I have a PC set up for pentesting, and I am still building it, finding programs ect. Two issues, 1. I am fairly certain I am getting good downloads from the official sites, except in one notable case, the windows binary is no longer maintained and of course now I have something listening I can see in netstat connection 126.96.36.199 port 1064 supposedly the JSTEL service. I have blocked the connection at the Windows Firewall, and redirected it to localhost through the hosts file, but I am not sure if this really is malicious, or a side effect of a legit program.
So I could use any advice on determining the nature of this connection.
2. because I am downloading applications that will be detected by my a/v, how can I distinguish between a hacking tool, and malware?