Let us see an example to understand better:
C:\>netstat -n
Active Connections
Proto Local Address Foreign Address State
TCP 203.xx.251.161:1031 194.1.129.227:21 ESTABLISHED
TCP 203.xx.251.161:1043 207.138.41.181:80 FIN_WAIT_2
TCP 203.xx.251.161:1053 203.94.243.71:110 TIME_WAIT
TCP 203.xx.251.161:1058 194.1.129.227:20 TIME_WAIT
TCP 203.xx.251.161:1069 203.94.243.71:110 TIME_WAIT
TCP 203.xx.251.161:1071 194.98.93.244:80 ESTABLISHED
TCP 203.xx.251.161:1078 203.94.243.71:110 TIME_WAIT
Although this too gives us similar results, but there are some differences, mainly-:
- Instead of the name of the local machine, the actual IP address of the local machine is shown.
- I am not sure, about this, but after testing repeatedly, Netstat –n seems to not return information on non-TCP connections. So, it does not seem to consider UDP.
If you read the alt.2600 newsgroup regularly or any other newsgroup for that, they you would probably have seems atleast 2-3 daily posting whose body read: How do I find out my own IP?
Well, this option of Netstat is most commonly used to do just that, find out your own IP. Also, some people somehow seem to feel more comfortable with numbers, than with understandable hostnames.
This form of Netstat does make life easier for us, as the port numbers are displayed, which makes relating to everything easier.
Getting the IP of a person is all, that one needs to be able to damage his system. So, basically Hiding your IP from hackers and getting the IP of the victim is some of the most important things that people are concerned with. Using IP Hiding facilities has become increasingly popular. However, are these so called IP Hiding totally anonymous services or software truly and perfectly Anonymous? There is only one answer: they are nowhere near totally anonymous. Consider the following example, to understand how lame some of such utilities are.
I Seek You or ICQ is one of the most popular chatting software around. With it not only comes easy pastime, but also security concerns. ICQ has an inbuilt IP Address Hider, which when enabled is supposedly able to hide your IP from the users you are chatting with. However, like most IP Hiding software, this too is nowhere near good. You can find out the IP Address of any ICQ user, even if IP Hiding has been enabled, by following the below process.
1.) Launch MSDOS and type Netstat –n to get a list of already open ports and the IP’s of the machines with which a connection has been established. Note down this list somewhere.
2.) Now, launch ICQ and send a message to the victim.
3.) While you are still chatting, go back to DOS and again give the Netstat –n command. You will find that a new IP signifying a new connection. This would be the IP Address of the victim. Get it?
Till now, both with the ‘-a’ and ‘-n’ argument, we saw that the connections returned or displayed on the screen, were not of a particular protocol. This means that connections of TCP, UDP or even IP were shown. However, say you want to see only those connections which belong to UDP, then you make use of the ‘-p’ argument.
The general format of the Netstat command with the ‘-p’ argument is as followed:
Netstat –p xxx
Where xxx can be either UDP or TCP. The usage of this argument will become clearer with the following example, which demonstrates how to view only TCP connections.
C:\>netstat -p tcp
Active Connections
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
TCP ankit:1043 banners.egroups.com:80 FIN_WAIT_2
TCP ankit:1069 mail2.mtnl.net.in:pop3 TIME_WAIT
TCP ankit:1078 mail2.mtnl.net.in:pop3 TIME_WAIT
TCP ankit:1080 mail2.mtnl.net.in:pop3 TIME_WAIT
TCP ankit:1081 www.burstnet.com:80 FIN_WAIT_2
TCP ankit:1083 zztop.boxnetwork.net:80 TIME_WAIT
This is basically nothing but a variation of the ‘-a’ and ‘-n’ commands.
Anyway, so let us move on to the arguments associated with ‘netstat’.
Now, we come to the ‘-e’ option of ‘netstat’. Let us set what DOS returns, when this command is given:
C:\>netstat -e
Interface Statistics
Received Sent
Bytes 135121 123418
Unicast packets 419 476
Non-unicast packets 40 40
Discards 0 0
Errors 0 0
Unknown protocols 0
Well, sometimes the number of data packets sent and received is not shown properly by some faulty or un-compatible modems. During, such cases, this command comes handy. The output returned by it, is quite obvious. Also, it can be used to check for faulty downloads, or errors, which might have occurred during the TCP/IP, transfer process.
With this we come to the last argument associated with Netstat, the ‘-r’ argument. This is not commonly used, and is a bit difficult to understand. I will simply give you an example of it in this manual. A proper and detailed description would be provided in another manual. Hacking using Routing Tables is considered to be very elite and not many people are comfortable using it. However, like all things associated with computers, it is not as difficult as it is projected to be.
C:\windows>netstat -r
Route Table
Active Routes:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 203.94.251.161 203.94.251.161 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
203.94.251.0 255.255.255.0 203.94.251.161 203.94.251.161 1
203.94.251.161 255.255.255.255 127.0.0.1 127.0.0.1 1
203.94.251.255 255.255.255.255 203.94.251.161 203.94.251.161 1
224.0.0.0 224.0.0.0 203.94.251.161 203.94.251.161 1
255.255.255.255 255.255.255.255 203.94.251.161 203.94.251.161 1
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 203.94.251.161 203.94.251.161 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
203.94.251.0 255.255.255.0 203.94.251.161 203.94.251.161 1
203.94.251.161 255.255.255.255 127.0.0.1 127.0.0.1 1
203.94.251.255 255.255.255.255 203.94.251.161 203.94.251.161 1
224.0.0.0 224.0.0.0 203.94.251.161 203.94.251.161 1
255.255.255.255 255.255.255.255 203.94.251.161 203.94.251.161 1
Active Connections
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
TCP ankit:1043 banners.egroups.com:80 FIN_WAIT_2
TCP ankit:1081 www.burstnet.com:80 FIN_WAIT_2
TCP ankit:1093 zztop.boxnetwork.net:80 TIME_WAIT
TCP ankit:1094 zztop.boxnetwork.net:80 TIME_WAIT
TCP ankit:1095 mail2.mtnl.net.in:pop3 TIME_WAIT
TCP ankit:1096 zztop.boxnetwork.net:80 TIME_WAIT
TCP ankit:1097 zztop.boxnetwork.net:80 TIME_WAIT
TCP ankit:1098 colo88.acedsl.com:80 ESTABLISHED
TCP ankit:1099 mail2.mtnl.net.in:pop3 TIME_WAIT
0 comments
Post a Comment