RE: What does this mean?

[Adnan Ali <call_ret () yahoo com>]

Alright, thanks for correction. 
Yes Vision is a pretty good tool with a lot of
features. tcpview as against this provides only
the information about ports that I required.

Thanks and best regards,

--- Chris Gordon <chris.gordon () gettyimages com> wrote:
> nope actually it's any source address going to the
> source port of 135. the 0.0.0.0:0 next to it is just
> saying hey I'm open. So pretty much ignore (unless
> Vision says an application to it) the port 0
> entries, it's just the ones with ports that are
> open.
> I hope you liked using Vision, it's a pretty cool
> tool, IMHO.
>
> peace
> C Gordon
>
> -----Original Message-----
> From: Adnan Ali [mailto:call_ret () yahoo com]
> Sent: Wednesday, April 28, 2004 6:42 AM
> To: Chris Gordon; security-basics () securityfocus com
> Subject: RE: What does this mean?
>
>
>
> --- Chris Gordon <chris.gordon () gettyimages com>
> wrote:
> > Adnan,
> > This is actually a pretty typically output for a
> > Win2k system. 
> > You can find out which applications are listening
> on
> > each port by
> > running Vision v1.0 from foundstone.
> > Resources -> Free Tools -> Forensic Tools ->
> Vision
> > v1.0
http://www.foundstone.com/resources/proddesc/vision.htm
> > When you see the 0.0.0.0:port# that port is opened
> > up locally on the system
> > whereas the 172.20.4.76:500 means that that port
> is
> > listening for remote connections.
>
> What do you mean? I think when I see
>
>
> TCP    0.0.0.0:135   0.0.0.0:0        LISTENING
>
> it means all local IPs at port 135 are listening for
> incoming connection requests from all remote IPs
> using
> any port as source port. Please correct me if this
> is
> not so.
>
> > I hope this helps
> > peace
> > C Gordon
>
>
> Thanks for your help.
>
>
> > -----Original Message-----
> > From: Adnan Ali [mailto:call_ret () yahoo com]
> > Sent: Monday, April 26, 2004 5:59 AM
> > To: security-basics () securityfocus com
> > Subject: What does this mean?
> >
> >
> > Hello all,
> >
> > I have a simple question and I hope to get an
> answer
> > from the experts on this list.
> >
> > I have a PC running Windows 2000 Prof, and when I
> do
> > a netstat -an, I get the following:
> >
> > Active Connections:
> > Proto  Local Addr    Foreign Addr     State 
> > ============================================
> >
> > TCP    0.0.0.0:135   0.0.0.0:0        LISTENING
> >
> > TCP    0.0.0.0:445   0.0.0.0:0        LISTENING
> >
> > TCP    0.0.0.0:1026  0.0.0.0:0        LISTENING
> >
> > TCP    0.0.0.0:1027  0.0.0.0:0        LISTENING
> >
> > UDP    0.0.0.0:135            *:*                 
>  
> > UDP    0.0.0.0:445            *:*                 
>  
> > UDP    0.0.0.0:1025           *:*                 
>  
> > UDP    0.0.0.0:38037          *:*                 
>  
> > UDP    172.20.4.76:500        *:*                 
>  
> > I get this output even when I am running no
> network 
> > application on the machine.
> >
> > Of course, this all seems quite suspicious. 
> >
> > Can somebody please help me figure out what is
> going
> > on? At least find the respective applications
> > listening
> > on various ports.??
> >
> > Thanks and best regards,
> >
> >
> >     
> >             
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Photos: High-quality 4x6 digital prints for
> > 25�
> > http://photos.yahoo.com/ph/print_splash
---------------------------------------------------------------------------
> > Ethical Hacking at the InfoSec Institute. Mention
> > this ad and get $545 off 
> > any course! All of our class sizes are guaranteed
> to
> > be 10 students or less 
> > to facilitate one-on-one interaction with one of
> our
> > expert instructors. 
> > Attend a course taught by an expert instructor
> with
> > years of in-the-field 
> > pen testing experience in our state of the art
> > hacking lab. Master the skills 
> > of an Ethical Hacker to better assess the security
> > of your organization. 
> > Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> >
----------------------------------------------------------------------------
> >
=======================================================
> > This email and its contents are confidential. If
> you
> > are not the intended recipient, please do not
> > disclose
> > or use the information within this email or its
> > attachments. If you have received this email in
> > error,
> > please delete it immediately. Thank you.
=======================================================
>       
>               
> __________________________________
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs  
> http://hotjobs.sweepstakes.yahoo.com/careermakeover 
=======================================================
> This email and its contents are confidential. If you
> are not the intended recipient, please do not
> disclose
> or use the information within this email or its
> attachments. If you have received this email in
> error,
> please delete it immediately. Thank you.
=======================================================



        
                
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------