if you don't know what netstat does then just run this, and study the output
netstat -anonetstat /? will tell you more if you are still guessing.
if you want to know what on your PC is taking with what, then the below command is perfect:
netstat - ano | find /i "est"
if you want to know what 'servers' are running on your PC, or what is open and waiting for someone to connect in to, this below is your man:
netstat - ano | find /i "listening"
if the source is 0.0.0.0 then it means is listening all ALL ip address (on all NIC's), else it will just like the IP address separately.
This will also list the PID, you can use use tasklist /fi "pid eq 1234" to look this up or use taskmanager with PID showing. There are programs that tie this bits of info together, but who needs em.
This is useful for when some goose has changed the default RDP port from 3389 to 3388 and not told anyone, windows says RDP is turned on, but you cannot connect to it. after fiddling the firewall and anything else you can think of you check the registry and see its on a different port. its dead simple to check the active listening ports.
If you want more details then this, like how much bandwidth each port is using, then you need to use a program like netlimiter its not free, and it needs a reboot, but it tells you want program and what port and what session is using up all your bandwidth, and gives you that info over time also.
Process Explorer will also tell you what active sessions a process has open but will only show you once you know the process.
Or you can use a packetsniffer, ive got a hole nother entry about that.
Posts
No comments:
Post a Comment