What does listening mean on command prompt

Ask Ubuntu is a question and answer site for Ubuntu users and developers. It only takes a minute to sign up. Connect and share knowledge within a single location that is structured and easy to search. I have been monitoring my system lately and I have found some strange things are running on my system. Can anyone please explain what they are and why same program use several processes?

Output of netstat and ps -aux :. Why are they like 0. What does it mean? What are they used for, exactly, please? See the list of standard ports.

The Local Address tells you what interface it is listening on If a remote system has connected to a port, Foreign Address will show the address of that system, and 0. Services: here you see the local IP-address, where that service is listening and after a : the port it is listening on, with.

Those are just numbers, used to distinguish between connection end point on one machine, no two programs on one machine may use the same port simultaneously. Ubuntu Community Ask! This window allows you to view actively communicating hosts sorted in a variety of ways, as shown in Figure 2. Log files are the bread and butter of any systems administrator, software developer, or intrusion analyst.

Of course, the sophisticated attacker is going to make sure he is covering his tracks, but we want to catch the unsophisticated ones as well. The quickest way to access the event viewer on your Windows system is to type eventvwr. From here you will want to examine all of the log files for activity that looks inconsistent with your daily activities.

Some events that I look for include:. Two of the most important areas to look at when attempting to determine if a system has been compromised are the system registry and the running processes.

Any change to a system is reflected in the registry and every task that occurs on a system is done with some kind of process. In the past, examining these things was a bit of a cumbersome and manual process using the Windows built-in registry and process monitoring tools. Luckily for us, Windows Sysinternals provides the Process Monitor tool.

Using Process Monitor you can view changes to the registry as they are actively happening and view active processes and detailed information associated with them.

You can download Process Monitor from Microsoft. As for the analysis of the registry and running processes, this is another case where you need to have a knowledge baseline in order to be effective. Run process monitor occasionally and get an idea for what processes are normal for your system so that you can quickly pick out anomalous ones when the time comes.

This last one is a no brainer but I couldn't write this article without mentioning it. It's incredibly common for an attacker to compromise a system and then create a new user account on it for eased reentry back into the system.

You can view the user accounts on your system by going to the start menu, right clicking Computer, clicking Manage, and browsing the Users and Groups heading. In this article I've give a basic run through of some things to look for when you think your system has been compromised.

This list is by no means exhaustive, as entire books have been written on this topic. In addition, the SANS institute has a great cheat sheet to accompany this article that can be found here. As always, remember that proactive security is the best security as it prevents you from having to be reactive. I found these bizarre cards, that you described in this article, on my network. I am going to attempt to close the ports, but usually that solution is very temporary.

Thought you might find these interesting. Cardkey Systems, Inc. For example, one piece of hardware may be listening for another piece of hardware to signal that it is done with a task.

Each IP address uses ports for network traffic through them. If you see 0. Using ports allows you to close or open communication channels as you need to. Firewalls restrict access to your computer network, in part, by controlling which ports are open to communication. The IP address log from Netstat shows both the listening port and the established port.

If both appear for the same port there is likely to be authorized communication going on. For example, if you see port 0.

For example, If you see port activity on your IP log that doesn't match up with the connections you think you should have, use a firewall to close ports with a status of listening and no corresponding established IP address. Use an anti-virus or anti-malware scanner to remove any potentially malicious software see link in Resources.