Jump to content



Photo

Suggestions as to unusual Netstat data?


  • Please log in to reply
8 replies to this topic

#1 Richard C.

Richard C.

    Neowinian Senior

  • Joined: 15-April 05
  • Location: Around
  • OS: Windows 8.1 Pro & Mac OSX
  • Phone: iPhone 5

Posted 09 November 2013 - 18:12

I just did a cold reboot, so netstat should return almost no connections right, since none of the service I have installed except for Apple Update (and Of Course Windows Update) require internet access, yet according to netstat I have a butload of connections! Is this normal? Please explain to me

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    10.0.0.19:51054        origin:http            ESTABLISHED
  TCP    10.0.0.19:51055        vlan705:http           ESTABLISHED
  TCP    10.0.0.19:51056        m24-mp2:http           ESTABLISHED
  TCP    10.0.0.19:51057        157.55.253.50:http     ESTABLISHED
  TCP    10.0.0.19:51058        m89-mp2:http           ESTABLISHED
  TCP    10.0.0.19:51059        m24-mp2:http           ESTABLISHED
  TCP    10.0.0.19:51060        168.63.124.173:http    ESTABLISHED
  TCP    10.0.0.19:51061        m89-mp2:http           ESTABLISHED
  TCP    127.0.0.1:5354         cookyspc:49156         ESTABLISHED
  TCP    127.0.0.1:5354         cookyspc:49157         ESTABLISHED
  TCP    127.0.0.1:49156        cookyspc:5354          ESTABLISHED
  TCP    127.0.0.1:49157        cookyspc:5354          ESTABLISHED
  TCP    127.0.0.1:51049        cookyspc:wsd           TIME_WAIT
  TCP    127.0.0.1:51050        cookyspc:wsd           TIME_WAIT
  TCP    127.0.0.1:51052        cookyspc:wsd           TIME_WAIT
  TCP    127.0.0.1:51053        cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51045            cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51047            cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51048            cookyspc:wsd           TIME_WAIT
  TCP    [::1]:51051            cookyspc:wsd           TIME_WAIT
Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       544
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       852
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       1104
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       1132
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       1588
  TCP    0.0.0.0:49158          0.0.0.0:0              LISTENING       908
  TCP    0.0.0.0:49159          0.0.0.0:0              LISTENING       916
  TCP    10.0.0.19:139          0.0.0.0:0              LISTENING       4
  TCP    10.0.0.19:51054        204.79.197.200:80      ESTABLISHED     3052
  TCP    10.0.0.19:51055        207.46.129.165:80      ESTABLISHED     3052
  TCP    10.0.0.19:51056        62.254.36.24:80        ESTABLISHED     3052
  TCP    10.0.0.19:51057        157.55.253.50:80       ESTABLISHED     3052
  TCP    10.0.0.19:51058        62.254.36.89:80        ESTABLISHED     3052
  TCP    10.0.0.19:51059        62.254.36.24:80        ESTABLISHED     3052
  TCP    10.0.0.19:51060        168.63.124.173:80      ESTABLISHED     3052
  TCP    10.0.0.19:51061        62.254.36.89:80        ESTABLISHED     3052
  TCP    10.0.0.19:51063        23.195.29.199:443      ESTABLISHED     4648
  TCP    10.0.0.19:51065        62.254.36.64:80        ESTABLISHED     4648
  TCP    10.0.0.19:51066        62.254.36.89:80        ESTABLISHED     4648
  TCP    10.0.0.19:51069        62.254.36.75:80        ESTABLISHED     1456
  TCP    127.0.0.1:5354         0.0.0.0:0              LISTENING       1852
  TCP    127.0.0.1:5354         127.0.0.1:49156        ESTABLISHED     1852
  TCP    127.0.0.1:5354         127.0.0.1:49157        ESTABLISHED     1852
  TCP    127.0.0.1:27015        0.0.0.0:0              LISTENING       1760
  TCP    127.0.0.1:49156        127.0.0.1:5354         ESTABLISHED     1760
  TCP    127.0.0.1:49157        127.0.0.1:5354         ESTABLISHED     1760
  TCP    127.0.0.1:51049        127.0.0.1:5357         TIME_WAIT       0
  TCP    127.0.0.1:51050        127.0.0.1:5357         TIME_WAIT       0
  TCP    127.0.0.1:51052        127.0.0.1:5357         TIME_WAIT       0
  TCP    127.0.0.1:51053        127.0.0.1:5357         TIME_WAIT       0
  TCP    [::]:135               [::]:0                 LISTENING       544
  TCP    [::]:445               [::]:0                 LISTENING       4
  TCP    [::]:5357              [::]:0                 LISTENING       4
  TCP    [::]:49152             [::]:0                 LISTENING       852
  TCP    [::]:49153             [::]:0                 LISTENING       1104
  TCP    [::]:49154             [::]:0                 LISTENING       1132
  TCP    [::]:49155             [::]:0                 LISTENING       1588
  TCP    [::]:49158             [::]:0                 LISTENING       908
  TCP    [::]:49159             [::]:0                 LISTENING       916
  TCP    [::1]:49190            [::]:0                 LISTENING       3240
  TCP    [::1]:51045            [::1]:5357             TIME_WAIT       0
  TCP    [::1]:51047            [::1]:5357             TIME_WAIT       0
  TCP    [::1]:51048            [::1]:5357             TIME_WAIT       0
  TCP    [::1]:51051            [::1]:5357             TIME_WAIT       0
  UDP    0.0.0.0:500            *:*                                    1132
  UDP    0.0.0.0:3702           *:*                                    1156
  UDP    0.0.0.0:3702           *:*                                    2784
  UDP    0.0.0.0:3702           *:*                                    1900
  UDP    0.0.0.0:3702           *:*                                    1900
  UDP    0.0.0.0:3702           *:*                                    2784
  UDP    0.0.0.0:3702           *:*                                    1156
  UDP    0.0.0.0:4500           *:*                                    1132
  UDP    0.0.0.0:5355           *:*                                    1456
  UDP    0.0.0.0:49513          *:*                                    1852
  UDP    0.0.0.0:52311          *:*                                    2784
  UDP    0.0.0.0:62390          *:*                                    1900
  UDP    0.0.0.0:65356          *:*                                    1156
  UDP    10.0.0.19:137          *:*                                    4
  UDP    10.0.0.19:138          *:*                                    4
  UDP    10.0.0.19:1900         *:*                                    2784
  UDP    10.0.0.19:5353         *:*                                    1852
  UDP    10.0.0.19:54850        *:*                                    2784
  UDP    127.0.0.1:1900         *:*                                    2784
  UDP    127.0.0.1:49511        *:*                                    1760
  UDP    127.0.0.1:49512        *:*                                    1760
  UDP    127.0.0.1:54851        *:*                                    2784
  UDP    [::]:500               *:*                                    1132
  UDP    [::]:3702              *:*                                    2784
  UDP    [::]:3702              *:*                                    1900
  UDP    [::]:3702              *:*                                    2784
  UDP    [::]:3702              *:*                                    1156
  UDP    [::]:3702              *:*                                    1900
  UDP    [::]:3702              *:*                                    1156
  UDP    [::]:4500              *:*                                    1132
  UDP    [::]:5355              *:*                                    1456
  UDP    [::]:49514             *:*                                    1852
  UDP    [::]:52312             *:*                                    2784
  UDP    [::]:62391             *:*                                    1900
  UDP    [::]:65357             *:*                                    1156
  UDP    [::1]:1900             *:*                                    2784
  UDP    [::1]:5353             *:*                                    1852
  UDP    [::1]:54849            *:*                                    2784
  UDP    [fe80::24d6:c2b:f5ff:ffec%5]:546  *:*                                    1104
  UDP    [fe80::f575:319b:e4ac:a6e2%3]:546  *:*                                    1104
  UDP    [fe80::f575:319b:e4ac:a6e2%3]:1900  *:*                                    2784
  UDP    [fe80::f575:319b:e4ac:a6e2%3]:54848  *:*                                    2784

OS: Windows 8.1 Pro

Security suites say malware and virus free




#2 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 21
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 09 November 2013 - 18:16

I would do a reverse lookup on those ips to determine origin. Could very well be av communication. Would have to wait till I get to a computer to verify our you can go to dnsstuff.com and research.

#3 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 21
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 09 November 2013 - 21:09

The majority of those connections are going out to microsoft which is normal.

 

These two are not as far as I can tell anyway. 

62.254.36.89:80
23.195.29.199:443



#4 OP Richard C.

Richard C.

    Neowinian Senior

  • Joined: 15-April 05
  • Location: Around
  • OS: Windows 8.1 Pro & Mac OSX
  • Phone: iPhone 5

Posted 10 November 2013 - 12:55

The first goes to my ISPs Server, the second I've never seen before, goes to something called Akamai Technologies



#5 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 21
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 10 November 2013 - 17:49

Akamai is also Microsoft. You are fine.

#6 vetneufuse

neufuse

    Neowinian Senior

  • Joined: 16-February 04

Posted 10 November 2013 - 18:04

Akamai is also Microsoft. You are fine.

Akamai is not also Microsoft, Akamai is a content distribution network, it's a huge network and some of the largest companies out there use it. They have servers all over the world. MS does mirror a lot of their content on Akamai servers, but that doesn't mean it's Microsoft's content you are getting. Just wanted to clear that up a little :)



#7 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 21
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 10 November 2013 - 23:24

Microsoft uses Akamai for downloads.  For simplicity sake I stated it was microsoft.



#8 DKAngel

DKAngel

    That i cannot own ....I shall destroy

  • Joined: 20-July 03
  • Location: Perth, Australia

Posted 10 November 2013 - 23:58

paranoid man is paranoid



#9 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 3
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 11 November 2013 - 01:29

That's barely any connections, you can ignore the 127.0.0.1/::1/fe80* connections as they're just on the LAN (And for stuff like UPnP) Everything else is just plain HTTP traffic for stuff like updates.



Click here to login or here to register to remove this ad, it's free!