cooky560 Veteran Posted November 9, 2013 Veteran Share Posted November 9, 2013 I just did a cold reboot, so netstat should return almost no connections right, since none of the service I have installed except for Apple Update (and Of Course Windows Update) require internet access, yet according to netstat I have a butload of connections! Is this normal? Please explain to me Active Connections Proto Local Address Foreign Address State TCP 10.0.0.19:51054 origin:http ESTABLISHED TCP 10.0.0.19:51055 vlan705:http ESTABLISHED TCP 10.0.0.19:51056 m24-mp2:http ESTABLISHED TCP 10.0.0.19:51057 157.55.253.50:http ESTABLISHED TCP 10.0.0.19:51058 m89-mp2:http ESTABLISHED TCP 10.0.0.19:51059 m24-mp2:http ESTABLISHED TCP 10.0.0.19:51060 168.63.124.173:http ESTABLISHED TCP 10.0.0.19:51061 m89-mp2:http ESTABLISHED TCP 127.0.0.1:5354 cookyspc:49156 ESTABLISHED TCP 127.0.0.1:5354 cookyspc:49157 ESTABLISHED TCP 127.0.0.1:49156 cookyspc:5354 ESTABLISHED TCP 127.0.0.1:49157 cookyspc:5354 ESTABLISHED TCP 127.0.0.1:51049 cookyspc:wsd TIME_WAIT TCP 127.0.0.1:51050 cookyspc:wsd TIME_WAIT TCP 127.0.0.1:51052 cookyspc:wsd TIME_WAIT TCP 127.0.0.1:51053 cookyspc:wsd TIME_WAIT TCP [::1]:51045 cookyspc:wsd TIME_WAIT TCP [::1]:51047 cookyspc:wsd TIME_WAIT TCP [::1]:51048 cookyspc:wsd TIME_WAIT TCP [::1]:51051 cookyspc:wsd TIME_WAIT Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 544 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 852 TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1104 TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1132 TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 1588 TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING 908 TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING 916 TCP 10.0.0.19:139 0.0.0.0:0 LISTENING 4 TCP 10.0.0.19:51054 204.79.197.200:80 ESTABLISHED 3052 TCP 10.0.0.19:51055 207.46.129.165:80 ESTABLISHED 3052 TCP 10.0.0.19:51056 62.254.36.24:80 ESTABLISHED 3052 TCP 10.0.0.19:51057 157.55.253.50:80 ESTABLISHED 3052 TCP 10.0.0.19:51058 62.254.36.89:80 ESTABLISHED 3052 TCP 10.0.0.19:51059 62.254.36.24:80 ESTABLISHED 3052 TCP 10.0.0.19:51060 168.63.124.173:80 ESTABLISHED 3052 TCP 10.0.0.19:51061 62.254.36.89:80 ESTABLISHED 3052 TCP 10.0.0.19:51063 23.195.29.199:443 ESTABLISHED 4648 TCP 10.0.0.19:51065 62.254.36.64:80 ESTABLISHED 4648 TCP 10.0.0.19:51066 62.254.36.89:80 ESTABLISHED 4648 TCP 10.0.0.19:51069 62.254.36.75:80 ESTABLISHED 1456 TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING 1852 TCP 127.0.0.1:5354 127.0.0.1:49156 ESTABLISHED 1852 TCP 127.0.0.1:5354 127.0.0.1:49157 ESTABLISHED 1852 TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING 1760 TCP 127.0.0.1:49156 127.0.0.1:5354 ESTABLISHED 1760 TCP 127.0.0.1:49157 127.0.0.1:5354 ESTABLISHED 1760 TCP 127.0.0.1:51049 127.0.0.1:5357 TIME_WAIT 0 TCP 127.0.0.1:51050 127.0.0.1:5357 TIME_WAIT 0 TCP 127.0.0.1:51052 127.0.0.1:5357 TIME_WAIT 0 TCP 127.0.0.1:51053 127.0.0.1:5357 TIME_WAIT 0 TCP [::]:135 [::]:0 LISTENING 544 TCP [::]:445 [::]:0 LISTENING 4 TCP [::]:5357 [::]:0 LISTENING 4 TCP [::]:49152 [::]:0 LISTENING 852 TCP [::]:49153 [::]:0 LISTENING 1104 TCP [::]:49154 [::]:0 LISTENING 1132 TCP [::]:49155 [::]:0 LISTENING 1588 TCP [::]:49158 [::]:0 LISTENING 908 TCP [::]:49159 [::]:0 LISTENING 916 TCP [::1]:49190 [::]:0 LISTENING 3240 TCP [::1]:51045 [::1]:5357 TIME_WAIT 0 TCP [::1]:51047 [::1]:5357 TIME_WAIT 0 TCP [::1]:51048 [::1]:5357 TIME_WAIT 0 TCP [::1]:51051 [::1]:5357 TIME_WAIT 0 UDP 0.0.0.0:500 *:* 1132 UDP 0.0.0.0:3702 *:* 1156 UDP 0.0.0.0:3702 *:* 2784 UDP 0.0.0.0:3702 *:* 1900 UDP 0.0.0.0:3702 *:* 1900 UDP 0.0.0.0:3702 *:* 2784 UDP 0.0.0.0:3702 *:* 1156 UDP 0.0.0.0:4500 *:* 1132 UDP 0.0.0.0:5355 *:* 1456 UDP 0.0.0.0:49513 *:* 1852 UDP 0.0.0.0:52311 *:* 2784 UDP 0.0.0.0:62390 *:* 1900 UDP 0.0.0.0:65356 *:* 1156 UDP 10.0.0.19:137 *:* 4 UDP 10.0.0.19:138 *:* 4 UDP 10.0.0.19:1900 *:* 2784 UDP 10.0.0.19:5353 *:* 1852 UDP 10.0.0.19:54850 *:* 2784 UDP 127.0.0.1:1900 *:* 2784 UDP 127.0.0.1:49511 *:* 1760 UDP 127.0.0.1:49512 *:* 1760 UDP 127.0.0.1:54851 *:* 2784 UDP [::]:500 *:* 1132 UDP [::]:3702 *:* 2784 UDP [::]:3702 *:* 1900 UDP [::]:3702 *:* 2784 UDP [::]:3702 *:* 1156 UDP [::]:3702 *:* 1900 UDP [::]:3702 *:* 1156 UDP [::]:4500 *:* 1132 UDP [::]:5355 *:* 1456 UDP [::]:49514 *:* 1852 UDP [::]:52312 *:* 2784 UDP [::]:62391 *:* 1900 UDP [::]:65357 *:* 1156 UDP [::1]:1900 *:* 2784 UDP [::1]:5353 *:* 1852 UDP [::1]:54849 *:* 2784 UDP [fe80::24d6:c2b:f5ff:ffec%5]:546 *:* 1104 UDP [fe80::f575:319b:e4ac:a6e2%3]:546 *:* 1104 UDP [fe80::f575:319b:e4ac:a6e2%3]:1900 *:* 2784 UDP [fe80::f575:319b:e4ac:a6e2%3]:54848 *:* 2784 OS: Windows 8.1 Pro Security suites say malware and virus free Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 9, 2013 Veteran Share Posted November 9, 2013 I would do a reverse lookup on those ips to determine origin. Could very well be av communication. Would have to wait till I get to a computer to verify our you can go to dnsstuff.com and research. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 9, 2013 Veteran Share Posted November 9, 2013 The majority of those connections are going out to microsoft which is normal. These two are not as far as I can tell anyway. 62.254.36.89:80 23.195.29.199:443 Link to comment Share on other sites More sharing options...
cooky560 Veteran Posted November 10, 2013 Author Veteran Share Posted November 10, 2013 The first goes to my ISPs Server, the second I've never seen before, goes to something called Akamai Technologies Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 10, 2013 Veteran Share Posted November 10, 2013 Akamai is also Microsoft. You are fine. Link to comment Share on other sites More sharing options...
neufuse Veteran Posted November 10, 2013 Veteran Share Posted November 10, 2013 Akamai is also Microsoft. You are fine. Akamai is not also Microsoft, Akamai is a content distribution network, it's a huge network and some of the largest companies out there use it. They have servers all over the world. MS does mirror a lot of their content on Akamai servers, but that doesn't mean it's Microsoft's content you are getting. Just wanted to clear that up a little :) Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 10, 2013 Veteran Share Posted November 10, 2013 Microsoft uses Akamai for downloads. For simplicity sake I stated it was microsoft. Link to comment Share on other sites More sharing options...
DKAngel Posted November 10, 2013 Share Posted November 10, 2013 paranoid man is paranoid Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted November 11, 2013 Veteran Share Posted November 11, 2013 That's barely any connections, you can ignore the 127.0.0.1/::1/fe80* connections as they're just on the LAN (And for stuff like UPnP) Everything else is just plain HTTP traffic for stuff like updates. Link to comment Share on other sites More sharing options...
Recommended Posts