@ OP: I agree, this belongs in the Lounge. Over all though it's not bad for a 5 minute video. It's worth mentioning that the '-b' switch on netstat will display the name of the executable involved in the connection instead of you having to look it up. You may also want to go over the dangers of an unconnected 'LISTENING' socket that belongs to a suspicious looking executable. You should write up your own suspicious executable and run it from a commonly used directory (Temp or App Data or something) to go into more detail about what kind of thing they should look out for and more importantly what to do when the user finds one.
But it's pretty clear you were targeting the average YouTube user so stuff like what I mentioned would have drawn the video out longer then their 5 min attention span.