Strange entries in Netstat output
You can get more useful information from the Netstat command by adding the -f
and -b
parameters, like this:
netstat -f -b
According to the help (netstat -?
) the -f
switch:
Displays Fully Qualified Domain Names (FQDN) for foreign addresses.
And the -b
switch:
Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.
Put the two together and you'll see what processes are creating each connection and the full remote host name.
To aid in investigating the executables (and the connection's they're making) use Microsoft's Process Explorer. When you run the program you'll be presented with a list of everything running on your system, like this:
Then, to see the connections made by an executable, double-click it and have a look at the TCP/IP tab:
Related videos on Youtube
![Admin](/assets/logo_square_200-5d0d61d6853298bd2a4fe063103715b4daf2819fc21225efa21dfb93e61952ea.png)
Admin
Updated on September 18, 2022Comments
-
Admin almost 2 years
Out of curiosity, I ran
Netstat
on my Windows PC, and I found some strange entries like:xx-fbcdn-shv-01-amt2:https edge-star-mini-shv-01-frt3:https mil04s03-in-f10:https xx-fbcdn-shv-01-amt2:https fra16s25-in-f14:https lu7:http 40:https mil04s04-in-f12:https wb-in-f188:https ec2-52-86-85-106:https db5sch101101419:https bam-6:https
What are these/how can I tell what these are?
-
I say Reinstate Monica over 7 yearsYou're welcome. I updated my answer to give you an additional resource for investigating the connections made by processes on your machine. Hope it helps.