Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

netstat


  • Please log in to reply
3 replies to this topic

#1 Departed

Departed

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 09 May 2012 - 05:26 AM

http://www.bleepingcomputer.com/tutorials/tracing-a-hacker/

Re above

Can someone explain this netstat log


Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Users\username>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 VAIO:0 LISTENING
TCP 0.0.0.0:445 VAIO:0 LISTENING
TCP 0.0.0.0:3389 VAIO:0 LISTENING
TCP 0.0.0.0:5000 VAIO:0 LISTENING
TCP 0.0.0.0:5001 VAIO:0 LISTENING
TCP 0.0.0.0:5002 VAIO:0 LISTENING
TCP 0.0.0.0:5003 VAIO:0 LISTENING
TCP 0.0.0.0:5004 VAIO:0 LISTENING
TCP 0.0.0.0:5005 VAIO:0 LISTENING
TCP 0.0.0.0:5006 VAIO:0 LISTENING
TCP 0.0.0.0:5357 VAIO:0 LISTENING
TCP 0.0.0.0:10058 VAIO:0 LISTENING
TCP 0.0.0.0:51493 VAIO:0 LISTENING
TCP 127.0.0.1:1025 VAIO:0 LISTENING
TCP 127.0.0.1:1054 VAIO:1055 ESTABLISHED
TCP 127.0.0.1:1055 VAIO:1054 ESTABLISHED
TCP 192.168.1.2:139 VAIO:0 LISTENING
TCP 192.168.1.2:4900 download:http CLOSE_WAIT
TCP 192.168.1.2:4901 downloads:http CLOSE_WAIT
TCP 192.168.1.2:5085 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5086 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5087 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5091 r2:http ESTABLISHED
TCP 192.168.1.2:5092 r2:http ESTABLISHED
TCP 192.168.1.2:5093 origin:http ESTABLISHED
TCP 192.168.1.2:5094 r1:http ESTABLISHED
TCP 192.168.1.2:5095 l1:http TIME_WAIT
TCP 192.168.1.2:5099 r2:http ESTABLISHED
TCP 192.168.1.2:5100 r2:http ESTABLISHED
TCP 192.168.1.2:5101 r1:http ESTABLISHED
TCP 192.168.1.2:5102 r1:http ESTABLISHED
TCP [::]:135 VAIO:0 LISTENING
TCP [::]:445 VAIO:0 LISTENING
TCP [::]:3389 VAIO:0 LISTENING
TCP [::]:5000 VAIO:0 LISTENING
TCP [::]:5001 VAIO:0 LISTENING
TCP [::]:5002 VAIO:0 LISTENING
TCP [::]:5003 VAIO:0 LISTENING
TCP [::]:5004 VAIO:0 LISTENING
TCP [::]:5005 VAIO:0 LISTENING
TCP [::]:5006 VAIO:0 LISTENING
TCP [::]:5357 VAIO:0 LISTENING
TCP [::1]:1027 VAIO:0 LISTENING
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:51493 *:*
UDP 0.0.0.0:64983 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49646 *:*
UDP 192.168.1.2:137 *:*
UDP 192.168.1.2:138 *:*
UDP 192.168.1.2:1900 *:*
UDP 192.168.1.2:1900 *:*
UDP 192.168.1.2:49645 *:*
UDP [::]:123 *:*
UDP [::]:500 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:64984 *:*
UDP [::1]:1900 *:*
UDP [::1]:49644 *:*

C:\Users\username>netstat -b

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1054 VAIO:1055 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1055 VAIO:1054 ESTABLISHED
[firefox.exe]
TCP 192.168.1.2:4900 download:http CLOSE_WAIT
[cmdagent.exe]
TCP 192.168.1.2:4901 downloads:http CLOSE_WAIT
[cmdagent.exe]
TCP 192.168.1.2:5085 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5086 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5087 dy-in-f100:http TIME_WAIT
TCP 192.168.1.2:5091 r2:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5092 r2:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5093 origin:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5094 r1:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5095 l1:http TIME_WAIT
TCP 192.168.1.2:5099 r2:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5100 r2:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5101 r1:http ESTABLISHED
[POPPeeper.exe]
TCP 192.168.1.2:5102 r1:http ESTABLISHED
[POPPeeper.exe]

Edited by hamluis, 11 May 2012 - 05:37 AM.
Moved to Networking from Vista - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 40,797 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:41 AM

Posted 11 May 2012 - 05:36 AM

FWIW

Louis

#3 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 11 May 2012 - 07:09 AM

Download "CurrPorts" from here: http://nirsoft.net/utils/cports.html Double click the results to get more info.

I see from the title of your post though that you're trying to trace a hacker. Why d'you think there is one?

#4 Paul21

Paul21

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 19 May 2012 - 12:25 AM

Are you using a Sony Desktop computer? According to your log, this may look like Sony software (Vaio) is trying to access your computer through your router to keep you up to date with Sony. I'm guessing that this is okay. However, get some more opinions if you can. You never know, it could be malware too.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users