Posted 19 January 2009 - 09:39 PM
Just wondering if anyone can offer a bit of help. I figured my computer was definitely infected after files started going missing and it was running really slowly, so I backed up my exisiting files to an external hd, and reinstalled the operating system, but I've heard that some viruses can withstand that. I've had a look at the tutorials and found out about netstat to view any activity via the virtual ports, but there's a few things I'm not sure about, so here goes:
1. When running the command netstat -an, if local address is simply my computer, how come I've got a whole load of different IP addresses in this category, none of which are my own IP address?
2. Is it normal to have multiple readouts of 0.0.0.0 under both local and foreign address when the state shows 'listening'? (Under local address these readouts tend to show a high port number after 0.0.0.0 usually round about the 49000 mark, but under foreign address it's always port 0).
3. For TCP readouts, what does it mean when you see [::] instead of an IP address, and likewise with UDP readouts, what does *:* mean?
4. Would it be safe to say that if someone were remotely accessing your PC the connection state would have to show 'established' as opposed to 'listening'?
Hope I've made sense there, any help would be much appreciated, thanks.