Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

netstat - unusual listing


  • Please log in to reply
4 replies to this topic

#1 flguru

flguru

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 24 February 2014 - 02:32 PM

Hello,

 

I was unfortunately hit by a trojan and I have since fixed that.  But what I am seeing when I do a "netstat" is the ShieldsUp site establishing on my Internet connection (grc.com and grctech.com).  Why is this happening?  I have not been to that site in several days. 

 

Thanks.

 

Computer:  Dell Latitude D610, Dial-Up

 

 



BC AdBot (Login to Remove)

 


#2 czarboom

czarboom

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:11:14 PM

Posted 26 February 2014 - 01:19 AM

you might have to do a few things.  First off release and renew your IPs

Do this by in a CMD prompt by:

ipconfig /release [enter]

ipconfig /renew [enter]

 

Then clean out your ARP cashe, do this one of two ways

in CMD prompt by: (also you can do one entry by using arp -a to see all entrys, and arp -d 192.xxx.xxx [enter]  (or whatever the listing is you want to delete)

 

Step 1 – Select the “Start” menu button and enter “command” in the search text field followed by pressing the “enter” key.

Step 2 – Input the following command at the MS DOS command prompt, “netsh interface ip delete arpcache” and press the “enter” key.

Step 3 – Wait for between 1 – 20 minutes for the ARP cache table to be deleted based on the version of OS installed on the computer. Windows Server 2003/2008 will normally take greater than 10 minutes to complete the task due to storing larger cache tables. Windows 2007 will normally complete the task in under 1-2 minutes.

 

If you get a error or it will not work do this:

 

Clear ARP Cache from Windows Control Panel

In the event you are not able to clear ARP cache from the DOS prompt or just are not comfortable conducting command line tasks, it is possible to clear ARP cache on the Windows OS from Windows Control Panel.

Step 1 – Select the “Start” menu button followed by choosing the “Control Panel” icon.

Step 2 – Depending on the version of Windows OS on the computer and the “view type” selected for Windows Control Panel, you may or may not need to choose the “Performance and Maintenance” menu option.
Step 3 – Choose the “Administrative Tools” menu option followed by the “Computer Management” menu choice.

Step 4 – Select the “Services and Applications” menu button located on the right-hand side of the screen.

Step 5 – Scroll down the menu options until you locate the “Routing and Remote Services” menu option.

Step 6 – Choose the “Routing and Remote Services” menu tab and a dialogue window will then open.

Step 7 – Select the drop-down menu and choose the “Disabled” option followed by clicking the “Ok” menu button to save the settings and clear the ARP cache.

Step 8 – Restart your computer and enabled the “Routing and Remote Services” menu option selected in step 7 to complete clearing the ARP cache.

 

After this, power cycle your dial up.  Meaning disconnect and unplug all items.  If your direct you will have to do a uninstall/ reset of your modem hardware.

There is a guide here from ehow.com on how to do that.

Just make sure if you needed any software/ hardware to get your connection working have it before you start.  Usually with dialup windows will auto see it and run with it, just know your connection info and anything else you might need to dial up.

 

For info on netstat look here.

Info on ARP look here.

 

good luck


CZARBOOM 
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?

#3 JohnnyJammer

JohnnyJammer

  • Members
  • 1,120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:02:14 PM

Posted 26 February 2014 - 11:23 PM

you might have to do a few things.  First off release and renew your IPs

Do this by in a CMD prompt by:

ipconfig /release [enter]

ipconfig /renew [enter]

 

Then clean out your ARP cashe, do this one of two ways

in CMD prompt by: (also you can do one entry by using arp -a to see all entrys, and arp -d 192.xxx.xxx [enter]  (or whatever the listing is you want to delete)

 

Step 1 – Select the “Start” menu button and enter “command” in the search text field followed by pressing the “enter” key.

Step 2 – Input the following command at the MS DOS command prompt, “netsh interface ip delete arpcache” and press the “enter” key.

Step 3 – Wait for between 1 – 20 minutes for the ARP cache table to be deleted based on the version of OS installed on the computer. Windows Server 2003/2008 will normally take greater than 10 minutes to complete the task due to storing larger cache tables. Windows 2007 will normally complete the task in under 1-2 minutes.

 

If you get a error or it will not work do this:

 

Clear ARP Cache from Windows Control Panel

In the event you are not able to clear ARP cache from the DOS prompt or just are not comfortable conducting command line tasks, it is possible to clear ARP cache on the Windows OS from Windows Control Panel.

Step 1 – Select the “Start” menu button followed by choosing the “Control Panel” icon.

Step 2 – Depending on the version of Windows OS on the computer and the “view type” selected for Windows Control Panel, you may or may not need to choose the “Performance and Maintenance” menu option.
Step 3 – Choose the “Administrative Tools” menu option followed by the “Computer Management” menu choice.

Step 4 – Select the “Services and Applications” menu button located on the right-hand side of the screen.

Step 5 – Scroll down the menu options until you locate the “Routing and Remote Services” menu option.

Step 6 – Choose the “Routing and Remote Services” menu tab and a dialogue window will then open.

Step 7 – Select the drop-down menu and choose the “Disabled” option followed by clicking the “Ok” menu button to save the settings and clear the ARP cache.

Step 8 – Restart your computer and enabled the “Routing and Remote Services” menu option selected in step 7 to complete clearing the ARP cache.

 

After this, power cycle your dial up.  Meaning disconnect and unplug all items.  If your direct you will have to do a uninstall/ reset of your modem hardware.

There is a guide here from ehow.com on how to do that.

Just make sure if you needed any software/ hardware to get your connection working have it before you start.  Usually with dialup windows will auto see it and run with it, just know your connection info and anything else you might need to dial up.

 

For info on netstat look here.

Info on ARP look here.

 

good luck

Wow thats a lot of typing mate, to make life easy simply run the command services.msc from Run or a dos prompt. Also note there is no “Routing and Remote Services” in Win7.

There is how ever "Routing and Remote Access". To start and stop run this command in one line (If its running at all)

sc stop "RemoteAccess" && sc start "RemoteAccess"

Anyway, the arp cache has nothign to do with a lingering connection state "TIME_WAIT" on which the OP is describing.

That would be DNS related (ipconfig /flushdns). Arp is purley for network awareness like STP is for a switch.

 

Forgot to add the netstat command (For paranoid people)

netstat -an | find /i "established" | sort

Edited by JohnnyJammer, 26 February 2014 - 11:24 PM.


#4 larryhyman

larryhyman

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 26 February 2014 - 11:41 PM

maybe you should contact tech support at grc.com, I have heard of this happening before and it was the grc site that went nuts

 

ps: try tcpview or curports to see netstat info in real time


Edited by larryhyman, 26 February 2014 - 11:42 PM.


#5 czarboom

czarboom

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:11:14 PM

Posted 01 March 2014 - 04:04 AM

LOL,

 

 

you might have to do a few things.  First off release and renew your IPs

Do this by in a CMD prompt by:

ipconfig /release [enter]

ipconfig /renew [enter]

 

Then clean out your ARP cashe, do this one of two ways

in CMD prompt by: (also you can do one entry by using arp -a to see all entrys, and arp -d 192.xxx.xxx [enter]  (or whatever the listing is you want to delete)

 

Step 1 – Select the “Start” menu button and enter “command” in the search text field followed by pressing the “enter” key.

Step 2 – Input the following command at the MS DOS command prompt, “netsh interface ip delete arpcache” and press the “enter” key.

Step 3 – Wait for between 1 – 20 minutes for the ARP cache table to be deleted based on the version of OS installed on the computer. Windows Server 2003/2008 will normally take greater than 10 minutes to complete the task due to storing larger cache tables. Windows 2007 will normally complete the task in under 1-2 minutes.

 

If you get a error or it will not work do this:

 

Clear ARP Cache from Windows Control Panel

In the event you are not able to clear ARP cache from the DOS prompt or just are not comfortable conducting command line tasks, it is possible to clear ARP cache on the Windows OS from Windows Control Panel.

Step 1 – Select the “Start” menu button followed by choosing the “Control Panel” icon.

Step 2 – Depending on the version of Windows OS on the computer and the “view type” selected for Windows Control Panel, you may or may not need to choose the “Performance and Maintenance” menu option.
Step 3 – Choose the “Administrative Tools” menu option followed by the “Computer Management” menu choice.

Step 4 – Select the “Services and Applications” menu button located on the right-hand side of the screen.

Step 5 – Scroll down the menu options until you locate the “Routing and Remote Services” menu option.

Step 6 – Choose the “Routing and Remote Services” menu tab and a dialogue window will then open.

Step 7 – Select the drop-down menu and choose the “Disabled” option followed by clicking the “Ok” menu button to save the settings and clear the ARP cache.

Step 8 – Restart your computer and enabled the “Routing and Remote Services” menu option selected in step 7 to complete clearing the ARP cache.

 

After this, power cycle your dial up.  Meaning disconnect and unplug all items.  If your direct you will have to do a uninstall/ reset of your modem hardware.

There is a guide here from ehow.com on how to do that.

Just make sure if you needed any software/ hardware to get your connection working have it before you start.  Usually with dialup windows will auto see it and run with it, just know your connection info and anything else you might need to dial up.

 

For info on netstat look here.

Info on ARP look here.

 

good luck

Wow thats a lot of typing mate, to make life easy simply run the command services.msc from Run or a dos prompt. Also note there is no “Routing and Remote Services” in Win7.

There is how ever "Routing and Remote Access". To start and stop run this command in one line (If its running at all)

sc stop "RemoteAccess" && sc start "RemoteAccess"

Anyway, the arp cache has nothign to do with a lingering connection state "TIME_WAIT" on which the OP is describing.

That would be DNS related (ipconfig /flushdns). Arp is purley for network awareness like STP is for a switch.

 

Forgot to add the netstat command (For paranoid people)

netstat -an | find /i "established" | sort

 LOL I did forget about that, been spending a lot of time running from PACS servers to Unix and back to shell windows.  So my brain is all dumb.  O well, that what I get for not sleeping.  But you are correct, I was using the XP crap and not 7 my bad.  Again, I almost said "hey DOS does not have NETCAT" unless you install it.  But I re read and you put NETSTAT,..... but thanks for the work up, now Im going to sleep its 03:00 in the USA


CZARBOOM 
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users