Netstat Command Log Help!

Status
Not open for further replies.

gramesh

Journeyman
Hi
can anyone please help me my b/band connection is very slow when I asked my ISP he says your system is infected with virus get it removed then only speed will improve and no further we can help.


I see a lot of tcp connections by leaseweb.com what is this.


I used the netstat and netstat -n at various stages and following is the log.




Just after connecting and no Browser or any other download manager.


1)C:\Documents and Settings\G RAMESH>netstat

Active Connections

Proto Local Address Foreign Address State
TCP ramesh-76d7e098:1027 localhost:18350 ESTABLISHED
TCP ramesh-76d7e098:1051 localhost:1052 ESTABLISHED
TCP ramesh-76d7e098:1052 localhost:1051 ESTABLISHED
TCP ramesh-76d7e098:1053 localhost:1054 ESTABLISHED
TCP ramesh-76d7e098:1054 localhost:1053 ESTABLISHED
TCP ramesh-76d7e098:18350 localhost:1027 ESTABLISHED
TCP ramesh-76d7e098:1055 l2.login.vip.scd.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1057 static-fxfeeds.nslb.sj.mozilla.com:http ESTABLI
SHED
TCP ramesh-76d7e098:1058 po-in-f136.google.com:https CLOSE_WAIT
TCP ramesh-76d7e098:1060 61.246.253.19:https ESTABLISHED
TCP ramesh-76d7e098:1061 nolmedia01.thdo.bbc.co.uk:http CLOSE_WAIT
TCP ramesh-76d7e098:1062 61.246.253.19:https ESTABLISHED

C:\Documents and Settings\G RAMESH>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1027 127.0.0.1:18350 ESTABLISHED
TCP 127.0.0.1:1051 127.0.0.1:1052 ESTABLISHED
TCP 127.0.0.1:1052 127.0.0.1:1051 ESTABLISHED
TCP 127.0.0.1:1053 127.0.0.1:1054 ESTABLISHED
TCP 127.0.0.1:1054 127.0.0.1:1053 ESTABLISHED
TCP 127.0.0.1:18350 127.0.0.1:1027 ESTABLISHED
TCP 192.168.1.3:1055 209.73.168.74:80 TIME_WAIT
TCP 192.168.1.3:1057 63.245.209.21:80 ESTABLISHED
TCP 192.168.1.3:1060 61.246.253.19:443 ESTABLISHED
TCP 192.168.1.3:1062 61.246.253.19:443 ESTABLISHED



2)After Mozilla Firefox was run with mail.yahoo.com as home page.



C:\Documents and Settings\G RAMESH>netstat

Active Connections

Proto Local Address Foreign Address State
TCP ramesh-76d7e098:1027 localhost:18350 ESTABLISHED
TCP ramesh-76d7e098:1051 localhost:1052 ESTABLISHED
TCP ramesh-76d7e098:1052 localhost:1051 ESTABLISHED
TCP ramesh-76d7e098:1053 localhost:1054 ESTABLISHED
TCP ramesh-76d7e098:1054 localhost:1053 ESTABLISHED
TCP ramesh-76d7e098:18350 localhost:1027 ESTABLISHED
TCP ramesh-76d7e098:1055 l2.login.vip.scd.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1057 static-fxfeeds.nslb.sj.mozilla.com:http ESTABLI
SHED
TCP ramesh-76d7e098:1058 po-in-f136.google.com:https CLOSE_WAIT
TCP ramesh-76d7e098:1060 61.246.253.19:https ESTABLISHED
TCP ramesh-76d7e098:1061 nolmedia01.thdo.bbc.co.uk:http CLOSE_WAIT
TCP ramesh-76d7e098:1062 61.246.253.19:https ESTABLISHED

C:\Documents and Settings\G RAMESH>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1027 127.0.0.1:18350 ESTABLISHED
TCP 127.0.0.1:1051 127.0.0.1:1052 ESTABLISHED
TCP 127.0.0.1:1052 127.0.0.1:1051 ESTABLISHED
TCP 127.0.0.1:1053 127.0.0.1:1054 ESTABLISHED
TCP 127.0.0.1:1054 127.0.0.1:1053 ESTABLISHED
TCP 127.0.0.1:18350 127.0.0.1:1027 ESTABLISHED
TCP 192.168.1.3:1055 209.73.168.74:80 TIME_WAIT
TCP 192.168.1.3:1057 63.245.209.21:80 ESTABLISHED
TCP 192.168.1.3:1060 61.246.253.19:443 ESTABLISHED
TCP 192.168.1.3:1062 61.246.253.19:443 ESTABLISHED


3).Just After starting Flashget


C:\Documents and Settings\G RAMESH>netstat

Active Connections

Proto Local Address Foreign Address State
TCP ramesh-76d7e098:1027 localhost:18350 ESTABLISHED
TCP ramesh-76d7e098:18350 localhost:1027 ESTABLISHED

C:\Documents and Settings\G RAMESH>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1027 127.0.0.1:18350 ESTABLISHED
TCP 127.0.0.1:18350 127.0.0.1:1027 ESTABLISHED

4).After starting Flashget and downloading a file


C:\Documents and Settings\G RAMESH>netstat

Active Connections

Proto Local Address Foreign Address State
TCP ramesh-76d7e098:1027 localhost:18350 ESTABLISHED
TCP ramesh-76d7e098:18350 localhost:1027 ESTABLISHED
TCP ramesh-76d7e098:1066 hosted.by.leaseweb.com:http ESTABLISHED
TCP ramesh-76d7e098:1067 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1068 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1070 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1071 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1072 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1073 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1074 hosted.by.leaseweb.com:http ESTABLISHED
TCP ramesh-76d7e098:1075 hosted.by.leaseweb.com:http SYN_SENT
TCP ramesh-76d7e098:1076 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1077 hosted.by.leaseweb.com:http ESTABLISHED
TCP ramesh-76d7e098:1078 hosted.by.leaseweb.com:http ESTABLISHED

C:\Documents and Settings\G RAMESH>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1027 127.0.0.1:18350 ESTABLISHED
TCP 127.0.0.1:18350 127.0.0.1:1027 ESTABLISHED
TCP 192.168.1.3:1066 87.255.33.131:80 ESTABLISHED
TCP 192.168.1.3:1067 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1068 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1070 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1071 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1072 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1073 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1074 87.255.33.131:80 ESTABLISHED
TCP 192.168.1.3:1075 87.255.33.131:80 SYN_SENT
TCP 192.168.1.3:1076 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1077 87.255.33.131:80 CLOSING
TCP 192.168.1.3:1078 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1079 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1080 87.255.33.131:80 SYN_SENT


5).After sometime of starting file d/l using Flashget

C:\Documents and Settings\G RAMESH>netstat

Active Connections

Proto Local Address Foreign Address State
TCP ramesh-76d7e098:1027 localhost:18350 ESTABLISHED
TCP ramesh-76d7e098:18350 localhost:1027 ESTABLISHED
TCP ramesh-76d7e098:1066 hosted.by.leaseweb.com:http ESTABLISHED
TCP ramesh-76d7e098:1149 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1188 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1189 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1190 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1191 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1193 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1194 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1195 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1196 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1197 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1198 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1199 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1200 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1201 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1202 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1204 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1205 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1206 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1207 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1208 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1209 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1210 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1211 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1212 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1213 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1214 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1215 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1216 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1217 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1219 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1220 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1221 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1222 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1223 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1224 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1226 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1227 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1228 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1229 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1230 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1231 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1232 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1233 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1234 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1235 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1236 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1238 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1239 hosted.by.leaseweb.com:http TIME_WAIT
TCP ramesh-76d7e098:1240 hosted.by.leaseweb.com:http SYN_SENT
TCP ramesh-76d7e098:1241 hosted.by.leaseweb.com:http SYN_SENT
TCP ramesh-76d7e098:1242 hosted.by.leaseweb.com:http ESTABLISHED

C:\Documents and Settings\G RAMESH>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1027 127.0.0.1:18350 ESTABLISHED
TCP 127.0.0.1:18350 127.0.0.1:1027 ESTABLISHED
TCP 192.168.1.3:1066 87.255.33.131:80 ESTABLISHED
TCP 192.168.1.3:1197 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1198 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1199 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1200 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1201 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1202 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1204 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1205 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1206 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1207 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1208 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1209 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1210 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1211 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1212 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1213 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1214 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1215 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1216 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1217 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1219 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1220 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1221 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1222 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1223 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1224 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1226 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1227 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1228 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1229 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1230 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1231 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1232 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1233 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1234 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1235 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1236 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1238 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1239 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1240 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1241 87.255.33.131:80 SYN_SENT
TCP 192.168.1.3:1242 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1244 87.255.33.131:80 TIME_WAIT
TCP 192.168.1.3:1245 87.255.33.131:80 LAST_ACK
TCP 192.168.1.3:1246 87.255.33.131:80 TIME_WAIT


6). After starting mozilla firer\fox and checking yahoo mail and another tab.


C:\Documents and Settings\G RAMESH>netstat

Active Connections

Proto Local Address Foreign Address State
TCP ramesh-76d7e098:1027 localhost:18350 ESTABLISHED
TCP ramesh-76d7e098:1346 localhost:1347 ESTABLISHED
TCP ramesh-76d7e098:1347 localhost:1346 ESTABLISHED
TCP ramesh-76d7e098:1348 localhost:1349 ESTABLISHED
TCP ramesh-76d7e098:1349 localhost:1348 ESTABLISHED
TCP ramesh-76d7e098:18350 localhost:1027 ESTABLISHED
TCP ramesh-76d7e098:1330 img.vip.in.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1334 ad1.ny.yieldmanager.com:http TIME_WAIT
TCP ramesh-76d7e098:1336 us.yimg.vip.scd.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1338 us.yimg.vip.scd.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1339 us.yimg.vip.scd.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1340 us.yimg.vip.scd.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1344 images.techguy.org:http TIME_WAIT
TCP ramesh-76d7e098:1350 static-fxfeeds.nslb.sj.mozilla.com:http ESTABLI
SHED
TCP ramesh-76d7e098:1354 61.246.253.17:http ESTABLISHED
TCP ramesh-76d7e098:1355 61.246.253.17:http ESTABLISHED
TCP ramesh-76d7e098:1356 61.246.253.17:http ESTABLISHED
TCP ramesh-76d7e098:1358 img.vip.in.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1359 61.246.253.25:http ESTABLISHED
TCP ramesh-76d7e098:1360 61.246.253.17:http ESTABLISHED
TCP ramesh-76d7e098:1362 img.vip.in.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1363 img.vip.in.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1367 img.vip.in.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1368 www.techguy.org:http LAST_ACK
TCP ramesh-76d7e098:1369 img.vip.in.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1370 img.vip.in.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1373 img.vip.in.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1374 img.vip.in.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1382 www.techguy.org:http ESTABLISHED
TCP ramesh-76d7e098:1384 img.vip.in.yahoo.com:http TIME_WAIT
TCP ramesh-76d7e098:1385 bs1.ads.vip.tpc.yahoo.com:http ESTABLISHED
 

techtronic

I Always Prefer 1080p
87.255.33.131 - Netherlands IP
leaseweb.com - Germany based company

Try to scan your machine with a good antivirus and anti-spyware
Also post a hijackthis log for more info abt running processes and services
 

ilugd

Beware of the innocent
turn off any instant messengers, google desktop (kill it) and then try netstat, and like techtronic says, a hijackthis log is rather more useful.
 
use jetico personal firewall which is free or equivalent type.... and also use command arp -a , by task manager stop unused applications and by msconfig commnad in run, stop automatic startup programs....
 
Status
Not open for further replies.
Top Bottom