What is Complete Care?
June 28, 2023
Symantec on one of my servers keeps logging a port scan attack coming from my laptop and I can’t figure out which process is causing it. Hopefully this will help.
ex. netstat -a -b
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
For more information, click here.
P.S. This may create a lot of data to try and sift through in the command prompt so instead you can output everything to a text file by entering > filename.txt afterwards.
ex. netstat -a -b >netstat.txt
This will create a text file in the system32 folder or whatever directory you happen to be running command prompt from.
