A netstat primer




Дата канвертавання24.04.2016
Памер12.74 Kb.
A NETSTAT PRIMER
When you type Netsat alone(without any options) at the prompt, the result is a list of all the TCP connections between your computer and others.

The IP addressess are not shown in this mode. You see the more friendly hostnames.


Example:
Active Connections
Proto Local Address Foreign Address State

TCP jason:1395 www.pcworld.com:80 ESTABLISHED


Proto shows the Protocol being used. TCP is the most common and the only one shown in this no options mode.

Local address is your computer. In the above example, jason is the name you gave to your computer during Windows Setup. This is known as the local hostname.

The number besides jason - 1395 - is the local port that is open on your computer and being used by this connection.

Foreign Address is who you are connected to.. Here it is pcworld and the remote port for the OUT connection is 80 which is standard.

(Port 80 is used for http to connect to the world wide web).

Established means an active connection has been established between your computer and the other.


If under State you see LISTENING it means your computer will accept connections on this port but none have yet been established.
IP addresses and all ports
By using Netstat with the a (for all) and n (for numerical) switches by typing netstat -an at the prompt, we can see all connections in numerical form (by IP address)
Example:
Proto Local Address Foreign Address State
TCP 209.145.218.62 1395 65.220.224.30 80 ESTABLISHED
Here, instead of displaying your local hostname (Jason, in the previous example), your IP addressis being shown instead.

219.115.228.62 would be your local IP Address

Local port 1395 is open and you’re connected to 65.220.224.30 via remote port 80

65.220.224.30 is PCWorld.

Tip - If you enter 65.220.224.30 in your browser’s address bar it will take you to PCWorld just as if you would have entered www.pcworld.com , so if you're not sure who a certain IP belongs to, you can try accessing it via your browser.
For more info, you would do a search for it using a WHOIS search such as this one:

http://www.arin.net/whois/
For a list of port numbers and what they are normally used for, see here:

http://www.networksorcery.com/enp/protocol/ip/ports00000.htm
Note that many ports can be used by trojans. See here:

http://www.simovits.com/nyheter9902.html


More Netstat Tips
Save your Netstat info to a file: Example:

At the prompt, type Netstat -an >c:\netstat.txt

to produce a text document on your c: drive showing all your neststat connections.
If you're using Windows XP, you can get a list of all the commonly used ports.

Just go to your etc folder:

:\WINDOWS\system32\drivers\etc Inside, open the file named Services (if the file is of unknown type just rename it with a .txt extension and then open it)
To find out your IP address instantly just click here:

http://www.ipchicken.com/
Netstat switches
-a Displays all connections and listening ports.

-e Displays Ethernet statistics. This may be combined with the –s option.

-n Displays addresses and port numbers in numerical form.

-o Displays the owning process ID associated with each connection.

-p proto Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the –s option to display per-protocol statistics, proto may be any of:

IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.

-r Displays the routing table.

-s Displays per-protocol statistics. By default, statistics are

shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;

the -p option may be used to specify a subset of the default.

interval Redisplays selected statistics, pausing interval seconds

between each display. Press CTRL+C to stop redisplaying

statistics. If omitted, netstat will print the current

configuration information once.




www.freelists.org Netstat Page of


База данных защищена авторским правом ©shkola.of.by 2016
звярнуцца да адміністрацыі

    Галоўная старонка