General discussion

Locked

Port 1036 to 63-216-25-133.sdsl.cais.net

By AnthonyMCSE ·
I've been trying to track down a stray connection on my Windows 98 workstation. When I run NETSTAT -n I get the following connection I can't figure out:

Active Connections

Proto Local Address Foreign Address State
TCP172.22.3.201:1036 63.216.25.133:80 CLOSE_WAIT

The 63.216.25.133 resolves to 63-216-25-133.sdsl.cais.net

My sense is that I have been hacked, how can I figure out if a program on my system is responsible?

I don't want to just install ZoneAlarm or somesuch, I would like to manually figure out what's up. I've run the latest Spybot 1.2 and it says I'm clean.

I figured a network sniffer could help, but have little experience in that area. Maybe some kind of Port Monitor? Again, little experience, if there are some easy & free tools out there, please let me know.

Can I get some suggestions on how to track this down?

Also, I tried NETSTAT -a and see some listening ports--is there a list somewhere showing "legit" listening ports?

Sigh, someday I'll be a network stud.

Thanks!

Anthony, MCSE
anthony@junctionsoftware.com

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to Security Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums