打印

[协议分析] 怪现象

chi

本站劳模

Rank: 4

精华: 0
积分: 346

发短消息
加为好友
当前离线

1^# 大中小发表于 2007-6-19 15:29 只看该作者

怪现象

问题：怎么有这么多的SMTP协议？？？？？

操作系统win2000 PRO版的，现在上网正常。没有病毒,用360扫描后没有流氓软件。
以下是我的路由表（在开机几分钟后，开机几个小时后路由表更多）：

C:\Documents and Settings\chiguoxin>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter
0x4 ...00 ff 23 24 69 39 ...... TAP-Win32 Adapter V8
0x5 ...00 ff 3d e8 70 30 ...... TAP-Win32 Adapter V8
0x1000007 ...00 a1 b0 03 57 5a ...... NDIS 5.0 driver

===========================================================================
===========================================================================
Active Routes:
Network Destination       Netmask       Gateway    Interface  Metric
      0.0.0.0       0.0.0.0    192.168.1.1 192.168.1.22    1
   12.6.41.137  255.255.255.255    192.168.1.1 192.168.1.22    1
   12.10.16.175  255.255.255.255    192.168.1.1 192.168.1.22    1
12.33.189.100  255.255.255.255    192.168.1.1 192.168.1.22    1
   12.160.156.2  255.255.255.255    192.168.1.1 192.168.1.22    1
   24.97.2.229  255.255.255.255    192.168.1.1 192.168.1.22    1
   38.102.9.178  255.255.255.255    192.168.1.1 192.168.1.22    1
   60.191.81.61  255.255.255.255    192.168.1.1 192.168.1.22    1
61.109.252.25  255.255.255.255    192.168.1.1 192.168.1.22    1
62.17.141.114  255.255.255.255    192.168.1.1 192.168.1.22    1
62.232.208.151  255.255.255.255    192.168.1.1 192.168.1.22    1
   63.88.37.66  255.255.255.255    192.168.1.1 192.168.1.22    1
63.209.10.225  255.255.255.255    192.168.1.1 192.168.1.22    1
63.209.10.242  255.255.255.255    192.168.1.1 192.168.1.22    1
63.238.52.117  255.255.255.255    192.168.1.1 192.168.1.22    1
   64.18.5.11  255.255.255.255    192.168.1.1 192.168.1.22    1
   64.18.5.14  255.255.255.255    192.168.1.1 192.168.1.22    1
   64.18.6.13  255.255.255.255    192.168.1.1 192.168.1.22    1
   64.18.6.14  255.255.255.255    192.168.1.1 192.168.1.22    1
   64.18.7.10  255.255.255.255    192.168.1.1 192.168.1.22    1
   64.18.7.13  255.255.255.255    192.168.1.1 192.168.1.22    1
   64.18.7.14  255.255.255.255    192.168.1.1 192.168.1.22    1
   64.52.41.227  255.255.255.255    192.168.1.1 192.168.1.22    1
64.143.122.214  255.255.255.255    192.168.1.1 192.168.1.22    1
64.167.186.131  255.255.255.255    192.168.1.1 192.168.1.22    1
64.235.237.164  255.255.255.255    192.168.1.1 192.168.1.22    1
64.255.237.202  255.255.255.255    192.168.1.1 192.168.1.22    1
   65.220.8.162  255.255.255.255    192.168.1.1 192.168.1.22    1
   66.0.12.123  255.255.255.255    192.168.1.1 192.168.1.22    1
   66.28.227.61  255.255.255.255    192.168.1.1 192.168.1.22    1
66.109.229.62  255.255.255.255    192.168.1.1 192.168.1.22    1
67.51.104.100  255.255.255.255    192.168.1.1 192.168.1.22    1
   67.78.89.29  255.255.255.255    192.168.1.1 192.168.1.22    1
   67.91.161.34  255.255.255.255    192.168.1.1 192.168.1.22    1
67.130.11.206  255.255.255.255    192.168.1.1 192.168.1.22    1
   67.132.6.13  255.255.255.255    192.168.1.1 192.168.1.22    1
68.142.194.14  255.255.255.255    192.168.1.1 192.168.1.22    1
68.142.233.180  255.255.255.255    192.168.1.1 192.168.1.22    1
   69.20.116.29  255.255.255.255    192.168.1.1 192.168.1.22    1
   70.62.11.20  255.255.255.255    192.168.1.1 192.168.1.22    1
70.255.225.165  255.255.255.255    192.168.1.1 192.168.1.22    1
   74.94.3.173  255.255.255.255    192.168.1.1 192.168.1.22    1
81.103.221.10  255.255.255.255    192.168.1.1 192.168.1.22    1
85.97.116.203  255.255.255.255    192.168.1.1 192.168.1.22    1
      127.0.0.0       255.0.0.0       127.0.0.1    127.0.0.1    1
134.114.96.19  255.255.255.255    192.168.1.1 192.168.1.22    1
150.143.103.11  255.255.255.255    192.168.1.1 192.168.1.22    1
157.182.203.37  255.255.255.255    192.168.1.1 192.168.1.22    1
159.27.254.205  255.255.255.255    192.168.1.1 192.168.1.22    1
161.165.225.20  255.255.255.255    192.168.1.1 192.168.1.22    1
   167.246.9.51  255.255.255.255    192.168.1.1 192.168.1.22    1
   169.254.0.0    255.255.0.0 169.254.25.142  169.254.25.142    1
   169.254.0.0    255.255.0.0  169.254.218.201  169.254.218.201    1
169.254.25.142  255.255.255.255       127.0.0.1    127.0.0.1    1
  169.254.218.201  255.255.255.255       127.0.0.1    127.0.0.1    1
  169.254.255.255  255.255.255.255 169.254.25.142  169.254.25.142    1
  169.254.255.255  255.255.255.255  169.254.218.201  169.254.218.201    1
   170.3.8.60  255.255.255.255    192.168.1.1 192.168.1.22    1
   192.168.1.0 255.255.255.0    192.168.1.22 192.168.1.22    1
   192.168.1.22  255.255.255.255       127.0.0.1    127.0.0.1    1
192.168.1.255  255.255.255.255    192.168.1.22 192.168.1.22    1
   196.40.47.2  255.255.255.255    192.168.1.1 192.168.1.22    1
200.89.168.245  255.255.255.255    192.168.1.1 192.168.1.22    1
202.43.216.39  255.255.255.255    192.168.1.1 192.168.1.22    1
202.43.216.165  255.255.255.255    192.168.1.1 192.168.1.22    1
202.43.216.252  255.255.255.255    192.168.1.1 192.168.1.22    1
  202.165.100.214  255.255.255.255    192.168.1.1 192.168.1.22    1
202.165.102.6  255.255.255.255    192.168.1.1 192.168.1.22    1
202.165.103.37  255.255.255.255    192.168.1.1 192.168.1.22    1
  202.165.103.245  255.255.255.255    192.168.1.1 192.168.1.22    1
   204.56.90.14  255.255.255.255    192.168.1.1 192.168.1.22    1
204.86.209.23  255.255.255.255    192.168.1.1 192.168.1.22    1
204.116.46.133  255.255.255.255    192.168.1.1 192.168.1.22    1
   204.157.3.90  255.255.255.255    192.168.1.1 192.168.1.22    1
205.178.149.7  255.255.255.255    192.168.1.1 192.168.1.22    1
  206.251.228.150  255.255.255.255    192.168.1.1 192.168.1.22    1
207.7.208.202  255.255.255.255    192.168.1.1 192.168.1.22    1
   207.40.152.2  255.255.255.255    192.168.1.1 192.168.1.22    1
   207.97.242.4  255.255.255.255    192.168.1.1 192.168.1.22    1
  207.155.249.206  255.255.255.255    192.168.1.1 192.168.1.22    1
   209.16.89.4  255.255.255.255    192.168.1.1 192.168.1.22    1
209.16.114.57  255.255.255.255    192.168.1.1 192.168.1.22    1
   209.139.6.48  255.255.255.255    192.168.1.1 192.168.1.22    1
  209.162.229.147  255.255.255.255    192.168.1.1 192.168.1.22    1
209.168.211.90  255.255.255.255    192.168.1.1 192.168.1.22    1
  209.185.159.199  255.255.255.255    192.168.1.1 192.168.1.22    1
209.240.224.81  255.255.255.255    192.168.1.1 192.168.1.22    1
212.254.146.91  255.255.255.255    192.168.1.1 192.168.1.22    1
213.199.154.22  255.255.255.255    192.168.1.1 192.168.1.22    1
216.25.72.121  255.255.255.255    192.168.1.1 192.168.1.22    1
216.61.239.75  255.255.255.255    192.168.1.1 192.168.1.22    1
216.81.159.106  255.255.255.255    192.168.1.1 192.168.1.22    1
  216.157.112.155  255.255.255.255    192.168.1.1 192.168.1.22    1
216.158.48.62  255.255.255.255    192.168.1.1 192.168.1.22    1
216.195.55.50  255.255.255.255    192.168.1.1 192.168.1.22    1
  216.201.234.195  255.255.255.255    192.168.1.1 192.168.1.22    1
  216.242.204.121  255.255.255.255    192.168.1.1 192.168.1.22    1
  217.173.101.227  255.255.255.255    192.168.1.1 192.168.1.22    1
220.181.12.209  255.255.255.255    192.168.1.1 192.168.1.22    1
      224.0.0.0       224.0.0.0 169.254.25.142  169.254.25.142    1
      224.0.0.0       224.0.0.0  169.254.218.201  169.254.218.201    1
      224.0.0.0       224.0.0.0    192.168.1.22 192.168.1.22    1
  255.255.255.255  255.255.255.255  169.254.218.201  169.254.218.201    1
Default Gateway:    192.168.1.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\chiguoxin>

以下是我的进程列表：
E:\mt>mt -pslist

PID    Path
0    [Idle Process]
8    \[System]
152    \SystemRoot\System32\smss.exe
180    \??\C:\WINNT\system32\csrss.exe
200    \??\C:\WINNT\system32\winlogon.exe
228    C:\WINNT\system32\services.exe
240    C:\WINNT\system32\lsass.exe
468    C:\Program Files\Eset\nod32krn.exe
528    C:\WINNT\system32\svchost.exe
584    C:\WINNT\system32\svchost.exe
656    C:\WINNT\system32\svchost.exe
872    C:\WINNT\system32\MSTask.exe
992    C:\WINNT\system32\inetsrv\inetinfo.exe
1076 C:\WINNT\Explorer.EXE
1284 C:\WINNT\system32\internat.exe
1320 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
708    C:\Program Files\Tencent\TM\TMDlls\TM.exe
896    C:\Program Files\Tencent\TM\TMDlls\TIMPlatform.exe
828    C:\WINNT\system32\conime.exe
1512 C:\WINNT\system32\cmd.exe
1904 C:\WINNT\System32\WBEM\WinMgmt.exe
956    C:\WINNT\system32\cmd.exe
1764 E:\mt\mt.exe

E:\mt>

以下是用netstat -an输入的：

C:\Documents and Settings\chiguoxin>netstat -an

Active Connections

  Proto  Local Address       Foreign Address       State
  TCP 0.0.0.0:21          0.0.0.0:0             LISTENING
  TCP 0.0.0.0:25          0.0.0.0:0             LISTENING
  TCP 0.0.0.0:80          0.0.0.0:0             LISTENING
  TCP 0.0.0.0:135          0.0.0.0:0             LISTENING
  TCP 0.0.0.0:443          0.0.0.0:0             LISTENING
  TCP 0.0.0.0:445          0.0.0.0:0             LISTENING
  TCP 0.0.0.0:1025          0.0.0.0:0             LISTENING
  TCP 0.0.0.0:1027          0.0.0.0:0             LISTENING
  TCP 192.168.1.22:139    0.0.0.0:0             LISTENING
  TCP 192.168.1.22:3428    202.43.216.74:5050    ESTABLISHED
  TCP 192.168.1.22:3555    68.142.233.139:443    ESTABLISHED
  TCP 192.168.1.22:50455    219.133.63.142:443    CLOSE_WAIT
  UDP 0.0.0.0:135          *:*
  UDP 0.0.0.0:445          *:*
  UDP 0.0.0.0:3001          *:*
  UDP 0.0.0.0:3002          *:*
  UDP 0.0.0.0:3456          *:*
  UDP 0.0.0.0:4000          *:*
  UDP 0.0.0.0:5051          *:*
  UDP 0.0.0.0:13462       *:*
  UDP 0.0.0.0:13488       *:*
  UDP 0.0.0.0:14556       *:*
  UDP 0.0.0.0:14589       *:*
  UDP 0.0.0.0:15033       *:*
  UDP 0.0.0.0:15065       *:*
  UDP 0.0.0.0:15081       *:*
  UDP 0.0.0.0:15104       *:*
  UDP 0.0.0.0:16489       *:*
  UDP 0.0.0.0:16510       *:*
  UDP 0.0.0.0:16661       *:*
  UDP 0.0.0.0:16689       *:*
  UDP 0.0.0.0:17429       *:*
  UDP 0.0.0.0:17476       *:*
  UDP 0.0.0.0:50474       *:*
  UDP 0.0.0.0:50860       *:*
  UDP 0.0.0.0:50867       *:*
  UDP 0.0.0.0:50881       *:*
  UDP 0.0.0.0:50888       *:*
  UDP 0.0.0.0:50916       *:*
  UDP 0.0.0.0:50954       *:*
  UDP 0.0.0.0:50958       *:*
  UDP 0.0.0.0:50961       *:*
  UDP 0.0.0.0:50965       *:*
  UDP 0.0.0.0:50977       *:*
  UDP 0.0.0.0:51010       *:*
  UDP 0.0.0.0:51012       *:*
  UDP 0.0.0.0:51013       *:*
  UDP 0.0.0.0:51014       *:*
  UDP 0.0.0.0:51016       *:*
  UDP 127.0.0.1:3466       *:*
  UDP 127.0.0.1:10770       *:*
  UDP 127.0.0.1:11124       *:*
  UDP 127.0.0.1:50076       *:*
  UDP 192.168.1.22:137    *:*
  UDP 192.168.1.22:138    *:*
  UDP 192.168.1.22:500    *:*
  UDP 192.168.1.22:3607    *:*
  UDP 192.168.1.22:3608    *:*
  UDP 192.168.1.22:4500    *:*

C:\Documents and Settings\chiguoxin>

用TCPVIEW看的如下：

inetinfo.exe:992 TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
inetinfo.exe:992 TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
inetinfo.exe:992 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
svchost.exe:528          TCP    0.0.0.0:135 0.0.0.0:0 LISTENING
inetinfo.exe:992 TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
System:8          TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
mstask.exe:872          TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
inetinfo.exe:992 TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
System:8          TCP 192.168.1.22:139 0.0.0.0:0 LISTENING
YahooMessenger.:1320 TCP 192.168.1.22:3555 68.142.233.139:443 ESTABLISHED
YahooMessenger.:1320 TCP 192.168.1.22:3428 202.43.216.74:5050 ESTABLISHED
TM.exe:708          TCP 192.168.1.22:50455 219.133.63.142:443 CLOSE_WAIT
svchost.exe:528          UDP 0.0.0.0:135 *:*
System:8          UDP 0.0.0.0:445 *:*
svchost.exe:656          UDP 0.0.0.0:3001 *:*
inetinfo.exe:992 UDP 0.0.0.0:3002 *:*
inetinfo.exe:992 UDP 0.0.0.0:3456 *:*
TM.exe:708          UDP 0.0.0.0:4000 *:*
YahooMessenger.:1320 UDP 0.0.0.0:5051 *:*
TM.exe:708          UDP 0.0.0.0:13462 *:*
TM.exe:708          UDP 0.0.0.0:13488 *:*
TM.exe:708          UDP 0.0.0.0:14556 *:*
TM.exe:708          UDP 0.0.0.0:14589 *:*
TM.exe:708          UDP 0.0.0.0:15033 *:*
TM.exe:708          UDP 0.0.0.0:15065 *:*
TM.exe:708          UDP 0.0.0.0:15081 *:*
TM.exe:708          UDP 0.0.0.0:15104 *:*
TM.exe:708          UDP 0.0.0.0:16489 *:*
TM.exe:708          UDP 0.0.0.0:16510 *:*
TM.exe:708          UDP 0.0.0.0:16661 *:*
TM.exe:708          UDP 0.0.0.0:16689 *:*
TM.exe:708          UDP 0.0.0.0:17429 *:*
TM.exe:708          UDP 0.0.0.0:17476 *:*
<non-existent>:1568 UDP 0.0.0.0:51655 *:*
<non-existent>:1568 UDP 0.0.0.0:51658 *:*
<non-existent>:1568 UDP 0.0.0.0:51680 *:*
<non-existent>:1568 UDP 0.0.0.0:51690 *:*
YahooMessenger.:1320 UDP 127.0.0.1:3466 *:*
TM.exe:708          UDP 127.0.0.1:10770 *:*
explorer.exe:1076 UDP 127.0.0.1:11124 *:*
<non-existent>:1784 UDP 127.0.0.1:50076 *:*
System:8          UDP 192.168.1.22:137 *:*
System:8          UDP 192.168.1.22:138 *:*
LSASS.EXE:240          UDP 192.168.1.22:500 *:*
YahooMessenger.:1320 UDP 192.168.1.22:3607 *:*
YahooMessenger.:1320 UDP 192.168.1.22:3608 *:*
LSASS.EXE:240          UDP 192.168.1.22:4500 *:*
<non-existent>:1568 UDP 0.0.0.0:51710 *:*
<non-existent>:1568 UDP 0.0.0.0:51718 *:*
<non-existent>:1568 UDP 0.0.0.0:51753 *:*
<non-existent>:1568 UDP 0.0.0.0:51763 *:*
<non-existent>:1568 UDP 0.0.0.0:51774 *:*
<non-existent>:1568 UDP 0.0.0.0:51793 *:*
<non-existent>:1568 UDP 0.0.0.0:51796 *:*
<non-existent>:1568 UDP 0.0.0.0:51799 *:*
<non-existent>:1568 UDP 0.0.0.0:51805 *:*
<non-existent>:1568 UDP 0.0.0.0:51806 *:*
<non-existent>:1568 UDP 0.0.0.0:51809 *:*
<non-existent>:1568 UDP 0.0.0.0:51810 *:*
<non-existent>:1568 UDP 0.0.0.0:51815 *:*