In diagnosing an XP workgroup problem, I learned about 'net view' which can be issued at the command line to show the computers in the workgroup. In addition, typing 'net view \\computername' will show the shared resources available on a machine in the workgroup. This was faster than reloading the gui view of network neighborhood as I tweaked settings to resolve the problem.
For TCP/IP networking commands: take a look at http://commandwindows.com/tcpiputil.htm.
Here I especially like 'netstat -a' to show all activity on the machine's ports. The command 'netstat -?' shows all netstat options. I used 'netstat -o' to determine process ids of odd looking connections. Then I looked at task manager and changed the view to show the pid. ( Though I could have typed tasklist at the command prompt.) So those strange looking connections?: one was from foldershare and another mcafee. If you suspect a trojan horse has taken over your machine, take a look at http://forums.techarena.in/showthread.php?t=443453
for help with the detective work including a list of known malware and the ports used.
Ports from 0 to 1023 are commonly used for services like mail, etc – generally not used for Trojans
Ports from 1024 to 49151 are registered for particular services for example – mysql uses port 3306 and oracle typically uses 1521
Ports above 49151 are rarely used except so suspect a Trojan or other malicious software
During this investigation , I noticed many attempts to enter the machine via UDP on port 1026. Apparently, this is incoming messenger spam. http://www.linklogger.com/UDP1026.htm
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment