Determining foreign addresses?

D

damarious25

Limp Gawd
Joined
Dec 27, 2010
Messages
227
Just wondering the best way to determine who or what a foreign address is? Just on one local machine here I have internal connections with IP address to other LAN PCs I recognize, but there are other foreign IP address (and others are a mix with :http at the end while no browser or streaming services are running) I don't recognize.

Also, is there a way to "netstat" all machines on a LAN to get a list of all incoming and and outgoing connections over a LAN? I have a few old machines here, is it worth my time to build a firewall (pfsense?) machine to have better control and access to this information?

Thanks!
-dam25
 
arp -av will give you a list of the machines you've seen traffic from in the past 10 minutes. That will generally include most if not all of the machines in the local subnet since there is typically a fair amount of broadcast traffic. If you want to help fill up the arp cache, you can try browsing "network neighborhood" with upnp turned on. Anything besides arp or netstat would require a network scan, which you should make sure is OK with whoever is running your LAN.

As for running a separate machine as a firewall - it's not needed just to see which hosts have connected to your box. Any software firewall can tell you that. The free one from Comodo is fine.
 
netstat -n
Netstat -nab

Otherwise download Wireshark form filehippo.com and check what is connecting with what and who is using what
 
Take the IP address(es) from the NETSTAT result and do a WHOIS on them. That should give you a clue to what the connection is.
http://www.dnsstuff.com/

You can also run nslookup from the commandline to get similar information.

For instance, if you have Automatic Windows Updates enabled, your computer will occasionally be making outgoing TCP requests to Microsoft and Akamai servers, in order to download the patches for the Windows OS on your computer. Same thing with antivirus software. So even if you have no programs "open", there are services and/or programs running in the background making connections for update purposes, etc.
 
thefreeaccount said:
arp -av will give you a list of the machines you've seen traffic from in the past 10 minutes. Anything besides arp or netstat would require a network scan, which you should make sure is OK with whoever is running your LAN.

As for running a separate machine as a firewall - it's not needed just to see which hosts have connected to your box. Any software firewall can tell you that. The free one from Comodo is fine.
Click to expand...
arp -av, thanks!
As for a separate firewall I was going to try and configure modem>pfsense>router>PCs
Spooony said:
netstat -n
Netstat -nab
Otherwise download Wireshark form filehippo.com and check what is connecting with what and who is using what
Click to expand...
hawk82 said:
Take the IP address(es) from the NETSTAT result and do a WHOIS on them. That should give you a clue to what the connection is.
http://www.dnsstuff.com/

You can also run nslookup from the commandline to get similar information.

For instance, if you have Automatic Windows Updates enabled, your computer will occasionally be making outgoing TCP requests to Microsoft and Akamai servers, in order to download the patches for the Windows OS on your computer. Same thing with antivirus software. So even if you have no programs "open", there are services and/or programs running in the background making connections for update purposes, etc.
Click to expand...

Jeesh, I forgot all about nslookup. Son of a b. Thanks.
 
Btw where's your firewall? Its log should contain all the connections inbound and outbound
 
Well, like mentioned before every PC has it's own firewall. There is a basic one on my modem/router but Im not sure it's much use.
 
You must log in or register to reply here.
Back
Top