Sign in to follow this  
Followers 0
Richard C.

Suggestions as to unusual Netstat data?

9 posts in this topic

I just did a cold reboot, so netstat should return almost no connections right, since none of the service I have installed except for Apple Update (and Of Course Windows Update) require internet access, yet according to netstat I have a butload of connections! Is this normal? Please explain to me

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    10.0.0.19:51054        origin:http            ESTABLISHED
  TCP    10.0.0.19:51055        vlan705:http           ESTABLISHED
  TCP    10.0.0.19:51056        m24-mp2:http           ESTABLISHED
  TCP    10.0.0.19:51057        157.55.253.50:http     ESTABLISHED
  TCP    10.0.0.19:51058        m89-mp2:http           ESTABLISHED
  TCP    10.0.0.19:51059        m24-mp2:http           ESTABLISHED
  TCP    10.0.0.19:51060        168.63.124.173:http    ESTABLISHED
  TCP    10.0.0.19:51061        m89-mp2:http           ESTABLISHED
  TCP    127.0.0.1:5354         cookyspc:49156         ESTABLISHED
  TCP    127.0.0.1:5354         cookyspc:49157         ESTABLISHED
  TCP    127.0.0.1:49156        cookyspc:5354          ESTABLISHED
  TCP    127.0.0.1:49157        cookyspc:5354          ESTABLISHED
  TCP    127.0.0.1:51049        cookyspc:wsd           TIME_WAIT
  TCP    127.0.0.1:51050        cookyspc:wsd           TIME_WAIT
  TCP    127.0.0.1:51052        cookyspc:wsd           TIME_WAIT
  TCP    127.0.0.1:51053        cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51045            cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51047            cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51048            cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51051            cookyspc:wsd           TIME_WAIT
Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       544
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       852
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       1104
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       1132
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       1588
  TCP    0.0.0.0:49158          0.0.0.0:0              LISTENING       908
  TCP    0.0.0.0:49159          0.0.0.0:0              LISTENING       916
  TCP    10.0.0.19:139          0.0.0.0:0              LISTENING       4
  TCP    10.0.0.19:51054        204.79.197.200:80      ESTABLISHED     3052
  TCP    10.0.0.19:51055        207.46.129.165:80      ESTABLISHED     3052
  TCP    10.0.0.19:51056        62.254.36.24:80        ESTABLISHED     3052
  TCP    10.0.0.19:51057        157.55.253.50:80       ESTABLISHED     3052
  TCP    10.0.0.19:51058        62.254.36.89:80        ESTABLISHED     3052
  TCP    10.0.0.19:51059        62.254.36.24:80        ESTABLISHED     3052
  TCP    10.0.0.19:51060        168.63.124.173:80      ESTABLISHED     3052
  TCP    10.0.0.19:51061        62.254.36.89:80        ESTABLISHED     3052
  TCP    10.0.0.19:51063        23.195.29.199:443      ESTABLISHED     4648
  TCP    10.0.0.19:51065        62.254.36.64:80        ESTABLISHED     4648
  TCP    10.0.0.19:51066        62.254.36.89:80        ESTABLISHED     4648
  TCP    10.0.0.19:51069        62.254.36.75:80        ESTABLISHED     1456
  TCP    127.0.0.1:5354         0.0.0.0:0              LISTENING       1852
  TCP    127.0.0.1:5354         127.0.0.1:49156        ESTABLISHED     1852
  TCP    127.0.0.1:5354         127.0.0.1:49157        ESTABLISHED     1852
  TCP    127.0.0.1:27015        0.0.0.0:0              LISTENING       1760
  TCP    127.0.0.1:49156        127.0.0.1:5354         ESTABLISHED     1760
  TCP    127.0.0.1:49157        127.0.0.1:5354         ESTABLISHED     1760
  TCP    127.0.0.1:51049        127.0.0.1:5357         TIME_WAIT       0
  TCP    127.0.0.1:51050        127.0.0.1:5357         TIME_WAIT       0
  TCP    127.0.0.1:51052        127.0.0.1:5357         TIME_WAIT       0
  TCP    127.0.0.1:51053        127.0.0.1:5357         TIME_WAIT       0
  TCP    [::]:135               [::]:0                 LISTENING       544
  TCP    [::]:445               [::]:0                 LISTENING       4
  TCP    [::]:5357              [::]:0                 LISTENING       4
  TCP    [::]:49152             [::]:0                 LISTENING       852
  TCP    [::]:49153             [::]:0                 LISTENING       1104
  TCP    [::]:49154             [::]:0                 LISTENING       1132
  TCP    [::]:49155             [::]:0                 LISTENING       1588
  TCP    [::]:49158             [::]:0                 LISTENING       908
  TCP    [::]:49159             [::]:0                 LISTENING       916
  TCP    [::1]:49190            [::]:0                 LISTENING       3240
  TCP    [::1]:51045            [::1]:5357             TIME_WAIT       0
  TCP    [::1]:51047            [::1]:5357             TIME_WAIT       0
  TCP    [::1]:51048            [::1]:5357             TIME_WAIT       0
  TCP    [::1]:51051            [::1]:5357             TIME_WAIT       0
  UDP    0.0.0.0:500            *:*                                    1132
  UDP    0.0.0.0:3702           *:*                                    1156
  UDP    0.0.0.0:3702           *:*                                    2784
  UDP    0.0.0.0:3702           *:*                                    1900
  UDP    0.0.0.0:3702           *:*                                    1900
  UDP    0.0.0.0:3702           *:*                                    2784
  UDP    0.0.0.0:3702           *:*                                    1156
  UDP    0.0.0.0:4500           *:*                                    1132
  UDP    0.0.0.0:5355           *:*                                    1456
  UDP    0.0.0.0:49513          *:*                                    1852
  UDP    0.0.0.0:52311          *:*                                    2784
  UDP    0.0.0.0:62390          *:*                                    1900
  UDP    0.0.0.0:65356          *:*                                    1156
  UDP    10.0.0.19:137          *:*                                    4
  UDP    10.0.0.19:138          *:*                                    4
  UDP    10.0.0.19:1900         *:*                                    2784
  UDP    10.0.0.19:5353         *:*                                    1852
  UDP    10.0.0.19:54850        *:*                                    2784
  UDP    127.0.0.1:1900         *:*                                    2784
  UDP    127.0.0.1:49511        *:*                                    1760
  UDP    127.0.0.1:49512        *:*                                    1760
  UDP    127.0.0.1:54851        *:*                                    2784
  UDP    [::]:500               *:*                                    1132
  UDP    [::]:3702              *:*                                    2784
  UDP    [::]:3702              *:*                                    1900
  UDP    [::]:3702              *:*                                    2784
  UDP    [::]:3702              *:*                                    1156
  UDP    [::]:3702              *:*                                    1900
  UDP    [::]:3702              *:*                                    1156
  UDP    [::]:4500              *:*                                    1132
  UDP    [::]:5355              *:*                                    1456
  UDP    [::]:49514             *:*                                    1852
  UDP    [::]:52312             *:*                                    2784
  UDP    [::]:62391             *:*                                    1900
  UDP    [::]:65357             *:*                                    1156
  UDP    [::1]:1900             *:*                                    2784
  UDP    [::1]:5353             *:*                                    1852
  UDP    [::1]:54849            *:*                                    2784
  UDP    [fe80::24d6:c2b:f5ff:ffec%5]:546  *:*                                    1104
  UDP    [fe80::f575:319b:e4ac:a6e2%3]:546  *:*                                    1104
  UDP    [fe80::f575:319b:e4ac:a6e2%3]:1900  *:*                                    2784
  UDP    [fe80::f575:319b:e4ac:a6e2%3]:54848  *:*                                    2784

OS: Windows 8.1 Pro

Security suites say malware and virus free

Share this post


Link to post
Share on other sites

I would do a reverse lookup on those ips to determine origin. Could very well be av communication. Would have to wait till I get to a computer to verify our you can go to dnsstuff.com and research.

Share this post


Link to post
Share on other sites

The majority of those connections are going out to microsoft which is normal.

 

These two are not as far as I can tell anyway. 

62.254.36.89:80
23.195.29.199:443

Share this post


Link to post
Share on other sites

The first goes to my ISPs Server, the second I've never seen before, goes to something called Akamai Technologies

Share this post


Link to post
Share on other sites

Akamai is also Microsoft. You are fine.

Share this post


Link to post
Share on other sites

Akamai is also Microsoft. You are fine.

Akamai is not also Microsoft, Akamai is a content distribution network, it's a huge network and some of the largest companies out there use it. They have servers all over the world. MS does mirror a lot of their content on Akamai servers, but that doesn't mean it's Microsoft's content you are getting. Just wanted to clear that up a little :)

Share this post


Link to post
Share on other sites

Microsoft uses Akamai for downloads.  For simplicity sake I stated it was microsoft.

Share this post


Link to post
Share on other sites

paranoid man is paranoid

Share this post


Link to post
Share on other sites

That's barely any connections, you can ignore the 127.0.0.1/::1/fe80* connections as they're just on the LAN (And for stuff like UPnP) Everything else is just plain HTTP traffic for stuff like updates.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.