TCP/IP Error Help

2,735 · November 10, 2009

I'm getting this error persistently on my wireless conection:

Log Name: System

Source: Tcpip

Event ID: 4227

Level: Warning

TCP/IP failed to establish an outgoing connection because the selected local

endpoint was recently used to connect to the same remote endpoint. This

error typically occurs when outgoing connections are opened and closed at a

high rate, causing all available local ports to be used and forcing TCP/IP

to reuse a local port for an outgoing connection. To minimize the risk of

data corruption, the TCP/IP standard requires a minimum time period to

elapse between successive connections from a given local endpoint to a given

remote endpoint.

My computer is connected via wireless to a D-Link DIR-655 router and the router is connected directly to a Motorola Surfboard 5120 Cable Modem. Any help on how to avoid this annoyance will be appreciated.

31,974 · November 10, 2009

"causing all available local ports to be used"

Sounds like you used up all your ports.. there are 65535 of them!

I would guess your infected with something to be sure.. Or you got something that is forcing the use of new port everytime it makes a connection to the same IP??

What does the output of netstat -anb look like.. Which proccess is making all the connections and to where?

You should be able to clear it by disabling your interface and then re-enabling it.

But you must have something screaming through your connection ports making outbound connections to run into that type of error.

November 10, 2009

As BudMan said, disable/enable the network interface to refresh the protocol configuration. More details:

http://technet.microsoft.com/en-us/library...28WS.10%29.aspx

31,974 · November 10, 2009

Thats a temp fix, I would really like to see what your netstat -anb looks like.. You must have something just creating a **** load of connections.

2,735 · November 11, 2009

I ran netstat -anb and this is what I got.

Microsoft Windows [Version 6.1.7600]

C:\Users\Biotoxic>netstat -anb

Active Connections

Proto Local Address Foreign Address State

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

RpcSs

[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:554 0.0.0.0:0 LISTENING

[wmpnetwk.exe]

TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING

[wininit.exe]

TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING

eventlog

[svchost.exe]

TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING

Schedule

[svchost.exe]

TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING

[services.exe]

TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING

[lsass.exe]

TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING

[mDNSResponder.exe]

TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING

[AppleMobileDeviceService.exe]

TCP 127.0.0.1:49158 0.0.0.0:0 LISTENING

[ccSvcHst.exe]

TCP 127.0.0.1:49198 0.0.0.0:0 LISTENING

[msnmsgr.exe]

TCP 127.0.0.1:49198 127.0.0.1:49199 ESTABLISHED

[msnmsgr.exe]

TCP 127.0.0.1:49199 127.0.0.1:49198 ESTABLISHED

[msnmsgr.exe]

TCP 127.0.0.1:49237 127.0.0.1:49238 ESTABLISHED

[firefox.exe]

TCP 127.0.0.1:49238 127.0.0.1:49237 ESTABLISHED

[firefox.exe]

TCP 127.0.0.1:49240 127.0.0.1:49241 ESTABLISHED

[firefox.exe]

TCP 127.0.0.1:49241 127.0.0.1:49240 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:139 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 192.168.0.199:49196 65.54.49.137:1863 ESTABLISHED

[msnmsgr.exe]

TCP 192.168.0.199:49403 64.237.231.247:61494 CLOSE_WAIT

[msnmsgr.exe]

TCP 192.168.0.199:49527 70.119.185.224:65211 ESTABLISHED

[msnmsgr.exe]

TCP 192.168.0.199:49545 174.20.165.91:51498 ESTABLISHED

[msnmsgr.exe]

TCP 192.168.0.199:50816 8.12.226.77:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:50825 96.17.106.115:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:50828 72.14.209.101:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:50849 8.12.226.77:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:50920 209.17.73.7:80 CLOSE_WAIT

[firefox.exe]

TCP 192.168.0.199:50967 64.215.156.43:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51012 96.17.106.152:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51013 96.17.106.152:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51014 96.17.106.152:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51015 96.17.106.152:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51016 96.17.106.90:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51056 74.125.67.156:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51059 74.125.67.156:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51074 74.125.67.149:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51078 96.17.106.123:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51080 96.17.106.147:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:51090 143.127.102.125:80 TIME_WAIT

TCP 192.168.0.199:51109 65.54.167.59:80 ESTABLISHED

[msnmsgr.exe]

TCP [::]:135 [::]:0 LISTENING

RpcSs

[svchost.exe]

TCP [::]:445 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:554 [::]:0 LISTENING

[wmpnetwk.exe]

TCP [::]:2869 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:3587 [::]:0 LISTENING

p2pimsvc

[svchost.exe]

TCP [::]:5357 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:10243 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:49152 [::]:0 LISTENING

[wininit.exe]

TCP [::]:49153 [::]:0 LISTENING

eventlog

[svchost.exe]

TCP [::]:49154 [::]:0 LISTENING

Schedule

[svchost.exe]

TCP [::]:49155 [::]:0 LISTENING

[services.exe]

TCP [::]:49157 [::]:0 LISTENING

[lsass.exe]

TCP [::1]:49159 [::]:0 LISTENING

[ccSvcHst.exe]

UDP 0.0.0.0:500 *:*

IKEEXT

[svchost.exe]

UDP 0.0.0.0:3544 *:*

iphlpsvc

[svchost.exe]

UDP 0.0.0.0:3702 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:3702 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:3702 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:3702 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:4500 *:*

IKEEXT

[svchost.exe]

UDP 0.0.0.0:5004 *:*

[wmpnetwk.exe]

UDP 0.0.0.0:5005 *:*

[wmpnetwk.exe]

UDP 0.0.0.0:5355 *:*

Dnscache

[svchost.exe]

UDP 0.0.0.0:52198 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:52200 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:61065 *:*

[mDNSResponder.exe]

UDP 0.0.0.0:64477 *:*

[mDNSResponder.exe]

UDP 0.0.0.0:64479 *:*

FDResPub

[svchost.exe]

UDP 127.0.0.1:1900 *:*

SSDPSRV

[svchost.exe]

UDP 127.0.0.1:50371 *:*

[ccSvcHst.exe]

UDP 127.0.0.1:52443 *:*

[wlcomm.exe]

UDP 127.0.0.1:56807 *:*

[msnmsgr.exe]

UDP 127.0.0.1:57935 *:*

SSDPSRV

[svchost.exe]

UDP 192.168.0.199:9 *:*

[msnmsgr.exe]

UDP 192.168.0.199:137 *:*

Can not obtain ownership information

UDP 192.168.0.199:138 *:*

Can not obtain ownership information

UDP 192.168.0.199:1900 *:*

SSDPSRV

[svchost.exe]

UDP 192.168.0.199:5353 *:*

[mDNSResponder.exe]

UDP 192.168.0.199:54393 *:*

iphlpsvc

[svchost.exe]

UDP 192.168.0.199:57934 *:*

SSDPSRV

[svchost.exe]

UDP [::]:500 *:*

IKEEXT

[svchost.exe]

UDP [::]:3540 *:*

p2pimsvc

[svchost.exe]

UDP [::]:3702 *:*

FDResPub

[svchost.exe]

UDP [::]:3702 *:*

EventSystem

[svchost.exe]

UDP [::]:3702 *:*

FDResPub

[svchost.exe]

UDP [::]:3702 *:*

EventSystem

[svchost.exe]

UDP [::]:4500 *:*

IKEEXT

[svchost.exe]

UDP [::]:5004 *:*

[wmpnetwk.exe]

UDP [::]:5005 *:*

[wmpnetwk.exe]

UDP [::]:5355 *:*

Dnscache

[svchost.exe]

UDP [::]:52199 *:*

EventSystem

[svchost.exe]

UDP [::]:52201 *:*

EventSystem

[svchost.exe]

UDP [::]:64478 *:*

[mDNSResponder.exe]

UDP [::]:64480 *:*

FDResPub

[svchost.exe]

UDP [::1]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [::1]:57933 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::c096:2dd8:f01f:ab5a%11]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::c096:2dd8:f01f:ab5a%11]:57932 *:*

SSDPSRV

[svchost.exe]

C:\Users\Biotoxic>

Thanks in advance Budman for any help finding out wtf is causing this.

EDIT: placed plain text instead. Much easier to read.

Edited November 11, 2009 by Biotoxic_hazard_835

31,974 · November 11, 2009

Seems like you got quite a few connections to google there? I see one to photobucket

Do me a favor, close firefox when you do the netstat -anb again, and then in a couple of minutes do it again. Without running firefox between.. You need to see if firefox is opening up connections without you.

Lots of worms can search google looking for next target, etc. Each time it makes a new connection it would be using up a local port, etc.

What exactly were you doing on firefox when you took that netstat?

2,735 · November 12, 2009

Ok, yesterday I was just browsing around and did 3 Google searches and accessed photobucket once. I have run both NIS 2010 and Malwarebytes and both show a clean system. Here are the netstat -anb info as you requested. Run 3 instances 5 minutes apart, first 2 without opening Firefox and the third one after opening Firefox to My Yahoo and Neowin.

Microsoft Windows [Version 6.1.7600]

C:\Users\Biotoxic>netstat -anb

Active Connections

Proto Local Address Foreign Address State

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

RpcSs

[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:554 0.0.0.0:0 LISTENING

[wmpnetwk.exe]

TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING

[wininit.exe]

TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING

eventlog

[svchost.exe]

TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING

Schedule

[svchost.exe]

TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING

[services.exe]

TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING

[lsass.exe]

TCP 127.0.0.1:2869 127.0.0.1:49170 TIME_WAIT

TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING

[mDNSResponder.exe]

TCP 127.0.0.1:5357 127.0.0.1:49169 TIME_WAIT

TCP 127.0.0.1:5357 127.0.0.1:49188 TIME_WAIT

TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING

[AppleMobileDeviceService.exe]

TCP 127.0.0.1:49158 0.0.0.0:0 LISTENING

[ccSvcHst.exe]

TCP 127.0.0.1:49161 127.0.0.1:49160 TIME_WAIT

TCP 127.0.0.1:49200 0.0.0.0:0 LISTENING

[msnmsgr.exe]

TCP 127.0.0.1:49200 127.0.0.1:49202 ESTABLISHED

[msnmsgr.exe]

TCP 127.0.0.1:49202 127.0.0.1:49200 ESTABLISHED

[msnmsgr.exe]

TCP 192.168.0.199:139 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 192.168.0.199:49162 213.35.100.25:80 TIME_WAIT

TCP 192.168.0.199:49165 213.35.100.25:80 TIME_WAIT

TCP 192.168.0.199:49167 213.35.100.25:80 TIME_WAIT

TCP 192.168.0.199:49168 213.35.100.25:80 TIME_WAIT

TCP 192.168.0.199:49173 192.168.0.1:80 TIME_WAIT

TCP 192.168.0.199:49174 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49175 192.168.0.1:80 TIME_WAIT

TCP 192.168.0.199:49176 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49177 192.168.0.1:80 TIME_WAIT

TCP 192.168.0.199:49178 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49184 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49191 65.55.184.152:80 ESTABLISHED

wuauserv

[svchost.exe]

TCP 192.168.0.199:49195 65.55.184.152:443 ESTABLISHED

wuauserv

[svchost.exe]

TCP 192.168.0.199:49197 65.54.52.62:1863 TIME_WAIT

TCP 192.168.0.199:49198 65.54.49.45:1863 ESTABLISHED

[msnmsgr.exe]

TCP 192.168.0.199:49199 65.55.7.141:80 TIME_WAIT

TCP 192.168.0.199:49203 65.55.197.115:80 ESTABLISHED

[msnmsgr.exe]

TCP 192.168.0.199:49204 207.46.125.253:7001 TIME_WAIT

TCP 192.168.0.199:49204 207.46.125.254:7001 TIME_WAIT

TCP 192.168.0.199:49206 192.168.0.1:80 TIME_WAIT

TCP 192.168.0.199:49207 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49208 192.168.0.1:80 TIME_WAIT

TCP 192.168.0.199:49209 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49210 192.168.0.1:80 TIME_WAIT

TCP 192.168.0.199:49211 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49221 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49222 168.75.207.20:80 ESTABLISHED

[msnmsgr.exe]

TCP 192.168.0.199:49227 65.54.167.92:80 ESTABLISHED

[msnmsgr.exe]

TCP [::]:135 [::]:0 LISTENING

RpcSs

[svchost.exe]

TCP [::]:445 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:554 [::]:0 LISTENING

[wmpnetwk.exe]

TCP [::]:2869 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:3587 [::]:0 LISTENING

p2pimsvc

[svchost.exe]

TCP [::]:5357 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:10243 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:49152 [::]:0 LISTENING

[wininit.exe]

TCP [::]:49153 [::]:0 LISTENING

eventlog

[svchost.exe]

TCP [::]:49154 [::]:0 LISTENING

Schedule

[svchost.exe]

TCP [::]:49155 [::]:0 LISTENING

[services.exe]

TCP [::]:49157 [::]:0 LISTENING

[lsass.exe]

TCP [::1]:49159 [::]:0 LISTENING

[ccSvcHst.exe]

UDP 0.0.0.0:500 *:*

IKEEXT

[svchost.exe]

UDP 0.0.0.0:3544 *:*

iphlpsvc

[svchost.exe]

UDP 0.0.0.0:3702 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:3702 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:3702 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:3702 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:4500 *:*

IKEEXT

[svchost.exe]

UDP 0.0.0.0:5004 *:*

[wmpnetwk.exe]

UDP 0.0.0.0:5005 *:*

[wmpnetwk.exe]

UDP 0.0.0.0:5355 *:*

Dnscache

[svchost.exe]

UDP 0.0.0.0:52676 *:*

[mDNSResponder.exe]

UDP 0.0.0.0:52678 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:53049 *:*

[mDNSResponder.exe]

UDP 0.0.0.0:58412 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:58418 *:*

EventSystem

[svchost.exe]

UDP 127.0.0.1:1900 *:*

SSDPSRV

[svchost.exe]

UDP 127.0.0.1:54292 *:*

[msnmsgr.exe]

UDP 127.0.0.1:58417 *:*

SSDPSRV

[svchost.exe]

UDP 127.0.0.1:63184 *:*

[wlcomm.exe]

UDP 192.168.0.199:9 *:*

[msnmsgr.exe]

UDP 192.168.0.199:137 *:*

Can not obtain ownership information

UDP 192.168.0.199:138 *:*

Can not obtain ownership information

UDP 192.168.0.199:1900 *:*

SSDPSRV

[svchost.exe]

UDP 192.168.0.199:5353 *:*

[mDNSResponder.exe]

UDP 192.168.0.199:54393 *:*

iphlpsvc

[svchost.exe]

UDP 192.168.0.199:58416 *:*

SSDPSRV

[svchost.exe]

UDP [::]:500 *:*

IKEEXT

[svchost.exe]

UDP [::]:3540 *:*

p2pimsvc

[svchost.exe]

UDP [::]:3702 *:*

FDResPub

[svchost.exe]

UDP [::]:3702 *:*

EventSystem

[svchost.exe]

UDP [::]:3702 *:*

FDResPub

[svchost.exe]

UDP [::]:3702 *:*

EventSystem

[svchost.exe]

UDP [::]:4500 *:*

IKEEXT

[svchost.exe]

UDP [::]:5004 *:*

[wmpnetwk.exe]

UDP [::]:5005 *:*

[wmpnetwk.exe]

UDP [::]:5355 *:*

Dnscache

[svchost.exe]

UDP [::]:52677 *:*

[mDNSResponder.exe]

UDP [::]:52679 *:*

FDResPub

[svchost.exe]

UDP [::]:58413 *:*

EventSystem

[svchost.exe]

UDP [::]:58419 *:*

EventSystem

[svchost.exe]

UDP [::1]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [::1]:58415 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::c096:2dd8:f01f:ab5a%11]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::c096:2dd8:f01f:ab5a%11]:58414 *:*

SSDPSRV

[svchost.exe]

C:\Users\Biotoxic>

Microsoft Windows [Version 6.1.7600]

C:\Users\Biotoxic>netstat -anb

Active Connections

Proto Local Address Foreign Address State

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

RpcSs

[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:554 0.0.0.0:0 LISTENING

[wmpnetwk.exe]

TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING

[wininit.exe]

TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING

eventlog

[svchost.exe]

TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING

Schedule

[svchost.exe]

TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING

[services.exe]

TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING

[lsass.exe]

TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING

[mDNSResponder.exe]

TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING

[AppleMobileDeviceService.exe]

TCP 127.0.0.1:49158 0.0.0.0:0 LISTENING

[ccSvcHst.exe]

TCP 127.0.0.1:49200 0.0.0.0:0 LISTENING

[msnmsgr.exe]

TCP 127.0.0.1:49200 127.0.0.1:49202 ESTABLISHED

[msnmsgr.exe]

TCP 127.0.0.1:49202 127.0.0.1:49200 ESTABLISHED

[msnmsgr.exe]

TCP 192.168.0.199:139 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 192.168.0.199:49198 65.54.49.45:1863 ESTABLISHED

[msnmsgr.exe]

TCP 192.168.0.199:49259 65.55.197.115:80 CLOSE_WAIT

[msnmsgr.exe]

TCP 192.168.0.199:49260 65.55.197.115:80 CLOSE_WAIT

[msnmsgr.exe]

TCP [::]:135 [::]:0 LISTENING

RpcSs

[svchost.exe]

TCP [::]:445 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:554 [::]:0 LISTENING

[wmpnetwk.exe]

TCP [::]:2869 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:3587 [::]:0 LISTENING

p2pimsvc

[svchost.exe]

TCP [::]:5357 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:10243 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:49152 [::]:0 LISTENING

[wininit.exe]

TCP [::]:49153 [::]:0 LISTENING

eventlog

[svchost.exe]

TCP [::]:49154 [::]:0 LISTENING

Schedule

[svchost.exe]

TCP [::]:49155 [::]:0 LISTENING

[services.exe]

TCP [::]:49157 [::]:0 LISTENING

[lsass.exe]

TCP [::1]:49159 [::]:0 LISTENING

[ccSvcHst.exe]

UDP 0.0.0.0:500 *:*

IKEEXT

[svchost.exe]

UDP 0.0.0.0:3544 *:*

iphlpsvc

[svchost.exe]

UDP 0.0.0.0:3702 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:3702 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:3702 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:3702 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:4500 *:*

IKEEXT

[svchost.exe]

UDP 0.0.0.0:5004 *:*

[wmpnetwk.exe]

UDP 0.0.0.0:5005 *:*

[wmpnetwk.exe]

UDP 0.0.0.0:5355 *:*

Dnscache

[svchost.exe]

UDP 0.0.0.0:52676 *:*

[mDNSResponder.exe]

UDP 0.0.0.0:52678 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:53049 *:*

[mDNSResponder.exe]

UDP 0.0.0.0:58412 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:58418 *:*

EventSystem

[svchost.exe]

UDP 127.0.0.1:1900 *:*

SSDPSRV

[svchost.exe]

UDP 127.0.0.1:54292 *:*

[msnmsgr.exe]

UDP 127.0.0.1:58417 *:*

SSDPSRV

[svchost.exe]

UDP 127.0.0.1:63184 *:*

[wlcomm.exe]

UDP 192.168.0.199:9 *:*

[msnmsgr.exe]

UDP 192.168.0.199:137 *:*

Can not obtain ownership information

UDP 192.168.0.199:138 *:*

Can not obtain ownership information

UDP 192.168.0.199:1900 *:*

SSDPSRV

[svchost.exe]

UDP 192.168.0.199:5353 *:*

[mDNSResponder.exe]

UDP 192.168.0.199:54393 *:*

iphlpsvc

[svchost.exe]

UDP 192.168.0.199:58416 *:*

SSDPSRV

[svchost.exe]

UDP [::]:500 *:*

IKEEXT

[svchost.exe]

UDP [::]:3540 *:*

p2pimsvc

[svchost.exe]

UDP [::]:3702 *:*

FDResPub

[svchost.exe]

UDP [::]:3702 *:*

EventSystem

[svchost.exe]

UDP [::]:3702 *:*

FDResPub

[svchost.exe]

UDP [::]:3702 *:*

EventSystem

[svchost.exe]

UDP [::]:4500 *:*

IKEEXT

[svchost.exe]

UDP [::]:5004 *:*

[wmpnetwk.exe]

UDP [::]:5005 *:*

[wmpnetwk.exe]

UDP [::]:5355 *:*

Dnscache

[svchost.exe]

UDP [::]:52677 *:*

[mDNSResponder.exe]

UDP [::]:52679 *:*

FDResPub

[svchost.exe]

UDP [::]:58413 *:*

EventSystem

[svchost.exe]

UDP [::]:58419 *:*

EventSystem

[svchost.exe]

UDP [::1]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [::1]:58415 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::c096:2dd8:f01f:ab5a%11]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::c096:2dd8:f01f:ab5a%11]:58414 *:*

SSDPSRV

[svchost.exe]

C:\Users\Biotoxic>

Microsoft Windows [Version 6.1.7600]

C:\Users\Biotoxic>netstat -anb

Active Connections

Proto Local Address Foreign Address State

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

RpcSs

[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:554 0.0.0.0:0 LISTENING

[wmpnetwk.exe]

TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING

[wininit.exe]

TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING

eventlog

[svchost.exe]

TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING

Schedule

[svchost.exe]

TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING

[services.exe]

TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING

[lsass.exe]

TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING

[mDNSResponder.exe]

TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING

[AppleMobileDeviceService.exe]

TCP 127.0.0.1:49158 0.0.0.0:0 LISTENING

[ccSvcHst.exe]

TCP 127.0.0.1:49200 0.0.0.0:0 LISTENING

[msnmsgr.exe]

TCP 127.0.0.1:49200 127.0.0.1:49202 ESTABLISHED

[msnmsgr.exe]

TCP 127.0.0.1:49202 127.0.0.1:49200 ESTABLISHED

[msnmsgr.exe]

TCP 127.0.0.1:49371 127.0.0.1:49372 ESTABLISHED

[firefox.exe]

TCP 127.0.0.1:49372 127.0.0.1:49371 ESTABLISHED

[firefox.exe]

TCP 127.0.0.1:49374 127.0.0.1:49375 ESTABLISHED

[firefox.exe]

TCP 127.0.0.1:49375 127.0.0.1:49374 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:139 0.0.0.0:0 LISTENING

Can not obtain ownership information

TCP 192.168.0.199:49198 65.54.49.45:1863 ESTABLISHED

[msnmsgr.exe]

TCP 192.168.0.199:49376 74.125.67.104:443 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49377 199.7.58.72:80 TIME_WAIT

TCP 192.168.0.199:49379 96.17.106.73:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49380 96.17.106.73:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49381 96.17.106.73:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49382 96.17.106.73:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49384 96.17.106.90:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49385 96.17.106.90:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49386 96.17.106.90:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49387 96.17.106.90:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49388 96.17.106.138:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49389 74.125.67.17:443 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49390 76.13.6.132:80 TIME_WAIT

TCP 192.168.0.199:49391 143.127.102.125:80 TIME_WAIT

TCP 192.168.0.199:49392 199.7.58.72:80 TIME_WAIT

TCP 192.168.0.199:49393 96.17.106.88:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49400 74.125.67.95:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49401 74.125.67.155:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49404 208.43.92.218:80 TIME_WAIT

TCP 192.168.0.199:49405 208.43.92.218:80 TIME_WAIT

TCP 192.168.0.199:49406 74.125.67.148:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49409 208.43.92.218:80 TIME_WAIT

TCP 192.168.0.199:49410 74.125.65.118:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49411 74.125.45.113:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49412 96.17.106.67:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49413 64.124.194.51:80 TIME_WAIT

TCP 192.168.0.199:49414 96.17.106.147:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49416 206.132.192.198:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49417 143.127.102.125:80 TIME_WAIT

TCP [::]:135 [::]:0 LISTENING

RpcSs

[svchost.exe]

TCP [::]:445 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:554 [::]:0 LISTENING

[wmpnetwk.exe]

TCP [::]:2869 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:3587 [::]:0 LISTENING

p2pimsvc

[svchost.exe]

TCP [::]:5357 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:10243 [::]:0 LISTENING

Can not obtain ownership information

TCP [::]:49152 [::]:0 LISTENING

[wininit.exe]

TCP [::]:49153 [::]:0 LISTENING

eventlog

[svchost.exe]

TCP [::]:49154 [::]:0 LISTENING

Schedule

[svchost.exe]

TCP [::]:49155 [::]:0 LISTENING

[services.exe]

TCP [::]:49157 [::]:0 LISTENING

[lsass.exe]

TCP [::1]:49159 [::]:0 LISTENING

[ccSvcHst.exe]

UDP 0.0.0.0:500 *:*

IKEEXT

[svchost.exe]

UDP 0.0.0.0:3544 *:*

iphlpsvc

[svchost.exe]

UDP 0.0.0.0:3702 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:3702 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:3702 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:3702 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:4500 *:*

IKEEXT

[svchost.exe]

UDP 0.0.0.0:5004 *:*

[wmpnetwk.exe]

UDP 0.0.0.0:5005 *:*

[wmpnetwk.exe]

UDP 0.0.0.0:5355 *:*

Dnscache

[svchost.exe]

UDP 0.0.0.0:52676 *:*

[mDNSResponder.exe]

UDP 0.0.0.0:52678 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:53049 *:*

[mDNSResponder.exe]

UDP 0.0.0.0:58412 *:*

EventSystem

[svchost.exe]

UDP 0.0.0.0:58418 *:*

EventSystem

[svchost.exe]

UDP 127.0.0.1:1900 *:*

SSDPSRV

[svchost.exe]

UDP 127.0.0.1:54292 *:*

[msnmsgr.exe]

UDP 127.0.0.1:58417 *:*

SSDPSRV

[svchost.exe]

UDP 127.0.0.1:63184 *:*

[wlcomm.exe]

UDP 192.168.0.199:9 *:*

[msnmsgr.exe]

UDP 192.168.0.199:137 *:*

Can not obtain ownership information

UDP 192.168.0.199:138 *:*

Can not obtain ownership information

UDP 192.168.0.199:1900 *:*

SSDPSRV

[svchost.exe]

UDP 192.168.0.199:5353 *:*

[mDNSResponder.exe]

UDP 192.168.0.199:54393 *:*

iphlpsvc

[svchost.exe]

UDP 192.168.0.199:58416 *:*

SSDPSRV

[svchost.exe]

UDP [::]:500 *:*

IKEEXT

[svchost.exe]

UDP [::]:3540 *:*

p2pimsvc

[svchost.exe]

UDP [::]:3702 *:*

FDResPub

[svchost.exe]

UDP [::]:3702 *:*

EventSystem

[svchost.exe]

UDP [::]:3702 *:*

FDResPub

[svchost.exe]

UDP [::]:3702 *:*

EventSystem

[svchost.exe]

UDP [::]:4500 *:*

IKEEXT

[svchost.exe]

UDP [::]:5004 *:*

[wmpnetwk.exe]

UDP [::]:5005 *:*

[wmpnetwk.exe]

UDP [::]:5355 *:*

Dnscache

[svchost.exe]

UDP [::]:52677 *:*

[mDNSResponder.exe]

UDP [::]:52679 *:*

FDResPub

[svchost.exe]

UDP [::]:58413 *:*

EventSystem

[svchost.exe]

UDP [::]:58419 *:*

EventSystem

[svchost.exe]

UDP [::1]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [::1]:58415 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::c096:2dd8:f01f:ab5a%11]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::c096:2dd8:f01f:ab5a%11]:58414 *:*

SSDPSRV

[svchost.exe]

C:\Users\Biotoxic>

2,735 · November 13, 2009

BUMP!

Any ideas on what is causing this guys ?

31,974 · November 13, 2009

this is odd

TCP 192.168.0.199:49204 207.46.125.253:7001 TIME_WAIT

TCP 192.168.0.199:49204 207.46.125.254:7001 TIME_WAIT

So how source port is the same going to 2 different IP? thats shouldn't happen?? And then you go the same sort of thing going on here

TCP 127.0.0.1:5357 127.0.0.1:49169 TIME_WAIT

TCP 127.0.0.1:5357 127.0.0.1:49188 TIME_WAIT

Your opening up connection, closing it and then opening up a different connection from the same source port -- and this also in time_wait? Hmmmmm seems strange to be sure, or maybe its just early in the morning?

Anyway -- lets take a look at netstat -s

Im thinking your having lots and lots of errors and retrans on your network?? Also take a look at

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\TcpTimedWaitDelay

What is your setting? is it 30 or 1e in hex Maybe yours is higher??

Also what is on 192.168.0.1 -- not sure why you would be trying to make connections to that on 80 and 9393, is that not your router? Seems odd.

Also do you have TalkSwitch? I see multiple connections to 80, 9393 to your 192.168.0.1?? What is that IP, is that your router? or some kind of pbx box? Not sure why wuauserv would be doing that???

Then you see stuff like this

TCP 192.168.0.199:49404 208.43.92.218:80 TIME_WAIT

TCP 192.168.0.199:49405 208.43.92.218:80 TIME_WAIT

TCP 192.168.0.199:49406 74.125.67.148:80 ESTABLISHED

[firefox.exe]

TCP 192.168.0.199:49409 208.43.92.218:80 TIME_WAIT

Why would firefox be opening up so many connections to the same IP -- since you see lots of them in time_wait means they were opened and then closed and then opened again using a different connection. I do believe the default TcpTimedWaitDelay is 30 seconds.. So you opened up 3 different connections to the same place and then closed them all within 30 seconds? I show that IP as lb2.collective-media.net but can not view it directly.

Be software on your machine checking stuff, your browsing habits? But opening up 3 connections to the same place and then closing them all within 30 seconds seems a bit odd.

How often do you get the error? And Im not sure if its just using all the ports, or see first thing I posted about making a connection to 2 different IPs from the same source port?? That should not happen.

2,735 · November 13, 2009

192.168.0.1 is my router, the registry key TcpTimedWaitDelay in non existent in my Windows 7 registry. No pbx box or anything like it connected to my computer. And excuse my ignorance but I have no idea as to what TalkSwitch is.

Here is my netstat -s

Microsoft Windows [Version 6.1.7600]

C:\Users\Biotoxic>netstat -s

IPv4 Statistics

Packets Received = 24045

Received Header Errors = 0

Received Address Errors = 0

Datagrams Forwarded = 0

Unknown Protocols Received = 0

Received Packets Discarded = 2

Received Packets Delivered = 37761

Output Requests = 32838

Routing Discards = 0

Discarded Output Packets = 0

Output Packet No Route = 0

Reassembly Required = 0

Reassembly Successful = 0

Reassembly Failures = 0

Datagrams Successfully Fragmented = 0

Datagrams Failing Fragmentation = 0

Fragments Created = 0

IPv6 Statistics

Packets Received = 3

Received Header Errors = 0

Received Address Errors = 0

Datagrams Forwarded = 0

Unknown Protocols Received = 0

Received Packets Discarded = 0

Received Packets Delivered = 6278

Output Requests = 6426

Routing Discards = 0

Discarded Output Packets = 0

Output Packet No Route = 2

Reassembly Required = 0

Reassembly Successful = 0

Reassembly Failures = 0

Datagrams Successfully Fragmented = 0

Datagrams Failing Fragmentation = 0

Fragments Created = 0

ICMPv4 Statistics

Received Sent

Messages 0 0

Errors 0 0

Destination Unreachable 0 0

Time Exceeded 0 0

Parameter Problems 0 0

Source Quenches 0 0

Redirects 0 0

Echo Replies 0 0

Echos 0 0

Timestamps 0 0

Timestamp Replies 0 0

Address Masks 0 0

Address Mask Replies 0 0

Router Solicitations 0 0

Router Advertisements 0 0

ICMPv6 Statistics

Received Sent

Messages 3 7

Errors 0 0

Destination Unreachable 0 0

Packet Too Big 0 0

Time Exceeded 0 0

Parameter Problems 0 0

Echos 0 0

Echo Replies 0 0

MLD Queries 0 0

MLD Reports 0 0

MLD Dones 0 0

Router Solicitations 0 6

Router Advertisements 3 0

Neighbor Solicitations 0 1

Neighbor Advertisements 0 0

Redirects 0 0

Router Renumberings 0 0

TCP Statistics for IPv4

Active Opens = 1393

Passive Opens = 24

Failed Connection Attempts = 3

Reset Connections = 104

Current Connections = 10

Segments Received = 35730

Segments Sent = 30628

Segments Retransmitted = 114

TCP Statistics for IPv6

Active Opens = 4

Passive Opens = 4

Failed Connection Attempts = 0

Reset Connections = 4

Current Connections = 0

Segments Received = 62

Segments Sent = 62

Segments Retransmitted = 0

UDP Statistics for IPv4

Datagrams Received = 1707

No Ports = 2

Receive Errors = 0

Datagrams Sent = 2050

UDP Statistics for IPv6

Datagrams Received = 4279

No Ports = 0

Receive Errors = 0

Datagrams Sent = 6304

C:\Users\Biotoxic>

31,974 · November 14, 2009

Well if 192.168.0.1 is your router -- its makes NO sense why

TCP 192.168.0.199:49175 192.168.0.1:80 TIME_WAIT

TCP 192.168.0.199:49176 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49206 192.168.0.1:80 TIME_WAIT

TCP 192.168.0.199:49207 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49208 192.168.0.1:80 TIME_WAIT

TCP 192.168.0.199:49209 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49210 192.168.0.1:80 TIME_WAIT

TCP 192.168.0.199:49211 192.168.0.1:9393 TIME_WAIT

TCP 192.168.0.199:49221 192.168.0.1:9393 TIME_WAIT

Why would wuauserv and [msnmsgr.exe] be making so many connections to your router on port 8 and 9393???

Ports: 9391-9395 Are unassiged, I found something listing

80,9393 tcp applications TalkSwitch

http://www.talkswitch.com/us/en/

Which is why I asked if you were running something from them.. But it makes NO sense to me why the processes would be talking to your router IP on those ports??

Those stats must of been right after a reboot or you cleared the stats, etc.. Lets see the stats when you get the problem, or after you have been running for a while.

If was me I would run a sniffer and see what the traffic is to your router on that weird port. And why would anything be talking to your router on http (80) either???

Sign In

TCP/IP Error Help

Recommended Posts

Biotoxic_hazard_835

Link to comment

Share on other sites

+BudMan MVC

Link to comment

Share on other sites

_V_

Link to comment

Share on other sites

+BudMan MVC

Link to comment

Share on other sites

Biotoxic_hazard_835

Link to comment

Share on other sites

+BudMan MVC

Link to comment

Share on other sites

Biotoxic_hazard_835

Link to comment

Share on other sites

Biotoxic_hazard_835

Link to comment

Share on other sites

+BudMan MVC

Link to comment

Share on other sites

Biotoxic_hazard_835

Link to comment

Share on other sites

+BudMan MVC

Link to comment

Share on other sites

Recently Browsing 0 members

Posts

Recent Achievements

Popular Contributors

Tell a friend

Choose your Ad Blocker