Can someone please explain why when i do a netstat -a sometimes i get some hosts as ESTABLISHED on ports of which I have no idea what they are. Example: one was port 1866 using swrmi protocol.
I read on the net that if there's anything showing up as established other that the programs that i have open on my machine, that I've been hacked.
Please help. Thanks in advance.
If your worried about unknown connections you can do the following to see what process is using that port.
Go to command prompt
Enter netstat -ano
You will get a report of Active Connections
Report includes: Protocol, Local Address, Foreign Address, State, PID
Write down the PID (process identifier) associated with port 1866/tcp (Also note Local Address, Foreign Address, Protocol and State.)
Start the Windows Task Manager
Select the Processes tab
Search for the PID you wrote down previously, that is the process that is using port 1866.
Clinkz,
I tried all of that initially. The issue is that when i do the netstat -ano also, some processes show up that i cannot find a clear explaintion for.
Another example is that when doing another netstat i found port 3334 ESTABLISHED which is used for Direct TV webcasting. I use a Verizon mobile hotspot. Could it be that someone else is also using ports through my hotspot?
A question you have to ask yourself is, how good is the security of your network? if you have a firewall in place like Comodo or ZoneAlarm Then in most cases you should be safe on your local computer.
Though i understand your intrigue about what outbound connection are active in you network, i too did something similar a while ago. I first increased the security of my network as a whole, then the hosts connecting to that network.
You could always have a look at a program like CurrPorts, it is used to monitor outbound connections.
O.K., thanks a lot i'll look into it.
Quote