I have a strange situation. i have a router Asus DSL-AX82. Today i login to router and i was exploring the logs sections inside router. I was very surprised when on Port Forwarding log i see 2 port forwards TCP 37120 and TCP 37209 The 2 ports are forwarded on a local ip address , and this address was the address of one of my PC.I checked and the ports are open. But anyone inside my house did not configured those ports forwards.
But when i go in router menus to the section when port forward can be configured , the option "Enable port forwarding" is set to NO , and i can't see any port forward here. but on logs section the 2 ports remain forwarded. I change the local IP on the Pc where the port is forwarded , and i restart the router , after that even on logs section there are no port forwarding anymore. And of course i change the admin password on router.
But i want to know how this is possible , with Port forward option set to no , and port forwarding exist .And what about those 2 port numbers ? Is there any default program that can use these ? Because using netstat command on destination Pc , there are no results for both ports.
netstat -a | findstr 37120
to see the details of the connection. the last item on the line should be the PID of the process that owns that port. you can then runtasklist /SVC | findstr <pid>
to find the name of the process, or use Process Explorer. basically identifying the software that is responsible for the questionable configuration is the first step in figuring out the who/what/why/where/when of the mystery.