Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

netstat

Started by Departed , May 09 2012 05:26 AM

Please log in to reply

3 replies to this topic

#1 Departed

New Member

Members
1 posts

Posted 09 May 2012 - 05:26 AM

http://www.bleepingcomputer.com/tutorials/tracing-a-hacker/

Re above

Can someone explain this netstat log

Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Users\username>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 VAIO:0 LISTENING
TCP 0.0.0.0:445 VAIO:0 LISTENING
TCP 0.0.0.0:3389 VAIO:0 LISTENING
TCP 0.0.0.0:5000 VAIO:0 LISTENING
TCP 0.0.0.0:5001 VAIO:0 LISTENING
TCP 0.0.0.0:5002 VAIO:0 LISTENING
TCP 0.0.0.0:5003 VAIO:0 LISTENING
TCP 0.0.0.0:5004 VAIO:0 LISTENING
TCP 0.0.0.0:5005 VAIO:0 LISTENING
TCP 0.0.0.0:5006 VAIO:0 LISTENING
TCP 0.0.0.0:5357 VAIO:0 LISTENING
TCP 0.0.0.0:10058 VAIO:0 LISTENING
TCP 0.0.0.0:51493 VAIO:0 LISTENING
TCP 127.0.0.1:1025 VAIO:0 LISTENING
TCP 127.0.0.1:1054 VAIO:1055 ESTABLISHED
TCP 127.0.0.1:1055 VAIO:1054 ESTABLISHED
TCP 192.168.1.2:139 VAIO:0 LISTENING
TCP 192.168.1.2:4900 download:http CLOSE_WAIT
TCP 192.168.1.2:4901 downloads:http CLOSE_WAIT
TCP 192.168.1.2:5085 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5086 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5087 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5091 r2:http ESTABLISHED
TCP 192.168.1.2:5092 r2:http ESTABLISHED
TCP 192.168.1.2:5093 origin:http ESTABLISHED
TCP 192.168.1.2:5094 r1:http ESTABLISHED
TCP 192.168.1.2:5095 l1:http TIME_WAIT
TCP 192.168.1.2:5099 r2:http ESTABLISHED
TCP 192.168.1.2:5100 r2:http ESTABLISHED
TCP 192.168.1.2:5101 r1:http ESTABLISHED
TCP 192.168.1.2:5102 r1:http ESTABLISHED
TCP [::]:135 VAIO:0 LISTENING
TCP [::]:445 VAIO:0 LISTENING
TCP [::]:3389 VAIO:0 LISTENING
TCP [::]:5000 VAIO:0 LISTENING
TCP [::]:5001 VAIO:0 LISTENING
TCP [::]:5002 VAIO:0 LISTENING
TCP [::]:5003 VAIO:0 LISTENING
TCP [::]:5004 VAIO:0 LISTENING
TCP [::]:5005 VAIO:0 LISTENING
TCP [::]:5006 VAIO:0 LISTENING
TCP [::]:5357 VAIO:0 LISTENING
TCP [::1]:1027 VAIO:0 LISTENING
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:51493 *:*
UDP 0.0.0.0:64983 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49646 *:*
UDP 192.168.1.2:137 *:*
UDP 192.168.1.2:138 *:*
UDP 192.168.1.2:1900 *:*
UDP 192.168.1.2:1900 *:*
UDP 192.168.1.2:49645 *:*
UDP [::]:123 *:*
UDP [::]:500 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:64984 *:*
UDP [::1]:1900 *:*
UDP [::1]:49644 *:*

C:\Users\username>netstat -b

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1054 VAIO:1055 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1055 VAIO:1054 ESTABLISHED
[firefox.exe]
TCP 192.168.1.2:4900 download:http CLOSE_WAIT
[cmdagent.exe]
TCP 192.168.1.2:4901 downloads:http CLOSE_WAIT
[cmdagent.exe]
TCP 192.168.1.2:5085 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5086 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5087 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5091 r2:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5092 r2:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5093 origin:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5094 r1:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5095 l1:http TIME_WAIT
TCP 192.168.1.2:5099 r2:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5100 r2:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5101 r1:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5102 r1:http ESTABLISHED
[POPPeeper.exe]

Edited by hamluis, 11 May 2012 - 05:37 AM.
Moved to Networking from Vista - Hamluis.

Back to top

BC Ads
BleepingComputer.com

#2 hamluis

Moderator

Moderator
35,818 posts

Gender:Male
Location:Killeen, TX

Posted 11 May 2012 - 05:36 AM

FWIW

Louis

Am I Infected, What Do I Do?
Preparation Guide, Malware Log Topics
Using The Report Button
Misplaced Malware Logs
Discussion Forum Rules

Back to top

#3 Guest_Xircal_*

Guests

Posted 11 May 2012 - 07:09 AM

Download "CurrPorts" from here: http://nirsoft.net/utils/cports.html Double click the results to get more info.

I see from the title of your post though that you're trying to trace a hacker. Why d'you think there is one?

Back to top

#4 Paul21

New Member

Members
4 posts

Posted 19 May 2012 - 12:25 AM

Are you using a Sony Desktop computer? According to your log, this may look like Sony software (Vaio) is trying to access your computer through your router to keep you up to date with Sony. I'm guessing that this is okay. However, get some more opinions if you can. You never know, it could be malware too.

Back to top

Back to Networking

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users