Nearly every Windows command line control deserves full recognition if you justify them a bit. The topic of this article is an example of a fantastic starting point: the Windows “Netstat” control. Want to know what the rundll32.exe process is and who is currently connected to a PC in your surroundings? Grab that energy drink, and let’s get started!
Access Windows Netstat
You have the option to browse through the list of options to experiment and for yourself. In the tutorial, I’ll get right to the point. Netstat -a gives you all connections and listening ports. Netstat -n gives you the international addresses in numeric form (necessary for the next step of this informative article). Netstat -o gives you the procedure identifier associated with the connection, also suitable to understand. Note: (I keep search turned off). (Without the quotes) for a list of alternatives and commonly used.
Recognize the Windows Netstat Command
Combine the ( -ano) buttons with the Netstat authority, and you probably have a steadfast starting position for investigating what web attachments your PC currently has revealed. This is the information we’re looking for. Let’s examine these WAN IPs to see where they came from. Where can you find out WHO just 220.127.116.11 is? Hint: it’s a great idea to familiarize yourself with the TCP\IP interfaces, such as 80, 25, 53, etc. Understanding a port can go a long way in your digital life.
Refer to the Internet Assigned Numbers Authority (IANA)
On the “quantity” website, you’ll see a world map of the five IP registration authorities around the world. Note: this is where I start because I live in the United States, and most of my Internet traffic will be contained in this database. If you live elsewhere, you can start with your region’s IP registry. Let’s click on the ARIN logger and look for information about our IP address 18.104.22.168. See the “Hunt WhoIs” box in the upper right-hand corner? Note: If you get an address that is not in this particular log, it will be known among other pages in the log as “Ripe” or perhaps “Laconic”. The layout of the pages varies a bit, but on each page, you will see a place to look for clues to your address.
Check the IANA Numbers
You can bookmark the page with the numbers or, better yet, add it to your IE “favorites” bar. Easy, right? Start searching for IP addresses, and you’ll start seeing specific ranges and patterns. Hint: One of the most important actions I take as a neighborhood administrator when a PC may be infected is to take it out of the business community, put it on an external network, and use Netstat to verify the actions. Then I stay on the WAN IP connection of a running process or application and proceed from that point.…