Biotoxic_hazard_835 Posted November 10, 2009 Share Posted November 10, 2009 I'm getting this error persistently on my wireless conection: Log Name: System Source: Tcpip Event ID: 4227 Level: Warning TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint. My computer is connected via wireless to a D-Link DIR-655 router and the router is connected directly to a Motorola Surfboard 5120 Cable Modem. Any help on how to avoid this annoyance will be appreciated. Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/ Share on other sites More sharing options...
+BudMan MVC Posted November 10, 2009 MVC Share Posted November 10, 2009 "causing all available local ports to be used" Sounds like you used up all your ports.. there are 65535 of them! I would guess your infected with something to be sure.. Or you got something that is forcing the use of new port everytime it makes a connection to the same IP?? What does the output of netstat -anb look like.. Which proccess is making all the connections and to where? You should be able to clear it by disabling your interface and then re-enabling it. But you must have something screaming through your connection ports making outbound connections to run into that type of error. Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/#findComment-591829500 Share on other sites More sharing options...
_V_ Posted November 10, 2009 Share Posted November 10, 2009 As BudMan said, disable/enable the network interface to refresh the protocol configuration. More details: http://technet.microsoft.com/en-us/library...28WS.10%29.aspx Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/#findComment-591829902 Share on other sites More sharing options...
+BudMan MVC Posted November 10, 2009 MVC Share Posted November 10, 2009 Thats a temp fix, I would really like to see what your netstat -anb looks like.. You must have something just creating a **** load of connections. Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/#findComment-591830306 Share on other sites More sharing options...
Biotoxic_hazard_835 Posted November 11, 2009 Author Share Posted November 11, 2009 (edited) I ran netstat -anb and this is what I got. Microsoft Windows [Version 6.1.7600] Copyright © 2009 Microsoft Corporation. All rights reserved. C:\Users\Biotoxic>netstat -anb Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:554 0.0.0.0:0 LISTENING [wmpnetwk.exe] TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING [wininit.exe] TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING eventlog [svchost.exe] TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING [services.exe] TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING [lsass.exe] TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING [mDNSResponder.exe] TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING [AppleMobileDeviceService.exe] TCP 127.0.0.1:49158 0.0.0.0:0 LISTENING [ccSvcHst.exe] TCP 127.0.0.1:49198 0.0.0.0:0 LISTENING [msnmsgr.exe] TCP 127.0.0.1:49198 127.0.0.1:49199 ESTABLISHED [msnmsgr.exe] TCP 127.0.0.1:49199 127.0.0.1:49198 ESTABLISHED [msnmsgr.exe] TCP 127.0.0.1:49237 127.0.0.1:49238 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49238 127.0.0.1:49237 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49240 127.0.0.1:49241 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49241 127.0.0.1:49240 ESTABLISHED [firefox.exe] TCP 192.168.0.199:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.0.199:49196 65.54.49.137:1863 ESTABLISHED [msnmsgr.exe] TCP 192.168.0.199:49403 64.237.231.247:61494 CLOSE_WAIT [msnmsgr.exe] TCP 192.168.0.199:49527 70.119.185.224:65211 ESTABLISHED [msnmsgr.exe] TCP 192.168.0.199:49545 174.20.165.91:51498 ESTABLISHED [msnmsgr.exe] TCP 192.168.0.199:50816 8.12.226.77:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:50825 96.17.106.115:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:50828 72.14.209.101:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:50849 8.12.226.77:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:50920 209.17.73.7:80 CLOSE_WAIT [firefox.exe] TCP 192.168.0.199:50967 64.215.156.43:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51012 96.17.106.152:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51013 96.17.106.152:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51014 96.17.106.152:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51015 96.17.106.152:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51016 96.17.106.90:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51056 74.125.67.156:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51059 74.125.67.156:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51074 74.125.67.149:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51078 96.17.106.123:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51080 96.17.106.147:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:51090 143.127.102.125:80 TIME_WAIT TCP 192.168.0.199:51109 65.54.167.59:80 ESTABLISHED [msnmsgr.exe] TCP [::]:135 [::]:0 LISTENING RpcSs [svchost.exe] TCP [::]:445 [::]:0 LISTENING Can not obtain ownership information TCP [::]:554 [::]:0 LISTENING [wmpnetwk.exe] TCP [::]:2869 [::]:0 LISTENING Can not obtain ownership information TCP [::]:3587 [::]:0 LISTENING p2pimsvc [svchost.exe] TCP [::]:5357 [::]:0 LISTENING Can not obtain ownership information TCP [::]:10243 [::]:0 LISTENING Can not obtain ownership information TCP [::]:49152 [::]:0 LISTENING [wininit.exe] TCP [::]:49153 [::]:0 LISTENING eventlog [svchost.exe] TCP [::]:49154 [::]:0 LISTENING Schedule [svchost.exe] TCP [::]:49155 [::]:0 LISTENING [services.exe] TCP [::]:49157 [::]:0 LISTENING [lsass.exe] TCP [::1]:49159 [::]:0 LISTENING [ccSvcHst.exe] UDP 0.0.0.0:500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:3544 *:* iphlpsvc [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:4500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:5004 *:* [wmpnetwk.exe] UDP 0.0.0.0:5005 *:* [wmpnetwk.exe] UDP 0.0.0.0:5355 *:* Dnscache [svchost.exe] UDP 0.0.0.0:52198 *:* EventSystem [svchost.exe] UDP 0.0.0.0:52200 *:* EventSystem [svchost.exe] UDP 0.0.0.0:61065 *:* [mDNSResponder.exe] UDP 0.0.0.0:64477 *:* [mDNSResponder.exe] UDP 0.0.0.0:64479 *:* FDResPub [svchost.exe] UDP 127.0.0.1:1900 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:50371 *:* [ccSvcHst.exe] UDP 127.0.0.1:52443 *:* [wlcomm.exe] UDP 127.0.0.1:56807 *:* [msnmsgr.exe] UDP 127.0.0.1:57935 *:* SSDPSRV [svchost.exe] UDP 192.168.0.199:9 *:* [msnmsgr.exe] UDP 192.168.0.199:137 *:* Can not obtain ownership information UDP 192.168.0.199:138 *:* Can not obtain ownership information UDP 192.168.0.199:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.0.199:5353 *:* [mDNSResponder.exe] UDP 192.168.0.199:54393 *:* iphlpsvc [svchost.exe] UDP 192.168.0.199:57934 *:* SSDPSRV [svchost.exe] UDP [::]:500 *:* IKEEXT [svchost.exe] UDP [::]:3540 *:* p2pimsvc [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:4500 *:* IKEEXT [svchost.exe] UDP [::]:5004 *:* [wmpnetwk.exe] UDP [::]:5005 *:* [wmpnetwk.exe] UDP [::]:5355 *:* Dnscache [svchost.exe] UDP [::]:52199 *:* EventSystem [svchost.exe] UDP [::]:52201 *:* EventSystem [svchost.exe] UDP [::]:64478 *:* [mDNSResponder.exe] UDP [::]:64480 *:* FDResPub [svchost.exe] UDP [::1]:1900 *:* SSDPSRV [svchost.exe] UDP [::1]:57933 *:* SSDPSRV [svchost.exe] UDP [fe80::c096:2dd8:f01f:ab5a%11]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::c096:2dd8:f01f:ab5a%11]:57932 *:* SSDPSRV [svchost.exe] C:\Users\Biotoxic> Thanks in advance Budman for any help finding out wtf is causing this. EDIT: placed plain text instead. Much easier to read. Edited November 11, 2009 by Biotoxic_hazard_835 Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/#findComment-591832504 Share on other sites More sharing options...
+BudMan MVC Posted November 11, 2009 MVC Share Posted November 11, 2009 Seems like you got quite a few connections to google there? I see one to photobucket Do me a favor, close firefox when you do the netstat -anb again, and then in a couple of minutes do it again. Without running firefox between.. You need to see if firefox is opening up connections without you. Lots of worms can search google looking for next target, etc. Each time it makes a new connection it would be using up a local port, etc. What exactly were you doing on firefox when you took that netstat? Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/#findComment-591833780 Share on other sites More sharing options...
Biotoxic_hazard_835 Posted November 12, 2009 Author Share Posted November 12, 2009 Ok, yesterday I was just browsing around and did 3 Google searches and accessed photobucket once. I have run both NIS 2010 and Malwarebytes and both show a clean system. Here are the netstat -anb info as you requested. Run 3 instances 5 minutes apart, first 2 without opening Firefox and the third one after opening Firefox to My Yahoo and Neowin. Microsoft Windows [Version 6.1.7600] Copyright © 2009 Microsoft Corporation. All rights reserved. C:\Users\Biotoxic>netstat -anb Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:554 0.0.0.0:0 LISTENING [wmpnetwk.exe] TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING [wininit.exe] TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING eventlog [svchost.exe] TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING [services.exe] TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING [lsass.exe] TCP 127.0.0.1:2869 127.0.0.1:49170 TIME_WAIT TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING [mDNSResponder.exe] TCP 127.0.0.1:5357 127.0.0.1:49169 TIME_WAIT TCP 127.0.0.1:5357 127.0.0.1:49188 TIME_WAIT TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING [AppleMobileDeviceService.exe] TCP 127.0.0.1:49158 0.0.0.0:0 LISTENING [ccSvcHst.exe] TCP 127.0.0.1:49161 127.0.0.1:49160 TIME_WAIT TCP 127.0.0.1:49200 0.0.0.0:0 LISTENING [msnmsgr.exe] TCP 127.0.0.1:49200 127.0.0.1:49202 ESTABLISHED [msnmsgr.exe] TCP 127.0.0.1:49202 127.0.0.1:49200 ESTABLISHED [msnmsgr.exe] TCP 192.168.0.199:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.0.199:49162 213.35.100.25:80 TIME_WAIT TCP 192.168.0.199:49165 213.35.100.25:80 TIME_WAIT TCP 192.168.0.199:49167 213.35.100.25:80 TIME_WAIT TCP 192.168.0.199:49168 213.35.100.25:80 TIME_WAIT TCP 192.168.0.199:49173 192.168.0.1:80 TIME_WAIT TCP 192.168.0.199:49174 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49175 192.168.0.1:80 TIME_WAIT TCP 192.168.0.199:49176 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49177 192.168.0.1:80 TIME_WAIT TCP 192.168.0.199:49178 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49184 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49191 65.55.184.152:80 ESTABLISHED wuauserv [svchost.exe] TCP 192.168.0.199:49195 65.55.184.152:443 ESTABLISHED wuauserv [svchost.exe] TCP 192.168.0.199:49197 65.54.52.62:1863 TIME_WAIT TCP 192.168.0.199:49198 65.54.49.45:1863 ESTABLISHED [msnmsgr.exe] TCP 192.168.0.199:49199 65.55.7.141:80 TIME_WAIT TCP 192.168.0.199:49203 65.55.197.115:80 ESTABLISHED [msnmsgr.exe] TCP 192.168.0.199:49204 207.46.125.253:7001 TIME_WAIT TCP 192.168.0.199:49204 207.46.125.254:7001 TIME_WAIT TCP 192.168.0.199:49206 192.168.0.1:80 TIME_WAIT TCP 192.168.0.199:49207 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49208 192.168.0.1:80 TIME_WAIT TCP 192.168.0.199:49209 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49210 192.168.0.1:80 TIME_WAIT TCP 192.168.0.199:49211 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49221 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49222 168.75.207.20:80 ESTABLISHED [msnmsgr.exe] TCP 192.168.0.199:49227 65.54.167.92:80 ESTABLISHED [msnmsgr.exe] TCP [::]:135 [::]:0 LISTENING RpcSs [svchost.exe] TCP [::]:445 [::]:0 LISTENING Can not obtain ownership information TCP [::]:554 [::]:0 LISTENING [wmpnetwk.exe] TCP [::]:2869 [::]:0 LISTENING Can not obtain ownership information TCP [::]:3587 [::]:0 LISTENING p2pimsvc [svchost.exe] TCP [::]:5357 [::]:0 LISTENING Can not obtain ownership information TCP [::]:10243 [::]:0 LISTENING Can not obtain ownership information TCP [::]:49152 [::]:0 LISTENING [wininit.exe] TCP [::]:49153 [::]:0 LISTENING eventlog [svchost.exe] TCP [::]:49154 [::]:0 LISTENING Schedule [svchost.exe] TCP [::]:49155 [::]:0 LISTENING [services.exe] TCP [::]:49157 [::]:0 LISTENING [lsass.exe] TCP [::1]:49159 [::]:0 LISTENING [ccSvcHst.exe] UDP 0.0.0.0:500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:3544 *:* iphlpsvc [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:4500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:5004 *:* [wmpnetwk.exe] UDP 0.0.0.0:5005 *:* [wmpnetwk.exe] UDP 0.0.0.0:5355 *:* Dnscache [svchost.exe] UDP 0.0.0.0:52676 *:* [mDNSResponder.exe] UDP 0.0.0.0:52678 *:* FDResPub [svchost.exe] UDP 0.0.0.0:53049 *:* [mDNSResponder.exe] UDP 0.0.0.0:58412 *:* EventSystem [svchost.exe] UDP 0.0.0.0:58418 *:* EventSystem [svchost.exe] UDP 127.0.0.1:1900 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:54292 *:* [msnmsgr.exe] UDP 127.0.0.1:58417 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:63184 *:* [wlcomm.exe] UDP 192.168.0.199:9 *:* [msnmsgr.exe] UDP 192.168.0.199:137 *:* Can not obtain ownership information UDP 192.168.0.199:138 *:* Can not obtain ownership information UDP 192.168.0.199:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.0.199:5353 *:* [mDNSResponder.exe] UDP 192.168.0.199:54393 *:* iphlpsvc [svchost.exe] UDP 192.168.0.199:58416 *:* SSDPSRV [svchost.exe] UDP [::]:500 *:* IKEEXT [svchost.exe] UDP [::]:3540 *:* p2pimsvc [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:4500 *:* IKEEXT [svchost.exe] UDP [::]:5004 *:* [wmpnetwk.exe] UDP [::]:5005 *:* [wmpnetwk.exe] UDP [::]:5355 *:* Dnscache [svchost.exe] UDP [::]:52677 *:* [mDNSResponder.exe] UDP [::]:52679 *:* FDResPub [svchost.exe] UDP [::]:58413 *:* EventSystem [svchost.exe] UDP [::]:58419 *:* EventSystem [svchost.exe] UDP [::1]:1900 *:* SSDPSRV [svchost.exe] UDP [::1]:58415 *:* SSDPSRV [svchost.exe] UDP [fe80::c096:2dd8:f01f:ab5a%11]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::c096:2dd8:f01f:ab5a%11]:58414 *:* SSDPSRV [svchost.exe] C:\Users\Biotoxic> Microsoft Windows [Version 6.1.7600] Copyright © 2009 Microsoft Corporation. All rights reserved. C:\Users\Biotoxic>netstat -anb Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:554 0.0.0.0:0 LISTENING [wmpnetwk.exe] TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING [wininit.exe] TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING eventlog [svchost.exe] TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING [services.exe] TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING [lsass.exe] TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING [mDNSResponder.exe] TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING [AppleMobileDeviceService.exe] TCP 127.0.0.1:49158 0.0.0.0:0 LISTENING [ccSvcHst.exe] TCP 127.0.0.1:49200 0.0.0.0:0 LISTENING [msnmsgr.exe] TCP 127.0.0.1:49200 127.0.0.1:49202 ESTABLISHED [msnmsgr.exe] TCP 127.0.0.1:49202 127.0.0.1:49200 ESTABLISHED [msnmsgr.exe] TCP 192.168.0.199:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.0.199:49198 65.54.49.45:1863 ESTABLISHED [msnmsgr.exe] TCP 192.168.0.199:49259 65.55.197.115:80 CLOSE_WAIT [msnmsgr.exe] TCP 192.168.0.199:49260 65.55.197.115:80 CLOSE_WAIT [msnmsgr.exe] TCP [::]:135 [::]:0 LISTENING RpcSs [svchost.exe] TCP [::]:445 [::]:0 LISTENING Can not obtain ownership information TCP [::]:554 [::]:0 LISTENING [wmpnetwk.exe] TCP [::]:2869 [::]:0 LISTENING Can not obtain ownership information TCP [::]:3587 [::]:0 LISTENING p2pimsvc [svchost.exe] TCP [::]:5357 [::]:0 LISTENING Can not obtain ownership information TCP [::]:10243 [::]:0 LISTENING Can not obtain ownership information TCP [::]:49152 [::]:0 LISTENING [wininit.exe] TCP [::]:49153 [::]:0 LISTENING eventlog [svchost.exe] TCP [::]:49154 [::]:0 LISTENING Schedule [svchost.exe] TCP [::]:49155 [::]:0 LISTENING [services.exe] TCP [::]:49157 [::]:0 LISTENING [lsass.exe] TCP [::1]:49159 [::]:0 LISTENING [ccSvcHst.exe] UDP 0.0.0.0:500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:3544 *:* iphlpsvc [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:4500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:5004 *:* [wmpnetwk.exe] UDP 0.0.0.0:5005 *:* [wmpnetwk.exe] UDP 0.0.0.0:5355 *:* Dnscache [svchost.exe] UDP 0.0.0.0:52676 *:* [mDNSResponder.exe] UDP 0.0.0.0:52678 *:* FDResPub [svchost.exe] UDP 0.0.0.0:53049 *:* [mDNSResponder.exe] UDP 0.0.0.0:58412 *:* EventSystem [svchost.exe] UDP 0.0.0.0:58418 *:* EventSystem [svchost.exe] UDP 127.0.0.1:1900 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:54292 *:* [msnmsgr.exe] UDP 127.0.0.1:58417 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:63184 *:* [wlcomm.exe] UDP 192.168.0.199:9 *:* [msnmsgr.exe] UDP 192.168.0.199:137 *:* Can not obtain ownership information UDP 192.168.0.199:138 *:* Can not obtain ownership information UDP 192.168.0.199:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.0.199:5353 *:* [mDNSResponder.exe] UDP 192.168.0.199:54393 *:* iphlpsvc [svchost.exe] UDP 192.168.0.199:58416 *:* SSDPSRV [svchost.exe] UDP [::]:500 *:* IKEEXT [svchost.exe] UDP [::]:3540 *:* p2pimsvc [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:4500 *:* IKEEXT [svchost.exe] UDP [::]:5004 *:* [wmpnetwk.exe] UDP [::]:5005 *:* [wmpnetwk.exe] UDP [::]:5355 *:* Dnscache [svchost.exe] UDP [::]:52677 *:* [mDNSResponder.exe] UDP [::]:52679 *:* FDResPub [svchost.exe] UDP [::]:58413 *:* EventSystem [svchost.exe] UDP [::]:58419 *:* EventSystem [svchost.exe] UDP [::1]:1900 *:* SSDPSRV [svchost.exe] UDP [::1]:58415 *:* SSDPSRV [svchost.exe] UDP [fe80::c096:2dd8:f01f:ab5a%11]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::c096:2dd8:f01f:ab5a%11]:58414 *:* SSDPSRV [svchost.exe] C:\Users\Biotoxic> Microsoft Windows [Version 6.1.7600] Copyright © 2009 Microsoft Corporation. All rights reserved. C:\Users\Biotoxic>netstat -anb Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:554 0.0.0.0:0 LISTENING [wmpnetwk.exe] TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING [wininit.exe] TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING eventlog [svchost.exe] TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING [services.exe] TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING [lsass.exe] TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING [mDNSResponder.exe] TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING [AppleMobileDeviceService.exe] TCP 127.0.0.1:49158 0.0.0.0:0 LISTENING [ccSvcHst.exe] TCP 127.0.0.1:49200 0.0.0.0:0 LISTENING [msnmsgr.exe] TCP 127.0.0.1:49200 127.0.0.1:49202 ESTABLISHED [msnmsgr.exe] TCP 127.0.0.1:49202 127.0.0.1:49200 ESTABLISHED [msnmsgr.exe] TCP 127.0.0.1:49371 127.0.0.1:49372 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49372 127.0.0.1:49371 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49374 127.0.0.1:49375 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49375 127.0.0.1:49374 ESTABLISHED [firefox.exe] TCP 192.168.0.199:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.0.199:49198 65.54.49.45:1863 ESTABLISHED [msnmsgr.exe] TCP 192.168.0.199:49376 74.125.67.104:443 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49377 199.7.58.72:80 TIME_WAIT TCP 192.168.0.199:49379 96.17.106.73:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49380 96.17.106.73:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49381 96.17.106.73:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49382 96.17.106.73:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49384 96.17.106.90:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49385 96.17.106.90:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49386 96.17.106.90:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49387 96.17.106.90:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49388 96.17.106.138:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49389 74.125.67.17:443 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49390 76.13.6.132:80 TIME_WAIT TCP 192.168.0.199:49391 143.127.102.125:80 TIME_WAIT TCP 192.168.0.199:49392 199.7.58.72:80 TIME_WAIT TCP 192.168.0.199:49393 96.17.106.88:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49400 74.125.67.95:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49401 74.125.67.155:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49404 208.43.92.218:80 TIME_WAIT TCP 192.168.0.199:49405 208.43.92.218:80 TIME_WAIT TCP 192.168.0.199:49406 74.125.67.148:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49409 208.43.92.218:80 TIME_WAIT TCP 192.168.0.199:49410 74.125.65.118:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49411 74.125.45.113:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49412 96.17.106.67:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49413 64.124.194.51:80 TIME_WAIT TCP 192.168.0.199:49414 96.17.106.147:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49416 206.132.192.198:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49417 143.127.102.125:80 TIME_WAIT TCP [::]:135 [::]:0 LISTENING RpcSs [svchost.exe] TCP [::]:445 [::]:0 LISTENING Can not obtain ownership information TCP [::]:554 [::]:0 LISTENING [wmpnetwk.exe] TCP [::]:2869 [::]:0 LISTENING Can not obtain ownership information TCP [::]:3587 [::]:0 LISTENING p2pimsvc [svchost.exe] TCP [::]:5357 [::]:0 LISTENING Can not obtain ownership information TCP [::]:10243 [::]:0 LISTENING Can not obtain ownership information TCP [::]:49152 [::]:0 LISTENING [wininit.exe] TCP [::]:49153 [::]:0 LISTENING eventlog [svchost.exe] TCP [::]:49154 [::]:0 LISTENING Schedule [svchost.exe] TCP [::]:49155 [::]:0 LISTENING [services.exe] TCP [::]:49157 [::]:0 LISTENING [lsass.exe] TCP [::1]:49159 [::]:0 LISTENING [ccSvcHst.exe] UDP 0.0.0.0:500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:3544 *:* iphlpsvc [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:4500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:5004 *:* [wmpnetwk.exe] UDP 0.0.0.0:5005 *:* [wmpnetwk.exe] UDP 0.0.0.0:5355 *:* Dnscache [svchost.exe] UDP 0.0.0.0:52676 *:* [mDNSResponder.exe] UDP 0.0.0.0:52678 *:* FDResPub [svchost.exe] UDP 0.0.0.0:53049 *:* [mDNSResponder.exe] UDP 0.0.0.0:58412 *:* EventSystem [svchost.exe] UDP 0.0.0.0:58418 *:* EventSystem [svchost.exe] UDP 127.0.0.1:1900 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:54292 *:* [msnmsgr.exe] UDP 127.0.0.1:58417 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:63184 *:* [wlcomm.exe] UDP 192.168.0.199:9 *:* [msnmsgr.exe] UDP 192.168.0.199:137 *:* Can not obtain ownership information UDP 192.168.0.199:138 *:* Can not obtain ownership information UDP 192.168.0.199:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.0.199:5353 *:* [mDNSResponder.exe] UDP 192.168.0.199:54393 *:* iphlpsvc [svchost.exe] UDP 192.168.0.199:58416 *:* SSDPSRV [svchost.exe] UDP [::]:500 *:* IKEEXT [svchost.exe] UDP [::]:3540 *:* p2pimsvc [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:4500 *:* IKEEXT [svchost.exe] UDP [::]:5004 *:* [wmpnetwk.exe] UDP [::]:5005 *:* [wmpnetwk.exe] UDP [::]:5355 *:* Dnscache [svchost.exe] UDP [::]:52677 *:* [mDNSResponder.exe] UDP [::]:52679 *:* FDResPub [svchost.exe] UDP [::]:58413 *:* EventSystem [svchost.exe] UDP [::]:58419 *:* EventSystem [svchost.exe] UDP [::1]:1900 *:* SSDPSRV [svchost.exe] UDP [::1]:58415 *:* SSDPSRV [svchost.exe] UDP [fe80::c096:2dd8:f01f:ab5a%11]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::c096:2dd8:f01f:ab5a%11]:58414 *:* SSDPSRV [svchost.exe] C:\Users\Biotoxic> Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/#findComment-591836734 Share on other sites More sharing options...
Biotoxic_hazard_835 Posted November 13, 2009 Author Share Posted November 13, 2009 BUMP! Any ideas on what is causing this guys ? Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/#findComment-591841590 Share on other sites More sharing options...
+BudMan MVC Posted November 13, 2009 MVC Share Posted November 13, 2009 this is odd TCP 192.168.0.199:49204 207.46.125.253:7001 TIME_WAIT TCP 192.168.0.199:49204 207.46.125.254:7001 TIME_WAIT So how source port is the same going to 2 different IP? thats shouldn't happen?? And then you go the same sort of thing going on here TCP 127.0.0.1:5357 127.0.0.1:49169 TIME_WAIT TCP 127.0.0.1:5357 127.0.0.1:49188 TIME_WAIT Your opening up connection, closing it and then opening up a different connection from the same source port -- and this also in time_wait? Hmmmmm seems strange to be sure, or maybe its just early in the morning? Anyway -- lets take a look at netstat -s Im thinking your having lots and lots of errors and retrans on your network?? Also take a look at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\TcpTimedWaitDelay What is your setting? is it 30 or 1e in hex Maybe yours is higher?? Also what is on 192.168.0.1 -- not sure why you would be trying to make connections to that on 80 and 9393, is that not your router? Seems odd. Also do you have TalkSwitch? I see multiple connections to 80, 9393 to your 192.168.0.1?? What is that IP, is that your router? or some kind of pbx box? Not sure why wuauserv would be doing that??? Then you see stuff like this TCP 192.168.0.199:49404 208.43.92.218:80 TIME_WAIT TCP 192.168.0.199:49405 208.43.92.218:80 TIME_WAIT TCP 192.168.0.199:49406 74.125.67.148:80 ESTABLISHED [firefox.exe] TCP 192.168.0.199:49409 208.43.92.218:80 TIME_WAIT Why would firefox be opening up so many connections to the same IP -- since you see lots of them in time_wait means they were opened and then closed and then opened again using a different connection. I do believe the default TcpTimedWaitDelay is 30 seconds.. So you opened up 3 different connections to the same place and then closed them all within 30 seconds? I show that IP as lb2.collective-media.net but can not view it directly. Be software on your machine checking stuff, your browsing habits? But opening up 3 connections to the same place and then closing them all within 30 seconds seems a bit odd. How often do you get the error? And Im not sure if its just using all the ports, or see first thing I posted about making a connection to 2 different IPs from the same source port?? That should not happen. Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/#findComment-591842888 Share on other sites More sharing options...
Biotoxic_hazard_835 Posted November 13, 2009 Author Share Posted November 13, 2009 192.168.0.1 is my router, the registry key TcpTimedWaitDelay in non existent in my Windows 7 registry. No pbx box or anything like it connected to my computer. And excuse my ignorance but I have no idea as to what TalkSwitch is. Here is my netstat -s Microsoft Windows [Version 6.1.7600] Copyright © 2009 Microsoft Corporation. All rights reserved. C:\Users\Biotoxic>netstat -s IPv4 Statistics Packets Received = 24045 Received Header Errors = 0 Received Address Errors = 0 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 2 Received Packets Delivered = 37761 Output Requests = 32838 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 0 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Successfully Fragmented = 0 Datagrams Failing Fragmentation = 0 Fragments Created = 0 IPv6 Statistics Packets Received = 3 Received Header Errors = 0 Received Address Errors = 0 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 6278 Output Requests = 6426 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 2 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Successfully Fragmented = 0 Datagrams Failing Fragmentation = 0 Fragments Created = 0 ICMPv4 Statistics Received Sent Messages 0 0 Errors 0 0 Destination Unreachable 0 0 Time Exceeded 0 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echo Replies 0 0 Echos 0 0 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 Router Solicitations 0 0 Router Advertisements 0 0 ICMPv6 Statistics Received Sent Messages 3 7 Errors 0 0 Destination Unreachable 0 0 Packet Too Big 0 0 Time Exceeded 0 0 Parameter Problems 0 0 Echos 0 0 Echo Replies 0 0 MLD Queries 0 0 MLD Reports 0 0 MLD Dones 0 0 Router Solicitations 0 6 Router Advertisements 3 0 Neighbor Solicitations 0 1 Neighbor Advertisements 0 0 Redirects 0 0 Router Renumberings 0 0 TCP Statistics for IPv4 Active Opens = 1393 Passive Opens = 24 Failed Connection Attempts = 3 Reset Connections = 104 Current Connections = 10 Segments Received = 35730 Segments Sent = 30628 Segments Retransmitted = 114 TCP Statistics for IPv6 Active Opens = 4 Passive Opens = 4 Failed Connection Attempts = 0 Reset Connections = 4 Current Connections = 0 Segments Received = 62 Segments Sent = 62 Segments Retransmitted = 0 UDP Statistics for IPv4 Datagrams Received = 1707 No Ports = 2 Receive Errors = 0 Datagrams Sent = 2050 UDP Statistics for IPv6 Datagrams Received = 4279 No Ports = 0 Receive Errors = 0 Datagrams Sent = 6304 C:\Users\Biotoxic> Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/#findComment-591845028 Share on other sites More sharing options...
+BudMan MVC Posted November 14, 2009 MVC Share Posted November 14, 2009 Well if 192.168.0.1 is your router -- its makes NO sense why TCP 192.168.0.199:49175 192.168.0.1:80 TIME_WAIT TCP 192.168.0.199:49176 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49206 192.168.0.1:80 TIME_WAIT TCP 192.168.0.199:49207 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49208 192.168.0.1:80 TIME_WAIT TCP 192.168.0.199:49209 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49210 192.168.0.1:80 TIME_WAIT TCP 192.168.0.199:49211 192.168.0.1:9393 TIME_WAIT TCP 192.168.0.199:49221 192.168.0.1:9393 TIME_WAIT Why would wuauserv and [msnmsgr.exe] be making so many connections to your router on port 8 and 9393??? Ports: 9391-9395 Are unassiged, I found something listing 80,9393 tcp applications TalkSwitch http://www.talkswitch.com/us/en/ Which is why I asked if you were running something from them.. But it makes NO sense to me why the processes would be talking to your router IP on those ports?? Those stats must of been right after a reboot or you cleared the stats, etc.. Lets see the stats when you get the problem, or after you have been running for a while. If was me I would run a sniffer and see what the traffic is to your router on that weird port. And why would anything be talking to your router on http (80) either??? Link to comment https://www.neowin.net/forum/topic/844138-tcpip-error-help/#findComment-591846742 Share on other sites More sharing options...
Recommended Posts