Quote:
Originally Posted by Jonathan90
|
Thanks so much Johnathan, the results are:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP lappy007:epmap lappy007:0 LISTENING
TCP lappy007:microsoft-ds lappy007:0 LISTENING
TCP lappy007:3389 lappy007:0 LISTENING
TCP lappy007:1025 lappy007:0 LISTENING
TCP lappy007:1025 localhost:1032 TIME_WAIT
TCP lappy007:1025 localhost:1034 TIME_WAIT
TCP lappy007:1025 localhost:1037 ESTABLISHED
TCP lappy007:1025 localhost:1039 FIN_WAIT_2
TCP lappy007:1025 localhost:1051 TIME_WAIT
TCP lappy007:1025 localhost:1055 TIME_WAIT
TCP lappy007:1025 localhost:1060 TIME_WAIT
TCP lappy007:1025 localhost:1069 TIME_WAIT
TCP lappy007:1025 localhost:1071 TIME_WAIT
TCP lappy007:1025 localhost:1073 TIME_WAIT
TCP lappy007:1025 localhost:1074 TIME_WAIT
TCP lappy007:1025 localhost:1077 TIME_WAIT
TCP lappy007:1025 localhost:1078 TIME_WAIT
TCP lappy007:1025 localhost:1079 TIME_WAIT
TCP lappy007:1025 localhost:1080 TIME_WAIT
TCP lappy007:1025 localhost:1081 TIME_WAIT
TCP lappy007:1025 localhost:1082 TIME_WAIT
TCP lappy007:1025 localhost:1083 TIME_WAIT
TCP lappy007:1025 localhost:1084 TIME_WAIT
TCP lappy007:1025 localhost:1087 TIME_WAIT
TCP lappy007:1025 localhost:1093 TIME_WAIT
TCP lappy007:1025 localhost:1094 TIME_WAIT
TCP lappy007:1025 localhost:1095 TIME_WAIT
TCP lappy007:1025 localhost:1096 TIME_WAIT
TCP lappy007:1025 localhost:1097 TIME_WAIT
TCP lappy007:1025 localhost:1098 TIME_WAIT
TCP lappy007:1027 lappy007:0 LISTENING
TCP lappy007:1028 lappy007:0 LISTENING
TCP lappy007:1037 localhost:1025 ESTABLISHED
TCP lappy007:1039 localhost:1025 CLOSE_WAIT
TCP lappy007:1049 localhost:1050 ESTABLISHED
TCP lappy007:1050 localhost:1049 ESTABLISHED
TCP lappy007:1053 localhost:1054 ESTABLISHED
TCP lappy007:1054 localhost:1053 ESTABLISHED
TCP lappy007:1057 localhost:1025 TIME_WAIT
TCP lappy007:1059 localhost:1025 TIME_WAIT
TCP lappy007:1061 localhost:1025 TIME_WAIT
TCP lappy007:1065 localhost:1025 TIME_WAIT
TCP lappy007:1066 localhost:1025 TIME_WAIT
TCP lappy007:netbios-ssn lappy007:0 LISTENING
TCP lappy007:1038 by2msg2043119.phx.gbl:1863 ESTABLISHED
TCP lappy007:1048 207.46.26.253:7001 TIME_WAIT
TCP lappy007:1048 207.46.26.254:7001 TIME_WAIT
TCP lappy007:1058 server3.cableforum.co.uk:http TIME_WAIT
TCP lappy007:1063 server3.cableforum.co.uk:http TIME_WAIT
TCP lappy007:1064 server3.cableforum.co.uk:http TIME_WAIT
TCP lappy007:1067 server3.cableforum.co.uk:http TIME_WAIT
TCP lappy007:1068 server3.cableforum.co.uk:http TIME_WAIT
UDP lappy007:microsoft-ds *:*
UDP lappy007:isakmp *:*
UDP lappy007:1030 *:*
UDP lappy007:1031 *:*
UDP lappy007:4500 *:*
UDP lappy007:ntp *:*
UDP lappy007:1029 *:*
UDP lappy007:discard *:*
UDP lappy007:ntp *:*
UDP lappy007:netbios-ns *:*
UDP lappy007:netbios-dgm *:*
>netstat -o -a
Active Connections
Proto Local Address Foreign Address State PID
TCP lappy007:epmap lappy007:0 LISTENING 1156
TCP lappy007:microsoft-ds lappy007:0 LISTENING 4
TCP lappy007:3389 lappy007:0 LISTENING 1092
TCP lappy007:1025 lappy007:0 LISTENING 1444
TCP lappy007:1027 lappy007:0 LISTENING 2264
TCP lappy007:1028 lappy007:0 LISTENING 2468
TCP lappy007:netbios-ssn lappy007:0 LISTENING 4
UDP lappy007:microsoft-ds *:* 4
UDP lappy007:isakmp *:* 912
UDP lappy007:1030 *:* 1252
UDP lappy007:1031 *:* 1252
UDP lappy007:4500 *:* 912
UDP lappy007:ntp *:* 1196
UDP lappy007:ntp *:* 1196
UDP lappy007:netbios-ns *:* 4
UDP lappy007:netbios-dgm *:* 4
Now the first 1 gave me some concern, but most of the first lot were PID 0 (system idle process) and I waited a few mins, then did another, which is a bit better!
The PID codes are:
0 - System Idle process
4 - System
912 - lsass.exe
1092 - svchost.exe (There are 6 of these, 3 as SYSTEM, 2 in NETWORK SERVICE, 1 as LOCAL SERVICE)
1444 - CCPROXY.EXE (internet security - norton)
2464 - ALG.EXE (Local Service)
So I cant see anything out of the ordinary so far, but will definately check them links out!
Thanks again!
