Netstat Results. What does it mean?

  • Thread starter Thread starter lovemail
  • Start date Start date
L

lovemail

Guest
I have a domain controller server that shows these netstat results.
Does it mean I may have a VLAN? Why do the server ports connect to
other ports on the same server? Could this be a way block to block
connections? I really don't know.

Netstat shows:

Active Connections

Proto Local Address Foreign Address State
TCP nb01232b:epmap 10.0.1.112:1150 ESTABLISHED
TCP nb01232b:ldap NT01232A:4502 ESTABLISHED
TCP nb01232b:1026 NT01232A:1556 ESTABLISHED
TCP nb01232b:1026 NT01232A:3068 TIME_WAIT
TCP nb01232b:1026 NT01232A:3071 TIME_WAIT
TCP nb01232b:1026 10.0.1.112:1151 ESTABLISHED
TCP nb01232b:1026 10.0.1.112:1152 ESTABLISHED
TCP nb01232b:2161 NT01232A:1068 ESTABLISHED
TCP nb01232b:3389 SKIPPb:1136 ESTABLISHED
TCP nb01232b:4014 NT01232A:1026 ESTABLISHED
TCP nb01232b:ldap nb01232b.nt01232:2352 ESTABLISHED
TCP nb01232b:microsoft-ds nb01232b.nt01232:3760 ESTABLISHED
TCP nb01232b:1026 nb01232b.nt01232:1070 ESTABLISHED
TCP nb01232b:1070 nb01232b.nt01232:1026 ESTABLISHED
TCP nb01232b:1312 nb01232b.nt01232:ldap CLOSE_WAIT
TCP nb01232b:2352 nb01232b.nt01232:ldap ESTABLISHED
TCP nb01232b:3692 nb01232b.nt01232:ldap CLOSE_WAIT
TCP nb01232b:3760 nb01232b.nt01232:microsoft-ds
ESTABLISHED
TCP nb01232b:ldap nb01232b.nt01232:1094 ESTABLISHED
TCP nb01232b:ldap nb01232b.nt01232:1095 ESTABLISHED
TCP nb01232b:ldap nb01232b.nt01232:1097 ESTABLISHED
TCP nb01232b:ldap nb01232b.nt01232:3725 ESTABLISHED
TCP nb01232b:microsoft-ds nb01232b.nt01232:1224 ESTABLISHED
TCP nb01232b:1094 nb01232b.nt01232:ldap ESTABLISHED
TCP nb01232b:1095 nb01232b.nt01232:ldap ESTABLISHED
TCP nb01232b:1097 nb01232b.nt01232:ldap ESTABLISHED
TCP nb01232b:1142 nb01232b.nt01232:32000 ESTABLISHED
TCP nb01232b:1219 nb01232b.nt01232:33105 ESTABLISHED
TCP nb01232b:1224 nb01232b.nt01232:microsoft-ds
ESTABLISHED
TCP nb01232b:2357 nb01232b.nt01232:33105 ESTABLISHED
TCP nb01232b:2771 nb01232b.nt01232:33105 ESTABLISHED
TCP nb01232b:2783 nb01232b.nt01232:33105 ESTABLISHED
TCP nb01232b:2882 nb01232b.nt01232:33105 ESTABLISHED
TCP nb01232b:3175 nb01232b.nt01232:33105 ESTABLISHED
TCP nb01232b:3725 nb01232b.nt01232:ldap ESTABLISHED
TCP nb01232b:32000 nb01232b.nt01232:1142 ESTABLISHED
TCP nb01232b:33105 nb01232b.nt01232:1219 ESTABLISHED
TCP nb01232b:33105 nb01232b.nt01232:2357 ESTABLISHED
TCP nb01232b:33105 nb01232b.nt01232:2771 ESTABLISHED
TCP nb01232b:33105 nb01232b.nt01232:2783 ESTABLISHED
TCP nb01232b:33105 nb01232b.nt01232:2882 ESTABLISHED
TCP nb01232b:33105 nb01232b.nt01232:3175 ESTABLISHED
TCP nb01232b:1192 192.168.234.236:5859 ESTABLISHED


Thanks for your help.
 
Re: Netstat Results. What does it mean?

Hello Lovemail,


-Does it mean I may have a VLAN?
----------------------------------

> No it doesn't ,VLAN are managed by physical external switch.
Exemple : Cisco Catalyst 2950
http://www.cisco.com/en/US/products/ps6406/index.html





-Why do the server ports connect to
other ports on the same server?
-----------------------------------

> Because some softwares like Firewalls (installed locally) do that.
The better way to check that is to disable the Firewall
and check again with NETSTAT -an .


Regards ,


Olivier C.


Microsoft Customer Service and Support.


########################################################

"lovemail" <ilovefogcity@gmail.com> wrote in message
news:7dae7828-7591-415f-b3c9-89d3f0e9d26b@z11g2000prl.googlegroups.com...
>I have a domain controller server that shows these netstat results.
> Does it mean I may have a VLAN? Why do the server ports connect to
> other ports on the same server? Could this be a way block to block
> connections? I really don't know.
>
> Netstat shows:
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP nb01232b:epmap 10.0.1.112:1150 ESTABLISHED
> TCP nb01232b:ldap NT01232A:4502 ESTABLISHED
> TCP nb01232b:1026 NT01232A:1556 ESTABLISHED
> TCP nb01232b:1026 NT01232A:3068 TIME_WAIT
> TCP nb01232b:1026 NT01232A:3071 TIME_WAIT
> TCP nb01232b:1026 10.0.1.112:1151 ESTABLISHED
> TCP nb01232b:1026 10.0.1.112:1152 ESTABLISHED
> TCP nb01232b:2161 NT01232A:1068 ESTABLISHED
> TCP nb01232b:3389 SKIPPb:1136 ESTABLISHED
> TCP nb01232b:4014 NT01232A:1026 ESTABLISHED
> TCP nb01232b:ldap nb01232b.nt01232:2352 ESTABLISHED
> TCP nb01232b:microsoft-ds nb01232b.nt01232:3760 ESTABLISHED
> TCP nb01232b:1026 nb01232b.nt01232:1070 ESTABLISHED
> TCP nb01232b:1070 nb01232b.nt01232:1026 ESTABLISHED
> TCP nb01232b:1312 nb01232b.nt01232:ldap CLOSE_WAIT
> TCP nb01232b:2352 nb01232b.nt01232:ldap ESTABLISHED
> TCP nb01232b:3692 nb01232b.nt01232:ldap CLOSE_WAIT
> TCP nb01232b:3760 nb01232b.nt01232:microsoft-ds
> ESTABLISHED
> TCP nb01232b:ldap nb01232b.nt01232:1094 ESTABLISHED
> TCP nb01232b:ldap nb01232b.nt01232:1095 ESTABLISHED
> TCP nb01232b:ldap nb01232b.nt01232:1097 ESTABLISHED
> TCP nb01232b:ldap nb01232b.nt01232:3725 ESTABLISHED
> TCP nb01232b:microsoft-ds nb01232b.nt01232:1224 ESTABLISHED
> TCP nb01232b:1094 nb01232b.nt01232:ldap ESTABLISHED
> TCP nb01232b:1095 nb01232b.nt01232:ldap ESTABLISHED
> TCP nb01232b:1097 nb01232b.nt01232:ldap ESTABLISHED
> TCP nb01232b:1142 nb01232b.nt01232:32000 ESTABLISHED
> TCP nb01232b:1219 nb01232b.nt01232:33105 ESTABLISHED
> TCP nb01232b:1224 nb01232b.nt01232:microsoft-ds
> ESTABLISHED
> TCP nb01232b:2357 nb01232b.nt01232:33105 ESTABLISHED
> TCP nb01232b:2771 nb01232b.nt01232:33105 ESTABLISHED
> TCP nb01232b:2783 nb01232b.nt01232:33105 ESTABLISHED
> TCP nb01232b:2882 nb01232b.nt01232:33105 ESTABLISHED
> TCP nb01232b:3175 nb01232b.nt01232:33105 ESTABLISHED
> TCP nb01232b:3725 nb01232b.nt01232:ldap ESTABLISHED
> TCP nb01232b:32000 nb01232b.nt01232:1142 ESTABLISHED
> TCP nb01232b:33105 nb01232b.nt01232:1219 ESTABLISHED
> TCP nb01232b:33105 nb01232b.nt01232:2357 ESTABLISHED
> TCP nb01232b:33105 nb01232b.nt01232:2771 ESTABLISHED
> TCP nb01232b:33105 nb01232b.nt01232:2783 ESTABLISHED
> TCP nb01232b:33105 nb01232b.nt01232:2882 ESTABLISHED
> TCP nb01232b:33105 nb01232b.nt01232:3175 ESTABLISHED
> TCP nb01232b:1192 192.168.234.236:5859 ESTABLISHED
>
>
> Thanks for your help.
 
Re: Netstat Results. What does it mean?

On Aug 20, 2:47 pm, "Olivier C." <v-43olic11022...@hotmail.com> wrote:
> Hello Lovemail,
>
> -Does it mean I may have aVLAN?
> ----------------------------------
>
> > No it doesn't ,VLANare managed by physical external switch.
>
> Exemple : Cisco Catalyst 2950http://www.cisco.com/en/US/products/ps6406/index.html
>
> -Why do the server ports connect to
> other ports on the same server?
> -----------------------------------
>
> > Because some softwares like Firewalls (installed locally) do that.
>
> The better way to check that is to disable the Firewall
> and check again with NETSTAT -an .
>
> Regards ,
>
> Olivier C.
>
> Microsoft Customer Service and Support.
>
> ########################################################
>
> "lovemail" <ilovefogc...@gmail.com> wrote in message
>
> news:7dae7828-7591-415f-b3c9-89d3f0e9d26b@z11g2000prl.googlegroups.com...
>
> >I have a domain controller server that shows these netstat results.
> > Does it mean I may have aVLAN? Why do the server ports connect to
> > other ports on the same server? Could this be a way block to block
> > connections? I really don't know.
>
> > Netstat shows:
>
> > Active Connections
>
> >  Proto  Local Address          Foreign Address        State
> >  TCP    nb01232b:epmap         10.0.1.112:1150        ESTABLISHED
> >  TCP    nb01232b:ldap          NT01232A:4502          ESTABLISHED
> >  TCP    nb01232b:1026          NT01232A:1556          ESTABLISHED
> >  TCP    nb01232b:1026          NT01232A:3068          TIME_WAIT
> >  TCP    nb01232b:1026          NT01232A:3071          TIME_WAIT
> >  TCP    nb01232b:1026          10.0.1.112:1151        ESTABLISHED
> >  TCP    nb01232b:1026          10.0.1.112:1152        ESTABLISHED
> >  TCP    nb01232b:2161          NT01232A:1068          ESTABLISHED
> >  TCP    nb01232b:3389          SKIPPb:1136            ESTABLISHED
> >  TCP    nb01232b:4014          NT01232A:1026          ESTABLISHED
> >  TCP    nb01232b:ldap          nb01232b.nt01232:2352  ESTABLISHED
> >  TCP    nb01232b:microsoft-ds  nb01232b.nt01232:3760  ESTABLISHED
> >  TCP    nb01232b:1026          nb01232b.nt01232:1070  ESTABLISHED
> >  TCP    nb01232b:1070          nb01232b.nt01232:1026  ESTABLISHED
> >  TCP    nb01232b:1312          nb01232b.nt01232:ldap  CLOSE_WAIT
> >  TCP    nb01232b:2352          nb01232b.nt01232:ldap  ESTABLISHED
> >  TCP    nb01232b:3692          nb01232b.nt01232:ldap  CLOSE_WAIT
> >  TCP    nb01232b:3760          nb01232b.nt01232:microsoft-ds
> > ESTABLISHED
> >  TCP    nb01232b:ldap          nb01232b.nt01232:1094  ESTABLISHED
> >  TCP    nb01232b:ldap          nb01232b.nt01232:1095  ESTABLISHED
> >  TCP    nb01232b:ldap          nb01232b.nt01232:1097  ESTABLISHED
> >  TCP    nb01232b:ldap          nb01232b.nt01232:3725  ESTABLISHED
> >  TCP    nb01232b:microsoft-ds  nb01232b.nt01232:1224  ESTABLISHED
> >  TCP    nb01232b:1094          nb01232b.nt01232:ldap  ESTABLISHED
> >  TCP    nb01232b:1095          nb01232b.nt01232:ldap  ESTABLISHED
> >  TCP    nb01232b:1097          nb01232b.nt01232:ldap  ESTABLISHED
> >  TCP    nb01232b:1142          nb01232b.nt01232:32000  ESTABLISHED
> >  TCP    nb01232b:1219          nb01232b.nt01232:33105  ESTABLISHED
> >  TCP    nb01232b:1224          nb01232b.nt01232:microsoft-ds
> > ESTABLISHED
> >  TCP    nb01232b:2357          nb01232b.nt01232:33105  ESTABLISHED
> >  TCP    nb01232b:2771          nb01232b.nt01232:33105  ESTABLISHED
> >  TCP    nb01232b:2783          nb01232b.nt01232:33105  ESTABLISHED
> >  TCP    nb01232b:2882          nb01232b.nt01232:33105  ESTABLISHED
> >  TCP    nb01232b:3175          nb01232b.nt01232:33105  ESTABLISHED
> >  TCP    nb01232b:3725          nb01232b.nt01232:ldap  ESTABLISHED
> >  TCP    nb01232b:32000         nb01232b.nt01232:1142  ESTABLISHED
> >  TCP    nb01232b:33105         nb01232b.nt01232:1219  ESTABLISHED
> >  TCP    nb01232b:33105         nb01232b.nt01232:2357  ESTABLISHED
> >  TCP    nb01232b:33105         nb01232b.nt01232:2771  ESTABLISHED
> >  TCP    nb01232b:33105         nb01232b.nt01232:2783  ESTABLISHED
> >  TCP    nb01232b:33105         nb01232b.nt01232:2882  ESTABLISHED
> >  TCP    nb01232b:33105         nb01232b.nt01232:3175  ESTABLISHED
> >  TCP    nb01232b:1192          192.168.234.236:5859   ESTABLISHED
>
> > Thanks for your help.

It does not have a firewall that I know if or have seen in the system.

Could this just be service connections to my Domain. It is the
Original PDC.

The name of the domain is nt01232 so could this be true?
 
Back
Top