Well you have the right idea, but that won't work. The Ip you would obtain using the netstat -n or netstat -a commands would only be the Ip autoaddressed to your lan, its the pt-Ip, its not good for anything once the person has ended the direct connection, the only way to attempt to trace the person is to somehow find a wan Ip and perform the tracert command on theyre open port, you would need some sort of scanner, such as brute force or n4track. Find the open port, ping it to find its status, perform a discovery scan on theyre block. If there is a de-militarized IP then you can basically perform a standard tunnel. but i dought there would be any dmz, so basically outside of a full force attack, there is no way to trace the person,...Unless you can get by an AOL proxy
....at that point the feds would be at your door lol...so dun try it.... but if you could get root on his remote machine you could enter the IP in this dossier ,,
www.hexillion.com[/b]