Salah satu tools di windows adalah Netstat yang berguna untuk mengecek jaringan dan koneksi internet. Biasanya juga dipakai untuk mengecek keberadaan malware yang terhubung dengan internet.
Syntak dari Netstat adalah : netstat [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]. Berikut penjelasannya :
Switch | Description |
-a | Displays all connections and listening ports |
-b | Displays the executable involved in creating each connection or listening port. (Added in XP SP2.) |
-e | Displays Ethernet statistics |
-n | Displays addresses and port numbers in numerical form |
-o | Displays the owning process ID associated with each connection |
-p proto | Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. |
-r | Displays the routing table |
-s | Displays per-protocol statistics |
-v | When used in conjunction with -b, will display sequence of components involved in creating the connection or listening port for all executables |
[interval] | An integer used to display results multiple times with specified number of seconds between displays. Continues until stopped by command ctrl+c. Default setting is to display once, |
Cek koneksi TCP/IP
Sintak: C:\netstat -an
Informasi yang ditampilkan meliputi : the protocol, the local address, the remote (foreign) address, and the connection state. Penjelasan dari connection stated adalah :
State | Description |
CLOSED | Indicates that the server has received an ACK signal from the client and the connection is closed |
CLOSE_WAIT | Indicates that the server has received the first FIN signal from the client and the connection is in the process of being closed |
ESTABLISHED | Indicates that the server received the SYN signal from the client and the session is established |
FIN_WAIT_1 | Indicates that the connection is still active but not currently being used |
FIN_WAIT_2 | Indicates that the client just received acknowledgment of the first FIN signal from the server |
LAST_ACK | Indicates that the server is in the process of sending its own FIN signal |
LISTENING | Indicates that the server is ready to accept a connection |
SYN_RECEIVED | Indicates that the server just received a SYN signal from the client |
SYN_SEND | Indicates that this particular connection is open and active |
TIME_WAIT | Indicates that the client recognizes the connection as still active but not currently being used |
Cek Malware
Sintak: C:\netstat -b. Jika akan di buat log nya sintaknya sebagai berikut : C::\
netstat -b 5 >> C:\connections.txt. Masalahnya command tersebut menggunakan memory yang cukup besar sehingga mengganggu kinerja komputer.
No comments:
Post a Comment