Evidence of some blocked hack attempts. For info PID 2800 is my browser. These netstat commands were issued over a period of about a minute, just about 5 minutes ago. The browser was running but not being used (by me anyway !)
"C:\Users\net_user>netstat -ano -p tcp
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 880
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 552
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1064
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1136
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 648
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 2460
TCP 127.0.0.1:49187 127.0.0.1:49188 ESTABLISHED 2800
TCP 127.0.0.1:49188 127.0.0.1:49187 ESTABLISHED 2800
TCP 127.0.0.1:53709 203.190.124.18:80 SYN_SENT 2800
TCP 192.168.0.7:139 0.0.0.0:0 LISTENING 4
C:\Users\net_user>netstat -ano -p tcp
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 880
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 552
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1064
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1136
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 648
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 2460
TCP 127.0.0.1:49187 127.0.0.1:49188 ESTABLISHED 2800
TCP 127.0.0.1:49188 127.0.0.1:49187 ESTABLISHED 2800
TCP 127.0.0.1:53710 203.190.124.16:80 SYN_SENT 2800
TCP 192.168.0.7:139 0.0.0.0:0 LISTENING 4
C:\Users\net_user>netstat -ano -p tcp
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 880
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 552
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1064
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1136
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 648
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 2460
TCP 127.0.0.1:49187 127.0.0.1:49188 ESTABLISHED 2800
TCP 127.0.0.1:49188 127.0.0.1:49187 ESTABLISHED 2800
TCP 127.0.0.1:53710 203.190.124.16:80 SYN_SENT 2800
TCP 192.168.0.7:139 0.0.0.0:0 LISTENING 4
C:\Users\net_user>netstat -ano -p tcp
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 880
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 552
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1064
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1136
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 648
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 2460
TCP 127.0.0.1:49187 127.0.0.1:49188 ESTABLISHED 2800
TCP 127.0.0.1:49188 127.0.0.1:49187 ESTABLISHED 2800
TCP 127.0.0.1:53711 203.190.124.11:80 SYN_SENT 2800
TCP 192.168.0.7:139 0.0.0.0:0 LISTENING 4
C:\Users\net_user>netstat -ano -p tcp
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 880
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 552
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1064
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1136
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 648
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 2460
TCP 127.0.0.1:49187 127.0.0.1:49188 ESTABLISHED 2800
TCP 127.0.0.1:49188 127.0.0.1:49187 ESTABLISHED 2800
TCP 127.0.0.1:53712 203.190.124.27:80 SYN_SENT 2800
TCP 192.168.0.7:139 0.0.0.0:0 LISTENING 4
"
The Foreign Address field is the one to look at. There are outgoing connect attempts by the browser.
EDIT: The formatting is lost but I think you get the idea.
t.
Edited by trampas, 28 April 2012 - 06:12 PM.