@SuppressedI can speak to #1.
Each TCP connection uses a source IP, source port, destination IP, and destination port. You might think of the IP as a phone number, and the port as an extension (but in TCP we use extensions on both sides). netstat shows us these connections, along with the state that they are in (generally, ESTABLISHED or CLOSE_WAIT for a good connection, SYN_something for a connection that is hung in the initial setup).
Here's an example of a connection I have open (using different port because it's a different protocol, and not on MS so the syntax is a little different).
hawkeye$ netstat -an | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 172.30.219.103:
45151 172.30.219.110:22 ESTABLISHED
tcp 0 0 :::22 :::* LISTEN
hawkeye$ netstat -a | grep wolverine
tcp 0 0 hawkeye:lds-distrib wolverine:56510 ESTABLISHED
tcp 0 0 hawkeye:nfs wolverine:rndc ESTABLISHED
tcp 0 0 hawkeye:mysql wolverine:52692 ESTABLISHED
tcp 0 0 hawkeye:lds-distrib wolverine:56508 ESTABLISHED
tcp 0 0 hawkeye:mysql wolverine:52690 ESTABLISHED
tcp 0 0 hawkeye:
45151 wolverine:ssh ESTABLISHED
Okay, first thing to note is I added a colon before the 22. I don't need to see every line with a 22 in it. I could even use ":22 " to cut it down further if necessary.
netstat with -n shows me only numbers, while w/o it it looks up the hostnames associated with the IP address and port if available.
Looking at the two lines that have the same source port, 45151, I can see that the connection is established. I can also tell what addresses it is using. The latter will provide a clue if the address doesn't "look right". From there, we would use other tools to determine if DNS is providing the correct information, or if something like a virus is bypassing that information to try to trick you into providing your login info on a site that looks a lot like hotmail/microsoft.
You want to run these while it is spinning. If the connection is http/https and sucessful, it's going to stay open a very short time after you load a page so you have to be quick.
There shouldn't be anything wrong with posting your IP, because that IP should be one that is only available inside your house/work/etc. But if you want to dump it to a file and search and replace, go for it. As long as you're not seeing anything when you look for "SYN", we should never need to care what your local IP is, only what you are trying to connect to.