netstat Output Analysis

[Poontos]

Can someone please analyize me netstat output, preferrably each TCP & UDP connection listed. Thank you!

Z:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP notyourpc:epmap notyourpc:0 LISTENING
TCP notyourpc:microsoft-ds notyourpc:0 LISTENING
TCP notyourpc:1025 notyourpc:0 LISTENING
TCP notyourpc:1031 notyourpc:0 LISTENING
TCP notyourpc:44334 notyourpc:0 LISTENING
TCP notyourpc:1032 notyourpc:0 LISTENING
UDP notyourpc:epmap *:*
UDP notyourpc:microsoft-ds *:*
UDP notyourpc:1029 *:*
UDP notyourpc:44334 *:*
UDP notyourpc:1034 *:*
UDP notyourpc:isakmp *:*

 

[JustinLerner]

Type in netstat -an and you will get a list of ports that correspond to the names you just saw. In other words, isakmp (the same as IKE) will be UDP port 500 and microsoft-ds will be UDP/TCP port 445. Let me add the following: epmap is port 135 for loc-srv DCE endpoint mapping.

*.* = UDP protocol so reliable connections not maintained -- UDP is a connectionless protocol
Listening = TCP port listening
Established = TCP connection established to other IP address listed at port listed

 

[Poontos]

How come all the other ones (ike, ms-ds, epmap, etc.) have disappeared?


ip# = real IP removed


C:\>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1034 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1038 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1592 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1593 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1594 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1596 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1597 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1604 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1608 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1610 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1612 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1622 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1623 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3355 0.0.0.0:0 LISTENING
TCP 0.0.0.0:44334 0.0.0.0:0 LISTENING
TCP 192.168.1.69:1034 ip#:22 ESTABLISHED
TCP 192.168.1.69:1038 ip#:1863 ESTABLISHED
TCP 192.168.1.69:1578 ip#:80 TIME_WAIT
TCP 192.168.1.69:1579 ip#:80 TIME_WAIT
TCP 192.168.1.69:1580 ip#:80 TIME_WAIT
TCP 192.168.1.69:1582 ip#:80 TIME_WAIT
TCP 192.168.1.69:1592 ip#:80 ESTABLISHED
TCP 192.168.1.69:1593 ip#:80 ESTABLISHED
TCP 192.168.1.69:1594 ip#:80 ESTABLISHED
TCP 192.168.1.69:1596 ip#:80 ESTABLISHED
TCP 192.168.1.69:1597 ip#:80 ESTABLISHED
TCP 192.168.1.69:1604 ip#:80 ESTABLISHED
TCP 192.168.1.69:1608 ip#:80 ESTABLISHED
TCP 192.168.1.69:1610 ip#:80 ESTABLISHED
TCP 192.168.1.69:1612 ip#:80 ESTABLISHED
TCP 192.168.1.69:1622 ip#:80 ESTABLISHED
TCP 192.168.1.69:1623 ip#:80 ESTABLISHED
TCP 192.168.1.69:3355 IP#:80 CLOSE_WAIT
TCP 192.168.1.69:11910 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:1028 *:*
UDP 0.0.0.0:1036 *:*
UDP 0.0.0.0:44334 *:*
UDP 127.0.0.1:1039 *:*
UDP 127.0.0.1:1636 *:*
UDP 127.0.0.1:1669 *:*
UDP 127.0.0.1:1905 *:*
UDP 192.168.1.69:500 *:*
UDP 192.168.1.69:1037 *:*
UDP 192.168.1.69:14385 *:*

C:\>

Thanks for the response!

 

[Thor86]

What do you mean by analyze? Are you wondering what services your computer ports are listening? If so, then look for a small program called FPORT which maps all listening ports to their respective services/apps running on your computer.