Highest Voted 'netstat' Questions - IT Security Stack Exchange

23

votes

5 answers

Find IM user location via netstat?

I got sent an article today (http://hakerin.com/facebook-user-location-finder-noobs/). With the click-bait title "Facebook User location Finder" Of course I clicked it. Going through the "article" there is not a lot of details given. And I thought…

asked Oct 19 '17 at 12:37

LoJoe

355
1
2
6

5

votes

1 answer

I ran netstat and one thing that came up was MSN bingbot, does that mean my computer is being used as part of a Microsoft botnet?

I ran netstat on my computer, and one thing that came up was msnbot-65-52-108-216. I did some research and what came up was that it's from an IP originating in Redmond, Washington and that it's likely Microsoft Bing bot or something like that. Does…

botnet microsoft bot netstat

asked Oct 23 '16 at 16:47

Mr. Chameleon

333
1
7

4

votes

2 answers

Shouldn't netstat show connections from many different IP addresses during a DDoS, unlike this example?

I just read this article from loggly (https://www.loggly.com/blog/how-to-detect-and-analyze-ddos-attacks-using-log-analysis/), and it got me wondering. The author states that under a DDoS attack, netstat output on attacked server would show…

ddos netstat

asked Mar 14 '18 at 13:37

cryptow

151
5

3

votes

2 answers

odd ip address connected to my box

Today i went to the library. I was looking at my netstat -an output and i saw this. tcp 0 0 127.0.0.1:6379 127.0.0.1:46376 ESTABLISHED tcp 0 0 127.0.0.1:46376 127.0.0.1:6379 ESTABLISHED tcp …

linux ubuntu netstat

asked Mar 23 '18 at 16:52

Dan

131
4

2

votes

2 answers

UDP sockets open on all ports

I'm on osx. netstat -an -f inet gives me a bunch (around 10) of entries like these: ... udp4 0 0 *.* *.* udp46 0 0 *.* *.* ... In my understanding, this means there are applications…

udp netstat

asked Aug 23 '15 at 19:31

madmax1

123
5

2

votes

1 answer

SYN Flood from fixed spoof IP but receive only one packet

I'm generating a network flood with a lot of packets coming from one fixed IP+port pair (in this example, 1.2.3.4:2003). Why do I only see one SYN_RECV'd packet in netstat on the victim machine?

ddos synchronization netstat

asked Mar 27 '16 at 04:37

xfr1end

21
1

1

vote

1 answer

Suspicious SSH connection

this is the situation: vps with debian 8x32 virgin (new template of the provider's repository); exotic "user" and strong "password" ; 30 seconds later: command (apt-get update); 30 seconds later: command (netstat); netstat show : 1 x tcp…

ssh debian netstat

asked Nov 19 '17 at 11:20

vancloud

13
5

1

vote

1 answer

Is it suspicious that netstat shows many established connections related with 5KPlayer?

I am working on an ASP.NET application and, as usually, tried to deploy it on IIS Express from Visual Studio. This time, IIS error occured. The error was caused by the application port being occupied by another application (which was pretty…

windows netstat

asked Aug 20 '17 at 17:54

PJDev

165
5

1

vote

1 answer

Weird Procceses

Can someone tell me if netstat -a -n -o is throwing something out of normal? I Have nothing running except for the Windows Explorer in 4584 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 988 TCP 0.0.0.0:445 …

netstat

asked Mar 11 '17 at 02:40

91ni

11
2

1

vote

1 answer

Why is my Windows 10 machine listening for 127.127.127.127:3939?

I was hoping someone out there could answer why my Windows 10 Machine would be listening on port 3939 using 127.127.127.127 over TCP? I get the below with netstat -nat: TCP 127.127.127.127:3939 0.0.0.0:0 LISTENING …

network ports tcp netstat

asked Sep 07 '16 at 04:32

hooftly

13
1
4

0

votes

1 answer

Organizing results from netstat using find on Windows

I am trying to figure out a way to natively do this within Windows without having to load any 3rd party applications. When I run: netstat -ba I want to find established connections without losing the executable name that is attached to that…

windows denial-of-service netstat

asked Apr 07 '15 at 15:19

Brad

849
4
7

0

votes

1 answer

How to locate a malicious script in the Linux system

I would like to ask for some directions to trace back to the original (malicious) script on my system (Ubuntu Server). I would try to be more specific if needed. If the question does not fit this stackexchange, then I will modify it. In netstat's…

malware ubuntu netstat

asked Jan 28 '22 at 08:58

Long

111
3

0

votes

1 answer

Why http microsoft connection in netstat check?

I checked established connections with "netstat" command in command prompt, and I found that there are some connections with ip's of microsoft (I checked ip online) that have http (and not https) connection established, they bring to some…

http ip microsoft netstat

asked Aug 09 '20 at 02:45

john

3
1

0

votes

1 answer

Connection changes after waking from sleep

On Debian, Linux, I am using netstat to monitor connections. After waking my system from sleep, I noticed a change in one of the connections, using port 6667 for irssi (identified by PID). I like to suspend my computer and wake from sleep, with my…

linux tcp netstat

asked Jun 20 '19 at 12:28

p0licat

3
2

0

votes

1 answer

Understanding, Interpreting and Taking Action on Established Connections

Background: I have what I believe is a serious malware problem but virtually all scanning tools won't detect anything or if they do rarely do so consistently. I believe the malware (in some way/shape/form) sets up a VM on my computer and links to…

netstat

asked Mar 12 '19 at 23:51

blackpine

19
2

Questions tagged [netstat]