Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is There Any "sensitive" Info In A Netstat.txt Log?


  • Please log in to reply
3 replies to this topic

#1 bloomcounty

bloomcounty

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 19 April 2007 - 10:07 AM

Hi,

When I used to do this procedure on my old computer:

Step 1. - Reboot your PC. Do NOT establish a dial-up connection.

Click Start | Shut Down
Click Restart
Click OK

Step 2. - After you reboot your PC and before doing anything else, open a DOS window.

Click Start | Programs | MS-DOS Prompt

NOTE: If you don't have a shortcut to the MS-DOS Prompt, don't worry. You can

Click Start | Run
Type command
Click OK

Step 3. - Type "netstat -an >>c:\netstat.txt" (without the quotes)
Type netstat -an >>c:\netstat.txt
Press ENTER

Step 4. - Close the DOS window.

Type exit
Press ENTER

Step 5. - Open Explorer

Click Start | Programs | Windows Explorer

Step 6. - Change to the C drive and double click on the netstat.txt file. It should open with NOTEPAD.

Click (C:)
Double-click netstat.txt

Step 7.
Look under the "Local Address" column and examine the port numbers for any connection found to be in a "listening" state.


...it would come up with blank all across, which was good/normal. But now, with my new laptop, there are a bunch of things listed, and I'm concerned that I might have some kind of trojan on my computer (though I haven't shown any signs of such that I know of).

I don't know if I'm on a LAN or am using NetBIOS (I use dial-up, ZA Free and AVG Free) -- though I guess if you do use these, there could be certain listings that are normal. I wasn't before on my old computer, as far as I know (since my netstat.txt log would come up blank), but there are a bunch of entries now. (But maybe it's just a settings thing...?)

My first concern is that I want to know if the log that is generated includes any info you wouldn't want to either post or send someone for help over the internet (like the IP addresses and/or port numbers). Meaning, could someone do something with this info to try to get on your computer? (The first reason I ask is because I asked someone who had a legitimate website to help me with it -- they said to send them the log -- and I did, but then never heard back...)

Also, here's how my Network Connections show up:

<dial-up name> Dial-up Connected
Local Area Connection
LAN or High-Speed Internet
Disabled

Wireless Network Connection 2
LAN or High-Speed Internet
Not connected

1394 Connection
LAN or High-Speed Internet
Connected


Should that 1394 be connected if I'm not using High-Speed Internet? Should the Wireless one be Disabled instead of Not Connected as well?

Also, though I don't really know what these settings are for, I just went into the Local Area Connection, Wireless Network Connection 2, and 1394 Connection and went to Properties on each and the General tab and on each UNCHECKED Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks, since I just realized this is how my dial-up one is set.

Should I have had those UNCHECKED all along? Does/did having those checked leave me open to problems?

Thanks for the help! :thumbsup:

Edited by bloomcounty, 19 April 2007 - 10:10 AM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

BC AdBot (Login to Remove)

 


m

#2 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:16 PM

Posted 19 April 2007 - 12:55 PM

Hello,

I wouldn't worry about it, the log lists your IP address and what ports are open and what you are connected to. for example...

protocol UDP

Local address 123.123.123.123:53

foreign address 234.234.234.234:135

state ESTABLISHED

The protocol is UDP, which means essentially it is connected to the internet.

The local address is your IP address, it is essentially a phone number which people can use to find out where in the world you live. the : symbol tells the reader what port you are using to make the connection.

Foreign address is the site or server that you are connected to.

The state merely says what condition the connection is in.

At worst the reader of the log will only be able to find out the area you are and what ports you are using. The reader could use the information to attack your computer, but with an effective security set up you should be fine.

http://www.nirsoft.net/utils/cports.html this tool will display your connections in real time allowing you to see what application is connecting to the internet.

The 1394 connection is safe it is part of windows, http://support.microsoft.com/kb/307736 this article will tell you more about it.

Hope this helps

Edited by nigglesnush85, 19 April 2007 - 12:56 PM.

Regards,

Alan.

#3 twardnw

twardnw

  • Members
  • 259 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portland, OR
  • Local time:11:16 AM

Posted 19 April 2007 - 09:31 PM

Just in case you are wondering what '1394' is, IEEE1394 is the standard that defines what is commonly referred to as 'firewire'.

#4 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 20 April 2007 - 09:33 AM

Just in case you are wondering what '1394' is, IEEE1394 is the standard that defines what is commonly referred to as 'firewire'.


But if I'm not using a firewire presently, why do I want to keep this "Connected"? (I tried to read that link to the MS article about it, but it was like reading an alien language! :thumbsup: )

Thanks for the posts nigglesnush85 and twardnw!
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users