Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 07-02-2005, 08:19 PM   #1
Baseband Member
 
thecoolkid's Avatar
 
Join Date: Feb 2005
Posts: 91
Default Unusual Connections in Netstat

I ran the netstat -an command a few minutes ago and the output that followed was a little disturbing. Take a look:


Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3689 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3862 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 127.0.0.1:3295 ESTABLISHED
TCP 127.0.0.1:1025 127.0.0.1:3318 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3320 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3322 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3326 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3329 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3332 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3340 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3346 TIME_WAIT
TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1047 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1061 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3208 127.0.0.1:3209 ESTABLISHED
TCP 127.0.0.1:3209 127.0.0.1:3208 ESTABLISHED
TCP 127.0.0.1:3295 127.0.0.1:1025 ESTABLISHED
TCP 127.0.0.1:3323 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3328 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3334 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3336 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3342 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3343 127.0.0.1:1025 TIME_WAIT
TCP Edited:139 0.0.0.0:0 LISTENING
TCP Edited:3296 64.233.187.104:80 ESTABLISHED
TCP Edited:3330 65.205.8.60:80 TIME_WAIT
TCP Edited:3338 Edited:139 TIME_WAIT
TCP Edited:3339 Edited:139 TIME_WAIT
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:1175 *:*
UDP 0.0.0.0:1176 *:*
UDP 0.0.0.0:3210 *:*
UDP 0.0.0.0:3862 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP Edited:123 *:*
UDP Edited:137 *:*
UDP Edited:138 *:*
UDP Edited:1900 *:*
UDP Edited:5353 *:*

is it possible to close some of these connections? I ran this with firefox closed. system-windows xp home

thecoolkidontheblock
__________________

__________________
"Computers are one per cent inspiration and ninety-nine per cent perspiration. Accordingly, a 'computer' is often merely a talented machine who has done all of its homework."

-Thomas Edison, Modern Day.
thecoolkid is offline   Reply With Quote
Old 07-03-2005, 12:28 AM   #2
Daemon Poster
 
RewtGuy's Avatar
 
Join Date: Dec 2004
Posts: 595
Send a message via AIM to RewtGuy
Default Re: Unusual Connections in Netstat

TCP Edited:3296 64.233.187.104:80 ESTABLISHED

That's the only odd one i see, with you saying you had your browser closed, do you have google in your taskbar or something? Why would you be connected to yourself?

TCP 127.0.0.1:1025 127.0.0.1:3295 ESTABLISHED
TCP 127.0.0.1:3208 127.0.0.1:3209 ESTABLISHED
TCP 127.0.0.1:3209 127.0.0.1:3208 ESTABLISHED
TCP 127.0.0.1:3295 127.0.0.1:1025 ESTABLISHED
__________________

__________________
Windows: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition.
RewtGuy is offline   Reply With Quote
Old 07-08-2005, 11:37 PM   #3
Solid State Member
 
Lazyflip's Avatar
 
Join Date: May 2005
Posts: 11
Send a message via AIM to Lazyflip
Default Re: Unusual Connections in Netstat

I'm using Norton and I sometimes get a connection alert on start-up that deals with TCP 127.0.0.1. I usually use the "Block Once" option. Not exactly sure what it is.
Lazyflip is offline   Reply With Quote
Old 07-09-2005, 01:24 AM   #4
Fully Optimized
 
dyserq's Avatar
 
Join Date: Jul 2005
Posts: 2,281
Default Re: Unusual Connections in Netstat

Block once is block that certain ip address from accessing your computer for thsi time
If it tries again it will notify you again
Hmm ... interesting just as rewtguy said ... why would you connect to yourself ?!?
dyserq is offline   Reply With Quote
Old 07-09-2005, 04:01 AM   #5
Solid State Member
 
Lazyflip's Avatar
 
Join Date: May 2005
Posts: 11
Send a message via AIM to Lazyflip
Default Re: Unusual Connections in Netstat

Oh. Maybe I should've wrote it better. I knew what Block Once is but I'm not sure what that IP address is (127.0.0.1).

EDIT: 127.0.0.1 isn't my own IP as far as I know of. Am i missing something here? I have 2 IP's which i know of one for the LAN i'm on which goes something like: 192.168.0.X and my Internet IP: 24.129.X.X.
Lazyflip is offline   Reply With Quote
Old 07-11-2005, 11:04 AM   #6
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: Unusual Connections in Netstat

127.0.0.1 is a loopback address... everyone has an address 127.0.0.1

regardless of whether they even have a network card of not!
root is offline   Reply With Quote
Old 07-11-2005, 03:08 PM   #7
Daemon Poster
 
RewtGuy's Avatar
 
Join Date: Dec 2004
Posts: 595
Send a message via AIM to RewtGuy
Default Re: Unusual Connections in Netstat

As root said, 127.0.0.1 is you. If you ping localhost (which is yourself) you'll notice the address is 127.0.0.1 I wonder what it is in IPv6
__________________
Windows: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition.
RewtGuy is offline   Reply With Quote
Old 07-14-2005, 07:08 PM   #8
In Runtime
 
x0r515t's Avatar
 
Join Date: May 2005
Posts: 236
Default Re: Unusual Connections in Netstat

Quote:
Originally Posted by RewtGuy
TCP Edited:3296 64.233.187.104:80 ESTABLISHED

That's the only odd one i see, with you saying you had your browser closed, do you have google in your taskbar or something?
Thats not that odd, click here:
http://64.233.187.104:80/
Most of the time you have to just wait for connections to time out on port 80... I bet when he did that netstat he either had google open, or just closed his browser window.
x0r515t is offline   Reply With Quote
Old 07-15-2005, 04:33 PM   #9
Daemon Poster
 
RewtGuy's Avatar
 
Join Date: Dec 2004
Posts: 595
Send a message via AIM to RewtGuy
Default Re: Unusual Connections in Netstat

he said he had his browser closed, and if he did it's odd. the only answer I can think of is him having that taskbar google thing opened up where you can search from your taskbar.
__________________
Windows: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition.
RewtGuy is offline   Reply With Quote
Old 07-15-2005, 07:47 PM   #10
In Runtime
 
x0r515t's Avatar
 
Join Date: May 2005
Posts: 236
Default

No, even if his browser window was closed it still could be perfectly normal. Now, if it was closed for 30 minutes and netstat still showed a connection to that address, then it would possibly be odd. Just because you close your browser window doesn't mean you "kill" the connection instantly you know. If you just close the window the connection will simply time out after time, but not instantly. Since we don't know when he closed his browser window, we can't say if it's "normal" or not.
__________________

x0r515t is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 05:54 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0