nothing alarming.
In any case, Vista is still heavily fortified in terms of security, which makes it annoying and heavy, and not very popular.
1
Answer 2 / 7
nono1er Posted messages 1436 Status Member 140
 
Hello, try instead a: netstat -na
making sure to close everything that goes on the internet beforehand.
0
garou
 
re I did the manipulation you told me to and the result is here, I am attaching the netstat


Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\HP_Owner>netstat -na

Active Connections

Proto Local Address Remote Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1041 0.0.0.0:0 LISTENING
TCP 0.0.0.0:44334 0.0.0.0:0 LISTENING
TCP 0.0.0.0:44501 0.0.0.0:0 LISTENING
TCP 85.68.242.133:1487 212.95.67.120:80 TIME_WAIT
TCP 85.68.242.133:1493 212.95.67.120:80 TIME_WAIT
TCP 85.68.242.133:1495 209.85.129.165:80 TIME_WAIT
TCP 85.68.242.133:1497 209.85.129.165:80 TIME_WAIT
TCP 85.68.242.133:1499 209.85.129.165:80 TIME_WAIT
TCP 85.68.242.133:1508 212.95.67.120:80 TIME_WAIT
TCP 85.68.242.133:1510 74.125.39.166:80 TIME_WAIT
TCP 85.68.242.133:1512 74.125.39.166:80 TIME_WAIT
TCP 85.68.242.133:1521 212.95.67.120:80 TIME_WAIT
TCP 85.68.242.133:1523 74.125.39.166:80 TIME_WAIT
TCP 85.68.242.133:1525 74.125.39.166:80 TIME_WAIT
TCP 85.68.242.133:1527 74.125.39.166:80 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:44334 ESTABLISHED
TCP 127.0.0.1:1028 127.0.0.1:1034 ESTABLISHED
TCP 127.0.0.1:1033 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1034 127.0.0.1:1028 ESTABLISHED
TCP 127.0.0.1:1039 127.0.0.1:44334 ESTABLISHED
TCP 127.0.0.1:1041 127.0.0.1:1043 ESTABLISHED
TCP 127.0.0.1:1043 127.0.0.1:1041 ESTABLISHED
TCP 127.0.0.1:1309 127.0.0.1:1308 TIME_WAIT
TCP 127.0.0.1:1481 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1484 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1486 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1488 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1490 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1492 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1494 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1496 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1498 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1500 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1503 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1505 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1507 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1509 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1511 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1513 127.0.0.1:44501 TIME_WAIT
TCP 127.0.0.1:1516 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1518 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1520 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1522 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1524 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1526 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1528 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12080 127.0.0.1:1514 TIME_WAIT
TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING
TCP 127.0.0.1:44334 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:44334 127.0.0.1:1039 ESTABLISHED
TCP 127.0.0.1:44501 127.0.0.1:1483 TIME_WAIT
TCP 127.0.0.1:44501 127.0.0.1:1502 TIME_WAIT
TCP 127.0.0.1:44501 127.0.0.1:1530 TIME_WAIT
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1027 *:*
UDP 0.0.0.0:1029 *:*
UDP 0.0.0.0:1040 *:*
UDP 0.0.0.0:1042 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:44334 *:*
UDP 85.68.242.133:123 *:*
UDP 85.68.242.133:1900 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*

C:\Documents and Settings\HP_Owner>
0
Answer 3 / 7
nono1er Posted messages 1436 Status Member 140
 
Hi
everything seems fine
if you had a hacker connected without your knowledge, you would have seen a line with an external IP marked: Established
That's not the case
0
garou
 
I'm opening Firefox or Explorer, and I have a [system process]:0 with several ports that I can't stop.

Look:



[System Process]:0 TCP name-641695c7437:44501 localhost:2006 TIME_WAIT
alg.exe:2256 TCP name-641695c7437:1037 name-641695c7437:0 LISTENING
firefox.exe:2148 TCP name-641695c7437:1905 localhost:1906 ESTABLISHED
firefox.exe:2148 TCP name-641695c7437:1906 localhost:1905 ESTABLISHED
firefox.exe:2148 TCP name-641695c7437:1907 localhost:1908 ESTABLISHED
firefox.exe:2148 TCP name-641695c7437:1908 localhost:1907 ESTABLISHED
iexplore.exe:3912 UDP name-641695c7437:1164 *:*
kpf4gui.exe:1140 TCP name-641695c7437:1025 localhost:44334 ESTABLISHED
kpf4gui.exe:1140 TCP name-641695c7437:1027 localhost:1039 ESTABLISHED
kpf4gui.exe:1140 TCP name-641695c7437:1027 name-641695c7437:0 LISTENING
kpf4gui.exe:1140 UDP name-641695c7437:1028 *:*
kpf4gui.exe:1140 UDP name-641695c7437:1026 *:*
kpf4gui.exe:2516 TCP name-641695c7437:1050 localhost:1061 ESTABLISHED
kpf4gui.exe:2516 TCP name-641695c7437:1047 localhost:44334 ESTABLISHED
kpf4gui.exe:2516 TCP name-641695c7437:1050 name-641695c7437:0 LISTENING
kpf4gui.exe:2516 UDP name-641695c7437:1048 *:*
kpf4gui.exe:2516 UDP name-641695c7437:1053 *:*
kpf4ss.exe:364 TCP name-641695c7437:1061 localhost:1050 ESTABLISHED
kpf4ss.exe:364 TCP name-641695c7437:44334 localhost:1025 ESTABLISHED
kpf4ss.exe:364 TCP name-641695c7437:1039 localhost:1027 ESTABLISHED
kpf4ss.exe:364 TCP name-641695c7437:44334 localhost:1047 ESTABLISHED
kpf4ss.exe:364 TCP name-641695c7437:44334 name-641695c7437:0 LISTENING
kpf4ss.exe:364 TCP name-641695c7437:44501 name-641695c7437:0 LISTENING
kpf4ss.exe:364 UDP name-641695c7437:1058 *:*
kpf4ss.exe:364 UDP name-641695c7437:1059 *:*
kpf4ss.exe:364 UDP name-641695c7437:1056 *:*
kpf4ss.exe:364 UDP name-641695c7437:1060 *:*
kpf4ss.exe:364 UDP name-641695c7437:44334 *:*
kpf4ss.exe:364 UDP name-641695c7437:1057 *:*
lsass.exe:644 UDP name-641695c7437:isakmp *:*
lsass.exe:644 UDP name-641695c7437:4500 *:*
svchost.exe:1016 UDP name-641695c7437:1156 *:*
svchost.exe:1016 UDP name-641695c7437:1075 *:*
svchost.exe:1080 UDP name-641695c7437:1900 *:*
svchost.exe:1080 UDP name-641695c7437:1900 *:*
svchost.exe:872 TCP name-641695c7437:epmap name-641695c7437:0 LISTENING
svchost.exe:916 UDP name-641695c7437:ntp *:*
svchost.exe:916 UDP name-641695c7437:ntp *:*
System:4 TCP name-641695c7437:microsoft-ds name-641695c7437:0 LISTENING
System:4 UDP name-641695c7437:microsoft-ds *:*
0
boubou34500 Posted messages 3 Status Member
 
Good evening,
I have a problem, I know I'm being spied on through MSN, and I'm fed up with my computer, please help me!
Here I did a netstat, first analysis:
Proto Local Address Remote Address State
TCP 127.0.0.1:12080 PC-de-DELPHINE:52317 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:52321 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:52327 TIME_WAIT
TCP 192.168.1.10:52177 80.15.236.223:http TIME_WAIT
TCP 192.168.1.10:52185 80.15.236.167:http TIME_WAIT
TCP 192.168.1.10:52310 65.54.195.188:http TIME_WAIT
TCP 192.168.1.10:52315 80.15.236.158:http TIME_WAIT
TCP 192.168.1.10:52316 80.15.236.158:http TIME_WAIT
TCP 192.168.1.10:52320 80.15.236.237:http TIME_WAIT
TCP 192.168.1.10:52326 216.54.220.240:http TIME_WAIT
TCP 192.168.1.10:52331 65.54.239.20:msnp TIME_WAIT
TCP 192.168.1.10:52332 65.54.165.136:https TIME_WAIT
TCP 192.168.1.10:52335 by1msg2093117:msnp TIME_WAIT
TCP 192.168.1.10:52339 65.54.239.20:msnp TIME_WAIT
TCP 192.168.1.10:52342 by1msg2245412:msnp ESTABLISHED
TCP 192.168.1.10:52343 65.54.239.24:http ESTABLISHED
TCP 192.168.1.10:52344 207.46.113.221:https ESTABLISHED
TCP 192.168.1.10:52345 207.46.26.253:7001 TIME_WAIT
TCP 192.168.1.10:52345 207.46.26.254:7001 TIME_WAIT
TCP 192.168.1.10:52348 213.199.166.30:http ESTABLISHED
TCP 192.168.1.10:52349 80.15.236.192:http ESTABLISHED
TCP 192.168.1.10:52355 207.46.113.221:https ESTABLISHED
TCP 192.168.1.10:52356 213.199.162.96:http LAST_ACK
TCP 192.168.1.10:52358 213.199.162.96:http ESTABLISHED
TCP 192.168.1.10:52359 213.199.162.96:http SYN_SENT

then netsta -na:
Proto Local Address Remote Address State
TCP 127.0.0.1:12080 PC-de-DELPHINE:52317 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:52321 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:52327 TIME_WAIT
TCP 192.168.1.10:52177 80.15.236.223:http TIME_WAIT
TCP 192.168.1.10:52185 80.15.236.167:http TIME_WAIT
TCP 192.168.1.10:52310 65.54.195.188:http TIME_WAIT
TCP 192.168.1.10:52315 80.15.236.158:http TIME_WAIT
TCP 192.168.1.10:52316 80.15.236.158:http TIME_WAIT
TCP 192.168.1.10:52320 80.15.236.237:http TIME_WAIT
TCP 192.168.1.10:52326 216.54.220.240:http TIME_WAIT
TCP 192.168.1.10:52331 65.54.239.20:msnp TIME_WAIT
TCP 192.168.1.10:52332 65.54.165.136:https TIME_WAIT
TCP 192.168.1.10:52335 by1msg2093117:msnp TIME_WAIT
TCP 192.168.1.10:52339 65.54.239.20:msnp TIME_WAIT
TCP 192.168.1.10:52342 by1msg2245412:msnp ESTABLISHED
TCP 192.168.1.10:52343 65.54.239.24:http ESTABLISHED
TCP 192.168.1.10:52344 207.46.113.221:https ESTABLISHED
TCP 192.168.1.10:52345 207.46.26.253:7001 TIME_WAIT
TCP 192.168.1.10:52345 207.46.26.254:7001 TIME_WAIT
TCP 192.168.1.10:52348 213.199.166.30:http ESTABLISHED
TCP 192.168.1.10:52349 80.15.236.192:http ESTABLISHED
TCP 192.168.1.10:52355 207.46.113.221:https ESTABLISHED
TCP 192.168.1.10:52356 213.199.162.96:http LAST_ACK
TCP 192.168.1.10:52358 213.199.162.96:http ESTABLISHED
TCP 192.168.1.10:52359 213.199.162.96:http SYN_SENT

What do you think, can you help me? Thank you in advance, as I'm suffocating here!!
0
boubou34500
 
re-good evening...

a new netstat:

Proto Local Address Remote Address State
TCP 192.168.1.10:53271 nf-in-f104:http LAST_ACK
TCP 192.168.1.10:53275 nf-in-f104:http LAST_ACK
TCP 192.168.1.10:53299 91.103.136.102:http TIME_WAIT
TCP 192.168.1.10:53391 213-248-125-19:http TIME_WAIT
TCP 192.168.1.10:53405 www:http FIN_WAIT_1
TCP 192.168.1.10:53468 ug-in-f164:http LAST_ACK
TCP 192.168.1.10:53475 ug-in-f164:http LAST_ACK
TCP 192.168.1.10:53517 fg-in-f91:http LAST_ACK

What can I do, since I know that I'm being spied on, especially on MSN, I must have something on the computer but I don't know where to look because my boyfriend had access to my computer, he's the one who installed everything!!!! He doesn't trust me and is spying on me, I can't take it anymore! Thank you for your help!!!!
0
biloute59320 Posted messages 8 Status Member > boubou34500
 
Good evening,

I just took a look at your Netstats, and there's nothing abnormal in there (except maybe, I think I detected an eMule running?^^)

The connections (ports) that are open on your PC mostly correspond to your MSN, Internet Explorer, eMule, etc... all normal stuff, nothing more! It's a perfectly healthy PC, at least regarding apps that can connect to the net to send information. No spyware outgoing, no suspicious incoming connections... I would even say that's quite rare these days!

Then, there are the junk files on your machine, but any decent recent antivirus, even free ones (like Antivir - avoid Avast, which has become quite mediocre lately) would detect them in no time.

Now, if you say your friend was able to read the conversations, it could be that you might have activated the conversation history. That's the only way to read their content. In that case, they are stored and encrypted locally on your hard drive, and if he opens your MSN session with your account on your PC, or if you leave your MSN open with your account while you're in the bathroom, he might gain access and read them. That's a lot of conditions....

In any case, run a full scan with Antivir on your C drive, and if there’s any spyware, it will find it. Just don’t confuse spyware installed by some crappy freewares or "toolbars"… your friend wouldn’t be to blame for that.

Afterwards, if he has doubts about your romantic integrity, he might have faked something to know the truth and see if you panic ^^ it works too and isn't detected by antivirus :p
0
boubou34500 > biloute59320 Posted messages 8 Status Member
 
Hello,
Thank you for your reply, but he doesn't have access to my computer because we live far apart; he was the one who set it up for me, and since then, he's been spying on me. It's definitely through MSN, I've received fake messages on my Hotmail, and coincidentally after that, he starts questioning me, and that's just the tip of the iceberg because it's getting unhealthy, he's going too far! Could he have put something on my computer that would give him all my data, is that possible? Because once he installed a keylogger on me and I found it by chance, and now, I'm not sure where to look since he put Vista on it and I'm not very familiar with that.
In any case, thank you for your help.
0
Answer 4 / 7
nono1er Posted messages 1436 Status Member 140
 
Hi
with which command did you get this list?
0
garou
 
TCPView is a small software to see the movements on your connection.
0
Answer 5 / 7
hey
 
Good evening,

Could you clarify my netstat for me, as I don’t understand anything! A thousand thanks!!!!

Active connections

Proto Local Address Remote Address State
TCP 127.0.0.1:12080 PC-de-DELPHINE:49480 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49496 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49502 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49508 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49510 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49512 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49514 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49516 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49520 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49522 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49524 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49528 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49530 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49534 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49541 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49543 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49547 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49551 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49553 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49555 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49557 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49559 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49561 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49564 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49576 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49604 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49612 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49614 TIME_WAIT
TCP 127.0.0.1:12080 PC-de-DELPHINE:49616 TIME_WAIT
TCP 127.0.0.1:49490 PC-de-DELPHINE:12080 TIME_WAIT
TCP 127.0.0.1:49492 PC-de-DELPHINE:12080 TIME_WAIT
TCP 127.0.0.1:49532 PC-de-DELPHINE:12080 TIME_WAIT
TCP 127.0.0.1:49537 PC-de-DELPHINE:12080 TIME_WAIT
TCP 127.0.0.1:49549 PC-de-DELPHINE:12080 TIME_WAIT
TCP 127.0.0.1:49553 PC-de-DELPHINE:12080 TIME_WAIT
TCP 192.168.1.10:49215 by1msg5093114:msnp ESTABLISHED
TCP 192.168.1.10:49479 80.15.236.192:http TIME_WAIT
TCP 192.168.1.10:49483 80.15.236.192:http TIME_WAIT
TCP 192.168.1.10:49485 80.15.236.223:http TIME_WAIT
TCP 192.168.1.10:49487 65.55.197.247:http TIME_WAIT
TCP 192.168.1.10:49489 65.55.249.67:http TIME_WAIT
TCP 192.168.1.10:49507 80.15.236.223:http TIME_WAIT
TCP 192.168.1.10:49519 80.15.236.230:http TIME_WAIT
TCP 192.168.1.10:49527 80.15.236.167:http TIME_WAIT
TCP 192.168.1.10:49536 by1msg3082110:msnp ESTABLISHED
TCP 192.168.1.10:49540 80.15.236.237:http TIME_WAIT
TCP 192.168.1.10:49546 80.15.236.229:http TIME_WAIT
TCP 192.168.1.10:49567 213.199.166.30:http TIME_WAIT
TCP 192.168.1.10:49569 213.199.164.14:http TIME_WAIT
TCP 192.168.1.10:49571 199.93.57.124:http TIME_WAIT
TCP 192.168.1.10:49574 199.93.57.124:http TIME_WAIT
TCP 192.168.1.10:49575 199.93.57.124:http TIME_WAIT
TCP 192.168.1.10:49579 207.123.33.124:http TIME_WAIT
TCP 192.168.1.10:49581 omniture:http TIME_WAIT
TCP 192.168.1.10:49583 65.55.249.68:http TIME_WAIT
TCP 192.168.1.10:49589 205.128.69.124:http TIME_WAIT
TCP 192.168.1.10:49590 205.128.69.124:http TIME_WAIT
TCP 192.168.1.10:49591 207.123.33.124:http TIME_WAIT
TCP 192.168.1.10:49592 207.123.33.124:http TIME_WAIT
TCP 192.168.1.10:49593 65.55.197.254:http TIME_WAIT
TCP 192.168.1.10:49595 65.55.249.68:http TIME_WAIT
TCP 192.168.1.10:49597 65.55.249.68:http TIME_WAIT
TCP 192.168.1.10:49599 65.55.197.254:http TIME_WAIT
TCP 192.168.1.10:49602 209.84.7.125:http TIME_WAIT
TCP 192.168.1.10:49603 209.84.7.125:http TIME_WAIT
TCP 192.168.1.10:49607 207.123.33.126:http TIME_WAIT
TCP 192.168.1.10:49609 65.54.194.102:http TIME_WAIT
TCP 192.168.1.10:49611 207.123.33.126:http TIME_WAIT
TCP 192.168.1.10:49619 213.199.164.18:http TIME_WAIT
TCP 192.168.1.10:49621 209.84.7.125:http TIME_WAIT
0
Goofy
 
Good evening,

netstat shows the open ports used by the installed applications running on your machine and connected to the net.
It's important to know that any application connecting to the net uses a port (for example, if you use Internet Explorer, you will often see lots of windows using port 80, which is the one for websites).
What's important are those marked "ESTABLISHED".

In your case, it mainly concerns your MSN Messenger software that is connected.
Nothing else is active.

You will see that if you have fun launching Yahoo Messenger, Google Messenger, Firefox, IE, or when your antivirus updates, some ports will appear. It's mandatory ^^
0
domael88 Posted messages 263 Status Member 1 > Goofy
 
Hello, how do you copy and paste your bio? What is the "no" for? I don't understand anything about what is written.
0
Answer 6 / 7
novice et debutante
 
Good evening everyone,

I also just did a netstat and I have a friend who's a computer engineer who reconfigured my computer running Vista. He showed me a lot of interesting things on the web, and one day I discovered that he knew when I was online even when I was offline (without a photo displayed). He doesn't want to answer when I ask him how he does it, so I don't feel secure on my new computer because I don't understand everything in Vista...

I did a netstat while only opening MSN, and I have several remote addresses with "established," 12 (even though everyone is offline!). My local address is always the same. Can you tell me if my computer is being controlled remotely, please? Thank you...

I also want to point out that when I close MSN, I have no active connections, not even my antivirus, which is always running....

Thank you for enlightening me.
0
Answer 7 / 7
joel80
 
it's really nice vista, and those who say that UAC is annoying, personally I don't find it annoying at all.

same goes for system restore, you can't even mess up your system if you make a wrong move...
0