Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netstat results in windows xp


  • Please log in to reply
5 replies to this topic

#1 pimpo

pimpo

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 28 September 2014 - 02:24 PM

When I type netstat -anbo I get

 

 

PC1

Active connections

  Proto  local address         remote address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1356
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\system32\RPCRT4.dll
  c:\windows\system32\rpcss.dll
  C:\WINDOWS\system32\svchost.exe
  -- unknown components--
  [svchost.exe]

 

PC2

 

UDP    127.0.0.1:123          *:*                                    1404
  c:\windows\system32\WS2_32.dll
  c:\windows\system32\w32time.dll
  ntdll.dll
  -- unknown components --
  [svchost.exe]

 

 

Why unknown components, is this a problema of -b option in the result of netstat  or is there anything strange in these processes?


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,873 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:00 PM

Posted 28 September 2014 - 04:17 PM

Looks similar to my results, using that command.  I see nothing strange.

 

Louis



#3 pimpo

pimpo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 28 September 2014 - 05:00 PM

The question is why netstat -anbo doesn´t identify all the dlls and it shows unknown components, it means an error of the command or some type of malware in this process?



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,873 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:00 PM

Posted 28 September 2014 - 06:27 PM

I can't answer your question as you phrased it...I only know that this system, which is not infected or otherwise screwed up...reflects unknown components.  Not sure where you got the idea that the system must be infected...but I can move your topic to a malware forum for a check, if you like.

 

Louis



#5 pimpo

pimpo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 06 October 2014 - 12:42 PM

Thanks Louis,

 

The idea is why netstat -anbo doesn´t identify dlls that are loaded by the proccess, for example the proccess with id 1356 doesn´t identify certain dlls...could it be a rootkit?



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,873 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:00 PM

Posted 07 October 2014 - 01:15 PM

I'm not a malware-versed person and this isn't a malware forum.

 

If you suspect a rootkit or any other form of malware, this topic really should be moved to the Am I Infected forum, where folks can honestly answer such questions based on an examination of your system.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users