Why http microsoft connection in netstat check?

I checked established connections with "netstat" command in command prompt, and I found that there are some connections with ip’s of microsoft (I checked ip online) that have http (and not https) connection established, they bring to some svchost.exe in a Win32 folder of the system. I know that http connections are not safe, but I guess they are safe since they have microsoft ip, but why these connections are not encrypted (http)? Is it normal?

Have I been hacked ( netstat output too many dgrams and stream connections) [closed]

enter image description hereenter image description here

enter image description here

netstat output

These are the output images of the netstat command I ran it shows that they’re are too many outbound connection and many dgrams and stream . I also tried to capture the output using Wireshark and then reverse checking the IP address to whom does it belongs ( using www.arin.net) it showed up various organisation ( Google, Astricia).

I also tried to turnoff the wifi and then ran netstat but no change in the dgram and stream connections.

Please help , any input will be appreciated.

netstat command on WSL doesn’t give any messages

$   netstat -nap (No info could be read for "-p": geteuid()=1000 but you should be root.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name Active UNIX domain sockets (servers and established) Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path 

nestat command gives no information about ports are using. For example, I’m running redis-server on this PC but it is not displayed here.

How to I fix this? Linux distro is Microsoft WSL Ubuntu 18.04.

Question about Netstat

I was monitoring network connections using Netstat and came across Netstat -tlnp i was wondering what this it what it does and how the command works i have checked the Netstat man pages for my distro however can not seem to find the entire syntax any help will be appreciated Note: The reason why i ask this question here is because i have recently got into Information Security and was playing around with monitoring network traffic and looking into open connections to possible command and control servers

What’s the difference in the netstat table in Ubuntu?

I have run nginx once, but I have two, and only one node.js web server. The result of running netstat -tnlp is as follows:

What’s the difference between * and ::: *?

netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name tcp        0      0    *               LISTEN      1108/sshd tcp        0      0*               LISTEN      20389/mongod tcp        0      0  *               LISTEN      17224/mysqld tcp        0      0    *               LISTEN      1139/nginx -g daemo tcp6       0      0 :::22                   :::*                    LISTEN      1108/sshd tcp6       0      0 :::3002                 :::*                    LISTEN      20567/node tcp6       0      0 :::80                   :::*                    LISTEN      1139/nginx -g daemo 

Netstat, lsof, etc. are limited to one namespace, what else connection is hidden from them?

On Linux, network monitoring tools are limited to the current namespace and does not show the whole machine connections (like lsof -i, netstat -ltup)

I have to loop on all namespaces to see the whole machine connections with sudo ip -all netns exec lsof -i

Is there other connections that are also hidden from lsof/netstat?

adb shell busybox netstat

I am trying to look at the processes tagged to each individual tcp connection using busybox netstat -p as shown from their docs. However, after rooting and checking my root with RootChecker, it seems like i have root access and SU access; but unable to run adb shell busybox netstat and it shows the error

Running busybox netstat command

From android's terminal shell

I am using NoxPlayer, running android version 4.4.2. This shows a picture of my attempt to do the same thing in Terminal Emulator itself.


And this shows an image of rootChecker verifying that i rooted the phone properly.

I came across articles saying that /proc/net is a symbolic link; thus only providing a “shortcut” to the file path and not the actual file, thus, netstat command was unable to be executed?

Hope to get some help for this issue.

ssh connection refused; netstat LISTEN; nmap closed

My Setup

  • Ubuntu server 18.04 on local hardware
  • A laptop from which I want to ssh into the server over local network

My Problem

Every once in a while right after boot, I can ssh into the machine for a few minutes. But most of the time I simply get: connect to host port 22: Connection refused.

On the server

  • I disabled the firewall: sudo ufw disable, but didn’t help.

  • Then I checked netstat -nlpt and it told me that sshd is listening on port 22.

On my laptop

  • But then I tried nmap -v -p 22 and it told me that port 22 was closed.

I am very confused why netstat and nmap tell me different things. Could it be that my wifi-router is blocking ssh somehow?