Netstat showing some weird connections


Recommended Posts

Okay, so my comp has been on since early this morning.

Since then, I've done many things. Surfed, checked email, gaming, etc.

Well, I had to logoff so Windows would "let go" of a folder so that I could delete it (can not delete folder, a file inside is in use or whatever). So I logoff and back on.

Well, i delete the folder, then out of total randomness, I open up my command prompt and do a quick netstat.

Hrm, this is where it got weird:

  Quote
Microsoft Windows XP [Version 5.1.2600]? Copyright 1985-2001 Microsoft Corp.

C:\>netstat

Active Connections

? Proto? Local Address? ? ? ? ? Foreign Address? ? ? ? State

? TCP? ? HERMAN:1417? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1418? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1421? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1423? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1424? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1425? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1426? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1427? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1428? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1432? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1435? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1441? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1442? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1445? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1446? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1447? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1448? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1450? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1451? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1452? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1455? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1464? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1465? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1466? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1468? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1469? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1472? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1473? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1474? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1477? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1478? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1481? ? ? ? ? ? fjordo:microsoft-ds? ? ESTABLISHED

C:\>netstat -n

Active Connections

? Proto? Local Address? ? ? ? ? Foreign Address? ? ? ? State

? TCP? ? 192.168.1.100:1417? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1418? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1421? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1423? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1424? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1425? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1426? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1427? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1428? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1432? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1435? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1441? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1442? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1445? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1446? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1447? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1448? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1450? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1451? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1452? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1455? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1464? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1465? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1466? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1468? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1469? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1472? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1473? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1474? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1477? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1478? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1481? ?  192.168.1.103:445? ? ? ESTABLISHED

Now the connection to Fjordo I understand. That's my server and I have some of it's drives mapped here. But if you plug that addy into a web browser, it takes you to Neowin (sort of). Odd odd odd.

Any clues?

Btw, no programs were running than my startup programs (quicknotes, winamp, and Samurize {don't have any news scripts running, never have}). And I wasn't in IE either.

:laugh: yep, he's right. that's the neowin server's ip.

you can use the nslookup command in 2000/xp to find the domain name of an ip address.

C:\>nslookup neowin.net
Server: ?ns5.attbi.com
Address: ?204.127.202.4

Non-authoritative answer:
Name: ? ?neowin.net
Address: ?207.44.242.9


C:\>nslookup 207.44.242.9
Server: ?ns5.attbi.com
Address: ?204.127.202.4

Name: ? ?server01.systemips.com
Address: ?207.44.242.9

ns5.attbi.com is one of the dns servers my isp uses. yours will be different unless you're on mediacom/attbi's network.

note that the ip 207.44.242.9 has more than one domain registered to it (neowin.net AND server01.systemips.com).

Edited by gameguy
  MxxCon said:
yoru bandwidth is not going anywhere!

hense connection status is "TIME_WAIT"

this is what persistent http connections look like.

ToastGodSupreme's browser/proxy is configured to open that many connections at once (prolly opera)

You should see how big that list gets when i'm actually BROWSING the site. :D

But oh well, I guess no big deal, they just didn't terminate... I was freaked out at the time though a little bit just due to the number of them and the fact that I had logged off and back on and whatnot. bUt oh well... ;)

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.