If a search using the source port doesn't turn up anything conclusive, try the destination port (or both). If I didn't know what aim.exe was, I would Google that name along with the either the source or destination port and protocol (e.g., "aim.exe tcp 5190"). From the popup menu, choose the Task Manager.įrom the Task Manager window above, I find that the application's name is aim.exe, which is the name of AOL Instant Messenger application. To bring up the Task Manager, you can either hit Ctrl-Alt-Del (Windows XP only) or right-click (not left-click) on an empty spot in the toolbar at the bottom of the screen as shown here.
For that, we can use the windows Task Manager. Now, we need to find out what process matches this process ID. The process ID associated with that port 2864. Let's assume we decide that having two connections to Internet servers at (the remote) destination port 5190 somewhat suspicious. Generally, it is the remote (foreign) connection information that we want to inspect. (The "-n" option instructs netstat to use raw IP addresses in its results rather than attempting to resolve the IP addresses to their respective domain and host names.) Since I am using the Windows XP operating system in this example, I can add "-o" option to display the process ID number or "PID" of the program using that port.
It lists the protocol (either TCP or UDP), Local (IP) Address, Foreign (remote IP) Address, and the connection's state (for TCP connections). The "-a" option instructs netstat to display the active network connections.
0 kommentar(er)
