Appendix FDiscovering unauthorized access to your computer
Use the “netstat” command to determine whether or not there is an unauthorized connection to your workstation. As shown below, the /? parameter can be used to read the “Help” section of the “netstat” command.
netstat /? Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a |
Displays all connections and listening ports. (Server-side connections are normally not shown.) |
-e |
Displays Ethernet statistics. May be combined with the -s option. |
-n |
Displays addresses and port numbers in numerical form. |
-p |
Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to ... |
Get Cyber Crime Investigator's Field Guide, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
