I’ve been trying to track down a stray connection on my Windows 98 workstation. When I run NETSTAT -n I get the following connection I can’t figure out:
Active Connections
Proto Local Address Foreign Address State
TCP172.22.3.201:1036 63.216.25.133:80 CLOSE_WAIT
The 63.216.25.133 resolves to 63-216-25-133.sdsl.cais.net
My sense is that I have been hacked, how can I figure out if a program on my system is responsible?
I don’t want to just install ZoneAlarm or somesuch, I would like to manually figure out what’s up. I’ve run the latest Spybot 1.2 and it says I’m clean.
I figured a network sniffer could help, but have little experience in that area. Maybe some kind of Port Monitor? Again, little experience, if there are some easy & free tools out there, please let me know.
Can I get some suggestions on how to track this down?
Also, I tried NETSTAT -a and see some listening ports–is there a list somewhere showing “legit” listening ports?
Sigh, someday I’ll be a network stud.
Thanks!
Anthony, MCSE
anthony@junctionsoftware.com
