Netstat -an in Command Line

Posted on

QUESTION :

In the below picture, as you see When I write netstat -an inside the command line I got this answer in the picture. The last line is different than others.

Sometimes, I query netstat -an command inside the command line. The first 4 characters stay same, fe80. Other characters in this line change for different time. Also, sometimes the last line is seen sometimes is not seen when I query netstat -an command. Finally, What does this mean? Is there any keylogger on my computer? Is this mean that someone watch me sometimes?

enter image description here

My command line output:

C:UsersASUS>netstat -an

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1309           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3306           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49157          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:5939         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:9990         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:23401        0.0.0.0:0              LISTENING
  TCP    127.0.0.1:43227        0.0.0.0:0              LISTENING
  TCP    192.168.1.42:139       0.0.0.0:0              LISTENING
  TCP    192.168.1.42:49185     191.232.139.129:443    ESTABLISHED
  TCP    192.168.1.42:49371     199.16.156.21:443      ESTABLISHED
  TCP    192.168.1.42:49454     54.225.136.233:443     CLOSE_WAIT
  TCP    192.168.1.42:49487     191.232.139.122:443    ESTABLISHED
  TCP    192.168.1.42:49544     54.225.136.233:443     CLOSE_WAIT
  TCP    192.168.1.42:49545     54.225.136.233:443     CLOSE_WAIT
  TCP    192.168.1.42:49546     216.58.209.194:443     ESTABLISHED
  TCP    192.168.1.42:49549     216.58.209.195:443     ESTABLISHED
  TCP    192.168.1.42:49556     216.58.209.195:443     ESTABLISHED
  TCP    192.168.1.42:49569     216.58.209.174:443     ESTABLISHED
  TCP    192.168.1.42:49571     185.15.42.42:80        ESTABLISHED
  TCP    192.168.1.42:49572     74.125.136.95:80       ESTABLISHED
  TCP    192.168.1.42:49574     185.15.42.36:80        ESTABLISHED
  TCP    192.168.1.42:49576     185.15.42.36:80        ESTABLISHED
  TCP    192.168.1.42:49577     185.15.42.36:80        ESTABLISHED
  TCP    192.168.1.42:49578     185.15.42.36:80        ESTABLISHED
  TCP    192.168.1.42:49579     185.15.42.36:80        ESTABLISHED
  TCP    192.168.1.42:49580     216.58.209.174:80      ESTABLISHED
  TCP    192.168.1.42:49586     23.74.205.54:80        ESTABLISHED
  TCP    192.168.1.42:49587     195.175.112.152:80     ESTABLISHED
  TCP    192.168.1.42:49590     185.15.42.42:80        ESTABLISHED
  TCP    192.168.1.42:49591     185.15.42.42:80        ESTABLISHED
  TCP    192.168.1.42:49598     216.58.209.205:443     ESTABLISHED
  TCP    192.168.1.42:49601     23.74.203.155:443      ESTABLISHED
  TCP    192.168.1.42:49602     23.74.203.155:443      ESTABLISHED
  TCP    192.168.1.42:49603     23.74.203.155:443      ESTABLISHED
  TCP    192.168.1.42:49604     23.74.203.155:443      ESTABLISHED
  TCP    192.168.1.42:49605     23.74.203.155:443      ESTABLISHED
  TCP    192.168.1.42:49606     23.74.203.155:443      ESTABLISHED
  TCP    192.168.1.42:49608     168.61.58.142:443      ESTABLISHED
  TCP    192.168.1.42:49609     168.61.58.142:443      ESTABLISHED
  TCP    192.168.1.42:49610     168.61.58.142:443      ESTABLISHED
  TCP    192.168.1.42:49613     195.175.112.241:80     ESTABLISHED
  TCP    192.168.1.42:49614     54.192.95.81:443       ESTABLISHED
  TCP    192.168.1.42:49615     72.21.202.25:80        ESTABLISHED
  TCP    192.168.1.42:49631     216.58.209.194:443     ESTABLISHED
  TCP    192.168.1.42:49644     185.15.42.42:443       ESTABLISHED
  TCP    192.168.1.42:49646     216.58.209.206:443     ESTABLISHED
  TCP    192.168.1.42:49647     216.58.209.162:80      ESTABLISHED
  TCP    192.168.1.42:49648     185.15.42.36:80        ESTABLISHED
  TCP    192.168.1.42:49682     216.58.209.163:443     ESTABLISHED
  TCP    192.168.1.42:49709     31.13.90.36:443        ESTABLISHED
  TCP    192.168.1.42:49712     195.175.112.201:80     ESTABLISHED
  TCP    192.168.1.42:49714     195.175.112.201:80     TIME_WAIT
  TCP    192.168.1.42:49868     216.58.209.206:443     ESTABLISHED
  TCP    192.168.1.42:49941     216.58.209.206:443     TIME_WAIT
  TCP    192.168.1.42:49947     216.58.209.163:80      ESTABLISHED
  TCP    192.168.1.42:49948     216.58.209.163:80      ESTABLISHED
  TCP    192.168.1.42:49949     216.58.209.163:80      ESTABLISHED
  TCP    192.168.1.42:49950     216.58.209.163:80      ESTABLISHED
  TCP    192.168.1.42:49951     185.15.42.36:80        ESTABLISHED
  TCP    192.168.1.42:49952     216.58.209.163:80      ESTABLISHED
  TCP    192.168.1.42:49953     216.58.209.163:80      ESTABLISHED
  TCP    192.168.1.42:49962     54.192.95.225:443      ESTABLISHED
  TCP    192.168.1.42:49969     216.58.209.170:80      ESTABLISHED
  TCP    192.168.1.42:49971     74.125.136.95:443      ESTABLISHED
  TCP    192.168.1.42:49974     216.58.209.161:443     ESTABLISHED
  TCP    192.168.1.42:49975     40.114.151.29:80       ESTABLISHED
  TCP    192.168.1.42:49976     40.114.151.29:80       ESTABLISHED
  TCP    192.168.1.42:49977     40.114.151.29:80       ESTABLISHED
  TCP    192.168.1.42:49978     40.114.151.29:80       ESTABLISHED
  TCP    192.168.1.42:49979     40.114.151.29:80       ESTABLISHED
  TCP    192.168.1.42:49998     52.30.99.216:80        ESTABLISHED
  TCP    192.168.1.42:50014     216.58.209.163:443     ESTABLISHED
  TCP    192.168.1.42:50017     52.4.197.142:80        ESTABLISHED
  TCP    192.168.1.42:50019     54.154.240.164:80      ESTABLISHED
  TCP    192.168.1.42:50020     54.77.71.247:80        ESTABLISHED
  TCP    192.168.1.42:50021     54.77.71.247:80        ESTABLISHED
  TCP    192.168.1.42:50022     54.77.71.247:80        ESTABLISHED
  TCP    192.168.1.42:50024     179.60.192.7:443       ESTABLISHED
  TCP    192.168.1.42:50057     81.26.166.11:80        ESTABLISHED
  TCP    192.168.1.42:50083     216.58.209.174:443     ESTABLISHED
  TCP    192.168.1.42:50086     198.252.206.25:443     ESTABLISHED
  TCP    192.168.1.42:50129     216.58.209.163:443     TIME_WAIT
  TCP    192.168.1.42:50304     198.252.206.25:443     ESTABLISHED
  TCP    192.168.1.42:50364     75.101.140.77:443      TIME_WAIT
  TCP    192.168.1.42:50365     75.101.140.77:443      ESTABLISHED
  TCP    192.168.1.42:50415     216.58.209.165:443     ESTABLISHED
  TCP    192.168.1.42:50417     23.74.192.186:443      ESTABLISHED
  TCP    192.168.1.42:50418     216.58.209.168:443     TIME_WAIT
  TCP    192.168.1.42:50425     75.101.140.77:443      TIME_WAIT
  TCP    192.168.1.42:50427     173.194.65.157:443     ESTABLISHED
  TCP    192.168.1.42:50435     216.58.209.196:443     ESTABLISHED
  TCP    192.168.1.42:50464     216.58.209.174:443     TIME_WAIT
  TCP    192.168.1.42:50470     216.58.209.170:443     TIME_WAIT
  TCP    192.168.1.42:50471     173.194.113.31:443     ESTABLISHED
  TCP    192.168.1.42:50473     216.58.209.193:443     TIME_WAIT
  TCP    192.168.1.42:50481     216.58.209.163:443     TIME_WAIT
  TCP    192.168.1.42:50491     216.58.208.97:443      ESTABLISHED
  TCP    192.168.1.42:50493     216.58.209.174:443     ESTABLISHED
  TCP    192.168.1.42:50495     216.58.209.174:443     TIME_WAIT
  TCP    192.168.1.42:50500     216.58.209.206:443     ESTABLISHED
  TCP    192.168.1.42:50501     216.58.209.206:443     ESTABLISHED
  TCP    192.168.1.42:50506     216.58.209.206:443     TIME_WAIT
  TCP    192.168.1.42:50510     74.125.136.189:443     ESTABLISHED
  TCP    192.168.1.42:50514     216.58.209.162:443     ESTABLISHED
  TCP    192.168.1.42:50516     216.58.209.174:443     TIME_WAIT
  TCP    192.168.1.42:50517     216.58.209.194:443     ESTABLISHED
  TCP    192.168.1.42:50580     92.45.4.105:443        ESTABLISHED
  TCP    192.168.1.42:50581     92.45.4.105:443        ESTABLISHED
  TCP    192.168.1.42:50583     216.58.209.194:80      ESTABLISHED
  TCP    192.168.1.42:50599     92.45.4.105:443        ESTABLISHED
  TCP    192.168.1.42:50608     92.45.4.105:443        ESTABLISHED
  TCP    192.168.1.42:50611     92.45.4.105:443        ESTABLISHED
  TCP    192.168.1.42:50614     199.16.156.41:443      ESTABLISHED
  TCP    192.168.1.42:50615     199.16.156.75:443      ESTABLISHED
  TCP    192.168.1.42:50637     216.58.209.193:443     ESTABLISHED
  TCP    192.168.1.42:50639     195.175.112.137:80     ESTABLISHED
  TCP    192.168.1.42:50641     95.131.122.232:443     ESTABLISHED
  TCP    192.168.1.42:50648     50.31.164.175:443      ESTABLISHED
  TCP    192.168.1.42:50652     216.58.209.166:443     ESTABLISHED
  TCP    192.168.1.42:50653     104.86.246.200:443     ESTABLISHED
  TCP    192.168.1.42:50654     63.140.35.160:443      ESTABLISHED
  TCP    192.168.1.42:50655     216.58.209.198:443     ESTABLISHED
  TCP    192.168.1.42:50669     216.58.209.166:443     ESTABLISHED
  TCP    192.168.1.42:50672     216.58.209.168:80      ESTABLISHED
  TCP    192.168.1.42:50676     216.58.209.193:443     ESTABLISHED
  TCP    192.168.1.42:50677     40.118.20.241:443      ESTABLISHED
  TCP    192.168.1.42:50679     198.41.215.67:443      ESTABLISHED
  TCP    192.168.1.42:50683     104.28.6.106:443       ESTABLISHED
  TCP    192.168.1.42:50689     198.41.215.67:443      ESTABLISHED
  TCP    192.168.1.42:50691     104.16.95.65:443       ESTABLISHED
  TCP    192.168.1.42:50791     23.111.11.34:80        TIME_WAIT
  TCP    192.168.1.42:50792     216.58.209.202:80      TIME_WAIT
  TCP    192.168.1.42:50793     40.114.151.29:80       TIME_WAIT
  TCP    192.168.1.42:50797     54.192.135.87:80       TIME_WAIT
  TCP    192.168.1.42:50799     216.58.209.162:80      TIME_WAIT
  TCP    192.168.1.42:50800     216.58.209.162:80      TIME_WAIT
  TCP    192.168.1.42:50803     195.175.112.137:80     TIME_WAIT
  TCP    192.168.1.42:50806     195.244.32.92:80       TIME_WAIT
  TCP    192.168.1.42:50807     195.244.32.92:80       TIME_WAIT
  TCP    192.168.1.42:50808     195.244.32.92:80       TIME_WAIT
  TCP    192.168.1.42:50809     195.244.32.92:80       TIME_WAIT
  TCP    192.168.1.42:50812     83.66.160.22:80        TIME_WAIT
  TCP    192.168.1.42:50813     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50814     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50815     46.20.153.237:80       TIME_WAIT
  TCP    192.168.1.42:50817     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50818     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50819     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50820     81.26.166.11:80        TIME_WAIT
  TCP    192.168.1.42:50821     81.26.166.11:80        TIME_WAIT
  TCP    192.168.1.42:50825     2.23.97.60:443         TIME_WAIT
  TCP    192.168.1.42:50829     179.60.192.7:80        TIME_WAIT
  TCP    192.168.1.42:50830     179.60.192.7:80        TIME_WAIT
  TCP    192.168.1.42:50831     195.175.112.137:80     TIME_WAIT
  TCP    192.168.1.42:50832     195.175.112.137:80     TIME_WAIT
  TCP    192.168.1.42:50833     195.175.112.137:80     TIME_WAIT
  TCP    192.168.1.42:50834     195.175.112.137:80     TIME_WAIT
  TCP    192.168.1.42:50838     104.16.35.249:80       ESTABLISHED
  TCP    192.168.1.42:50841     107.21.125.66:443      TIME_WAIT
  TCP    192.168.1.42:50852     195.175.112.106:80     ESTABLISHED
  TCP    192.168.1.42:50853     195.175.112.106:80     ESTABLISHED
  TCP    192.168.1.42:50854     195.175.112.112:80     ESTABLISHED
  TCP    192.168.1.42:50855     195.175.112.112:80     ESTABLISHED
  TCP    192.168.1.42:50856     195.175.112.106:80     ESTABLISHED
  TCP    192.168.1.42:50869     104.16.24.235:80       ESTABLISHED
  TCP    192.168.1.42:50871     94.31.29.230:80        TIME_WAIT
  TCP    192.168.1.42:50873     83.66.160.22:80        TIME_WAIT
  TCP    192.168.1.42:50874     192.229.233.25:80      TIME_WAIT
  TCP    192.168.1.42:50882     216.58.209.170:80      TIME_WAIT
  TCP    192.168.1.42:50884     23.111.11.34:80        TIME_WAIT
  TCP    192.168.1.42:50891     40.114.151.29:80       TIME_WAIT
  TCP    192.168.1.42:50894     23.111.11.34:80        TIME_WAIT
  TCP    192.168.1.42:50895     54.182.216.4:80        ESTABLISHED
  TCP    192.168.1.42:50896     54.182.216.4:80        TIME_WAIT
  TCP    192.168.1.42:50897     104.16.17.35:80        ESTABLISHED
  TCP    192.168.1.42:50899     195.175.112.179:80     ESTABLISHED
  TCP    192.168.1.42:50901     216.58.209.194:80      TIME_WAIT
  TCP    192.168.1.42:50902     216.58.209.194:80      TIME_WAIT
  TCP    192.168.1.42:50905     82.199.80.143:80       TIME_WAIT
  TCP    192.168.1.42:50906     82.199.80.143:80       TIME_WAIT
  TCP    192.168.1.42:50907     82.199.80.143:80       TIME_WAIT
  TCP    192.168.1.42:50908     195.175.112.137:80     TIME_WAIT
  TCP    192.168.1.42:50909     195.175.112.137:80     TIME_WAIT
  TCP    192.168.1.42:50911     46.20.158.25:80        TIME_WAIT
  TCP    192.168.1.42:50913     179.60.192.7:80        TIME_WAIT
  TCP    192.168.1.42:50914     179.60.192.7:80        TIME_WAIT
  TCP    192.168.1.42:50915     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50916     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50917     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50918     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50921     81.26.166.11:80        TIME_WAIT
  TCP    192.168.1.42:50922     81.26.166.11:80        TIME_WAIT
  TCP    192.168.1.42:50925     195.244.32.81:80       TIME_WAIT
  TCP    192.168.1.42:50926     195.244.32.81:80       TIME_WAIT
  TCP    192.168.1.42:50927     195.244.32.81:80       TIME_WAIT
  TCP    192.168.1.42:50932     195.244.32.81:80       TIME_WAIT
  TCP    192.168.1.42:50933     2.23.97.60:443         TIME_WAIT
  TCP    192.168.1.42:50938     54.175.54.188:443      ESTABLISHED
  TCP    192.168.1.42:50939     5.79.74.36:443         ESTABLISHED
  TCP    192.168.1.42:50940     40.118.20.241:443      TIME_WAIT
  TCP    192.168.1.42:50944     94.31.29.230:80        TIME_WAIT
  TCP    192.168.1.42:50959     23.111.11.34:80        TIME_WAIT
  TCP    192.168.1.42:50960     216.58.209.170:80      TIME_WAIT
  TCP    192.168.1.42:50961     40.114.151.29:80       TIME_WAIT
  TCP    192.168.1.42:50963     54.192.198.230:80      ESTABLISHED
  TCP    192.168.1.42:50965     54.192.198.230:80      TIME_WAIT
  TCP    192.168.1.42:50966     216.58.209.194:80      TIME_WAIT
  TCP    192.168.1.42:50967     216.58.209.194:80      TIME_WAIT
  TCP    192.168.1.42:50968     82.199.80.143:80       TIME_WAIT
  TCP    192.168.1.42:50969     82.199.80.143:80       TIME_WAIT
  TCP    192.168.1.42:50970     195.175.112.137:80     TIME_WAIT
  TCP    192.168.1.42:50974     83.66.160.22:80        TIME_WAIT
  TCP    192.168.1.42:50975     195.175.112.201:80     TIME_WAIT
  TCP    192.168.1.42:50976     216.58.209.194:80      TIME_WAIT
  TCP    192.168.1.42:50977     104.16.24.235:80       TIME_WAIT
  TCP    192.168.1.42:50978     216.58.209.194:80      ESTABLISHED
  TCP    192.168.1.42:50979     81.26.166.70:80        ESTABLISHED
  TCP    192.168.1.42:50980     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50981     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50982     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50983     195.175.112.179:80     TIME_WAIT
  TCP    192.168.1.42:50984     81.26.166.11:80        TIME_WAIT
  TCP    192.168.1.42:50985     81.26.166.11:80        TIME_WAIT
  TCP    192.168.1.42:50989     31.13.90.6:80          TIME_WAIT
  TCP    192.168.1.42:50990     31.13.90.6:80          TIME_WAIT
  TCP    [::]:135               [::]:0                 LISTENING
  TCP    [::]:445               [::]:0                 LISTENING
  TCP    [::]:3306              [::]:0                 LISTENING
  TCP    [::]:5357              [::]:0                 LISTENING
  TCP    [::]:49152             [::]:0                 LISTENING
  TCP    [::]:49153             [::]:0                 LISTENING
  TCP    [::]:49154             [::]:0                 LISTENING
  TCP    [::]:49155             [::]:0                 LISTENING
  TCP    [::]:49156             [::]:0                 LISTENING
  TCP    [::]:49157             [::]:0                 LISTENING
  TCP    [::1]:49158            [::]:0                 LISTENING
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:4500           *:*
  UDP    0.0.0.0:5355           *:*
  UDP    0.0.0.0:49154          *:*
  UDP    0.0.0.0:49253          *:*
  UDP    0.0.0.0:52445          *:*
  UDP    0.0.0.0:57103          *:*
  UDP    127.0.0.1:1900         *:*
  UDP    127.0.0.1:5353         *:*
  UDP    127.0.0.1:48200        *:*
  UDP    127.0.0.1:52444        *:*
  UDP    192.168.1.42:137       *:*
  UDP    192.168.1.42:138       *:*
  UDP    192.168.1.42:1900      *:*
  UDP    192.168.1.42:52443     *:*
  UDP    [::]:500               *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:4500              *:*
  UDP    [::]:49155             *:*
  UDP    [::]:49254             *:*
  UDP    [::]:52446             *:*
  UDP    [::]:57104             *:*
  UDP    [::1]:1900             *:*
  UDP    [::1]:52442            *:*
  UDP    [fe80::2003:35e3:3f57:fed5%8]:546  *:*

C:UsersASUS>

ANSWER :

Port 546 is a port used by IPv6 for DHCP. Have a look at this MS article

I wouldn’t connect this port being in use with any suspicious activity.

Try a

Netstat -anp udp -o

this will show the process id of whatever is using that connection, then look for that PID in task manager Services Tab.

No this definitely does not mean someone is watching you. What this means is that IPv6 is being used on port 546.

Let’s find out what is using port 546.

Do the following:

  1. Open a command prompt with elevated privileges
  2. Run Netstat -ano | find “546”
  3. Look for the PID (this is the Process ID)
  4. Open up Task Manager
  5. Go to Processes
  6. Then go to View > Select Columns > PID
  7. Now look up the PID number that was output in your Netstat Command.

This would be the application using the IPv6 address and Port Number that you saw. This simply means that a specific application was using this port.

Hope this helps!

Leave a Reply

Your email address will not be published. Required fields are marked *