最近我买了一台装有 Windows 7 的新笔记本电脑。我有一个 Linux Ubuntu 网关,我阻止了几乎所有东西,除了我想要公开的内容,例如 Apache 和 Windows 7 数据包的转发。
一切运行良好,但我整天都收到来自 Windows 7 到我的网关的连接请求。这些请求被拒绝,所以我预计不会有任何安全问题,但我想知道 W7 为什么要这样做?!
示例设置:
网关是 192.168.1.1 和 192.168.2.1(2 个 NIC 用于增加安全性,内部和外部网关)Windows 7 是 192.168.2.7
我收到如下消息:
SRC=192.168.2.7 DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=5778 DF PROTO=TCP SPT=51955 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
有谁知道那是怎么回事吗?
谢谢。亚历克西斯
答案1
最有可能的是 Windows 正在检测您是否连接到互联网。
否则,它可能是制造商预装在笔记本电脑上的任何东西。最有可能是产品更新类型检查器。
只要您从正版供应商处获得 Windows 副本,您就可以确保它不是恶意软件。
答案2
在 Windows 7 中运行正确的 netstat 命令将尽可能显示所有连接、协议和端口以及相关程序。
Netstat /?
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>netstat /?
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-f Displays Fully Qualified Domain Names (FQDN) for foreign
addresses.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-t Displays the current connection offload state.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.