Jump to content



Photo

Suggestions as to unusual Netstat data?


  • Please log in to reply
8 replies to this topic

#1 Richard C.

Richard C.

    Neowinian Senior

  • Joined: 15-April 05
  • Location: Around
  • OS: Windows 8.1 Pro & Mac OSX
  • Phone: iPhone 5

Posted 09 November 2013 - 18:12

I just did a cold reboot, so netstat should return almost no connections right, since none of the service I have installed except for Apple Update (and Of Course Windows Update) require internet access, yet according to netstat I have a butload of connections! Is this normal? Please explain to me

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    10.0.0.19:51054        origin:http            ESTABLISHED
  TCP    10.0.0.19:51055        vlan705:http           ESTABLISHED
  TCP    10.0.0.19:51056        m24-mp2:http           ESTABLISHED
  TCP    10.0.0.19:51057        157.55.253.50:http     ESTABLISHED
  TCP    10.0.0.19:51058        m89-mp2:http           ESTABLISHED
  TCP    10.0.0.19:51059        m24-mp2:http           ESTABLISHED
  TCP    10.0.0.19:51060        168.63.124.173:http    ESTABLISHED
  TCP    10.0.0.19:51061        m89-mp2:http           ESTABLISHED
  TCP    127.0.0.1:5354         cookyspc:49156         ESTABLISHED
  TCP    127.0.0.1:5354         cookyspc:49157         ESTABLISHED
  TCP    127.0.0.1:49156        cookyspc:5354          ESTABLISHED
  TCP    127.0.0.1:49157        cookyspc:5354          ESTABLISHED
  TCP    127.0.0.1:51049        cookyspc:wsd           TIME_WAIT
  TCP    127.0.0.1:51050        cookyspc:wsd           TIME_WAIT
  TCP    127.0.0.1:51052        cookyspc:wsd           TIME_WAIT
  TCP    127.0.0.1:51053        cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51045            cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51047            cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51048            cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51051            cookyspc:wsd           TIME_WAIT
Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       544
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       852
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       1104
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       1132
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       1588
  TCP    0.0.0.0:49158          0.0.0.0:0              LISTENING       908
  TCP    0.0.0.0:49159          0.0.0.0:0              LISTENING       916
  TCP    10.0.0.19:139          0.0.0.0:0              LISTENING       4
  TCP    10.0.0.19:51054        204.79.197.200:80      ESTABLISHED     3052
  TCP    10.0.0.19:51055        207.46.129.165:80      ESTABLISHED     3052
  TCP    10.0.0.19:51056        62.254.36.24:80        ESTABLISHED     3052
  TCP    10.0.0.19:51057        157.55.253.50:80       ESTABLISHED     3052
  TCP    10.0.0.19:51058        62.254.36.89:80        ESTABLISHED     3052
  TCP    10.0.0.19:51059        62.254.36.24:80        ESTABLISHED     3052
  TCP    10.0.0.19:51060        168.63.124.173:80      ESTABLISHED     3052
  TCP    10.0.0.19:51061        62.254.36.89:80        ESTABLISHED     3052
  TCP    10.0.0.19:51063        23.195.29.199:443      ESTABLISHED     4648
  TCP    10.0.0.19:51065        62.254.36.64:80        ESTABLISHED     4648
  TCP    10.0.0.19:51066        62.254.36.89:80        ESTABLISHED     4648
  TCP    10.0.0.19:51069        62.254.36.75:80        ESTABLISHED     1456
  TCP    127.0.0.1:5354         0.0.0.0:0              LISTENING       1852
  TCP    127.0.0.1:5354         127.0.0.1:49156        ESTABLISHED     1852
  TCP    127.0.0.1:5354         127.0.0.1:49157        ESTABLISHED     1852
  TCP    127.0.0.1:27015        0.0.0.0:0              LISTENING       1760
  TCP    127.0.0.1:49156        127.0.0.1:5354         ESTABLISHED     1760
  TCP    127.0.0.1:49157        127.0.0.1:5354         ESTABLISHED     1760
  TCP    127.0.0.1:51049        127.0.0.1:5357         TIME_WAIT       0
  TCP    127.0.0.1:51050        127.0.0.1:5357         TIME_WAIT       0
  TCP    127.0.0.1:51052        127.0.0.1:5357         TIME_WAIT       0
  TCP    127.0.0.1:51053        127.0.0.1:5357         TIME_WAIT       0
  TCP    [::]:135               [::]:0                 LISTENING       544
  TCP    [::]:445               [::]:0                 LISTENING       4
  TCP    [::]:5357              [::]:0                 LISTENING       4
  TCP    [::]:49152             [::]:0                 LISTENING       852
  TCP    [::]:49153             [::]:0                 LISTENING       1104
  TCP    [::]:49154             [::]:0                 LISTENING       1132
  TCP    [::]:49155             [::]:0                 LISTENING       1588
  TCP    [::]:49158             [::]:0                 LISTENING       908
  TCP    [::]:49159             [::]:0                 LISTENING       916
  TCP    [::1]:49190            [::]:0                 LISTENING       3240
  TCP    [::1]:51045            [::1]:5357             TIME_WAIT       0
  TCP    [::1]:51047            [::1]:5357             TIME_WAIT       0
  TCP    [::1]:51048            [::1]:5357             TIME_WAIT       0
  TCP    [::1]:51051            [::1]:5357             TIME_WAIT       0
  UDP    0.0.0.0:500            *:*                                    1132
  UDP    0.0.0.0:3702           *:*                                    1156
  UDP    0.0.0.0:3702           *:*                                    2784
  UDP    0.0.0.0:3702           *:*                                    1900
  UDP    0.0.0.0:3702           *:*                                    1900
  UDP    0.0.0.0:3702           *:*                                    2784
  UDP    0.0.0.0:3702           *:*                                    1156
  UDP    0.0.0.0:4500           *:*                                    1132
  UDP    0.0.0.0:5355           *:*                                    1456
  UDP    0.0.0.0:49513          *:*                                    1852
  UDP    0.0.0.0:52311          *:*                                    2784
  UDP    0.0.0.0:62390          *:*                                    1900
  UDP    0.0.0.0:65356          *:*                                    1156
  UDP    10.0.0.19:137          *:*                                    4
  UDP    10.0.0.19:138          *:*                                    4
  UDP    10.0.0.19:1900         *:*                                    2784
  UDP    10.0.0.19:5353         *:*                                    1852
  UDP    10.0.0.19:54850        *:*                                    2784
  UDP    127.0.0.1:1900         *:*                                    2784
  UDP    127.0.0.1:49511        *:*                                    1760
  UDP    127.0.0.1:49512        *:*                                    1760
  UDP    127.0.0.1:54851        *:*                                    2784
  UDP    [::]:500               *:*                                    1132
  UDP    [::]:3702              *:*                                    2784
  UDP    [::]:3702              *:*                                    1900
  UDP    [::]:3702              *:*                                    2784
  UDP    [::]:3702              *:*                                    1156
  UDP    [::]:3702              *:*                                    1900
  UDP    [::]:3702              *:*                                    1156
  UDP    [::]:4500              *:*                                    1132
  UDP    [::]:5355              *:*                                    1456
  UDP    [::]:49514             *:*                                    1852
  UDP    [::]:52312             *:*                                    2784
  UDP    [::]:62391             *:*                                    1900
  UDP    [::]:65357             *:*                                    1156
  UDP    [::1]:1900             *:*                                    2784
  UDP    [::1]:5353             *:*                                    1852
  UDP    [::1]:54849            *:*                                    2784
  UDP    [fe80::24d6:c2b:f5ff:ffec%5]:546  *:*                                    1104
  UDP    [fe80::f575:319b:e4ac:a6e2%3]:546  *:*                                    1104
  UDP    [fe80::f575:319b:e4ac:a6e2%3]:1900  *:*                                    2784
  UDP    [fe80::f575:319b:e4ac:a6e2%3]:54848  *:*                                    2784

OS: Windows 8.1 Pro

Security suites say malware and virus free




#2 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 35
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 09 November 2013 - 18:16

I would do a reverse lookup on those ips to determine origin. Could very well be av communication. Would have to wait till I get to a computer to verify our you can go to dnsstuff.com and research.

#3 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 35
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 09 November 2013 - 21:09

The majority of those connections are going out to microsoft which is normal.

 

These two are not as far as I can tell anyway. 

62.254.36.89:80
23.195.29.199:443



#4 OP Richard C.

Richard C.

    Neowinian Senior

  • Joined: 15-April 05
  • Location: Around
  • OS: Windows 8.1 Pro & Mac OSX
  • Phone: iPhone 5

Posted 10 November 2013 - 12:55

The first goes to my ISPs Server, the second I've never seen before, goes to something called Akamai Technologies



#5 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 35
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 10 November 2013 - 17:49

Akamai is also Microsoft. You are fine.

#6 vetneufuse

neufuse

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 16-February 04

Posted 10 November 2013 - 18:04

Akamai is also Microsoft. You are fine.

Akamai is not also Microsoft, Akamai is a content distribution network, it's a huge network and some of the largest companies out there use it. They have servers all over the world. MS does mirror a lot of their content on Akamai servers, but that doesn't mean it's Microsoft's content you are getting. Just wanted to clear that up a little :)



#7 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 35
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 10 November 2013 - 23:24

Microsoft uses Akamai for downloads.  For simplicity sake I stated it was microsoft.



#8 DKAngel

DKAngel

    That i cannot own ....I shall destroy

  • Joined: 20-July 03
  • Location: Perth, Australia

Posted 10 November 2013 - 23:58

paranoid man is paranoid



#9 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 11 November 2013 - 01:29

That's barely any connections, you can ignore the 127.0.0.1/::1/fe80* connections as they're just on the LAN (And for stuff like UPnP) Everything else is just plain HTTP traffic for stuff like updates.