Netstat showing some weird connections


Recommended Posts

Okay, so my comp has been on since early this morning.

Since then, I've done many things. Surfed, checked email, gaming, etc.

Well, I had to logoff so Windows would "let go" of a folder so that I could delete it (can not delete folder, a file inside is in use or whatever). So I logoff and back on.

Well, i delete the folder, then out of total randomness, I open up my command prompt and do a quick netstat.

Hrm, this is where it got weird:

Microsoft Windows XP [Version 5.1.2600]? Copyright 1985-2001 Microsoft Corp.

C:\>netstat

Active Connections

? Proto? Local Address? ? ? ? ? Foreign Address? ? ? ? State

? TCP? ? HERMAN:1417? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1418? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1421? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1423? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1424? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1425? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1426? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1427? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1428? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1432? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1435? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1441? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1442? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1445? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1446? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1447? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1448? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1450? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1451? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1452? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1455? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1464? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1465? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1466? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1468? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1469? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1472? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1473? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1474? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1477? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1478? ? ? ? ? ? server01.systemips.com:http? TIME_WAIT

? TCP? ? HERMAN:1481? ? ? ? ? ? fjordo:microsoft-ds? ? ESTABLISHED

C:\>netstat -n

Active Connections

? Proto? Local Address? ? ? ? ? Foreign Address? ? ? ? State

? TCP? ? 192.168.1.100:1417? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1418? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1421? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1423? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1424? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1425? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1426? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1427? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1428? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1432? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1435? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1441? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1442? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1445? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1446? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1447? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1448? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1450? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1451? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1452? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1455? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1464? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1465? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1466? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1468? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1469? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1472? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1473? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1474? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1477? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1478? ?  207.44.242.9:80? ? ? ? TIME_WAIT

? TCP? ? 192.168.1.100:1481? ?  192.168.1.103:445? ? ? ESTABLISHED

Now the connection to Fjordo I understand. That's my server and I have some of it's drives mapped here. But if you plug that addy into a web browser, it takes you to Neowin (sort of). Odd odd odd.

Any clues?

Btw, no programs were running than my startup programs (quicknotes, winamp, and Samurize {don't have any news scripts running, never have}). And I wasn't in IE either.

Link to comment
Share on other sites

thats the name of the neowin server

if you dns neowin.net then resolve the ip you get server01.systemips.com

Edited by SMeK
Link to comment
Share on other sites

:laugh: yep, he's right. that's the neowin server's ip.

you can use the nslookup command in 2000/xp to find the domain name of an ip address.

C:\>nslookup neowin.net
Server: ?ns5.attbi.com
Address: ?204.127.202.4

Non-authoritative answer:
Name: ? ?neowin.net
Address: ?207.44.242.9


C:\>nslookup 207.44.242.9
Server: ?ns5.attbi.com
Address: ?204.127.202.4

Name: ? ?server01.systemips.com
Address: ?207.44.242.9

ns5.attbi.com is one of the dns servers my isp uses. yours will be different unless you're on mediacom/attbi's network.

note that the ip 207.44.242.9 has more than one domain registered to it (neowin.net AND server01.systemips.com).

Edited by gameguy
Link to comment
Share on other sites

yoru bandwidth is not going anywhere!

hense connection status is "TIME_WAIT"

this is what persistent http connections look like.

ToastGodSupreme's browser/proxy is configured to open that many connections at once (prolly opera)

Link to comment
Share on other sites

yoru bandwidth is not going anywhere!

hense connection status is "TIME_WAIT"

this is what persistent http connections look like.

ToastGodSupreme's browser/proxy is configured to open that many connections at once (prolly opera)

You should see how big that list gets when i'm actually BROWSING the site. :D

But oh well, I guess no big deal, they just didn't terminate... I was freaked out at the time though a little bit just due to the number of them and the fact that I had logged off and back on and whatnot. bUt oh well... ;)

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.