It's a really helpful tool that help us to find out if there is an app or unallowed process trying to establish a connection without our authorization. For instance, is the correct way to figure out if you have a trojan/malware sending private data to internet.
All its parameters you can find just typing into a shell:
- netstat /? --> Windows
http://technet.microsoft.com/en-us/library/bb490947.aspx
- man netstat --> Linux
http://userpages.umbc.edu/~jack/ifsm498d/netstat.html
As you can see on linux, there are more parameters so it's still more powerful... but don't give up, I'll share some options that you can use into your Windows system:
Netstat by itself only can show us the information ones, so typing:
netstat -o number (number of seconds that you want to refresh the information) we get the current information each number of seconds.
As you already know, on Windows, grep tool doesn't exist, however to filter the great amount of data that some commands offer us you can use the find command:
netstat -ano | find /i "ESTABLISHED" showing only the established connections (for example)
Furthermore, if you don't feel confortable using the command line or you need even more information, you can use TCPView instead. TCPView is a free tool from Windows Sysinternals Suite (quite good tools for windows sysadmins), that show us useful information about which process is transmitting data, wich local port, whois information and so on. Also allow us to finish every process from its own interface and show you current connections (inbound/outbound) using different colors...
I hope that information might be useful.
Regards.
No hay comentarios:
Publicar un comentario en la entrada