Computer Forums

Computer Forums (http://www.computerforums.org/forums/)
-   Cyber Safety and Computer Security (http://www.computerforums.org/forums/cyber-safety-computer-security/)
-   -   Unusual Connections in Netstat (http://www.computerforums.org/forums/cyber-safety-computer-security/unusual-connections-netstat-124212.html)

thecoolkid 07-02-2005 07:19 PM

Unusual Connections in Netstat
 
I ran the netstat -an command a few minutes ago and the output that followed was a little disturbing. Take a look:


Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3689 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3862 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 127.0.0.1:3295 ESTABLISHED
TCP 127.0.0.1:1025 127.0.0.1:3318 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3320 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3322 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3326 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3329 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3332 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3340 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3346 TIME_WAIT
TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1047 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1061 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3208 127.0.0.1:3209 ESTABLISHED
TCP 127.0.0.1:3209 127.0.0.1:3208 ESTABLISHED
TCP 127.0.0.1:3295 127.0.0.1:1025 ESTABLISHED
TCP 127.0.0.1:3323 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3328 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3334 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3336 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3342 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3343 127.0.0.1:1025 TIME_WAIT
TCP Edited:139 0.0.0.0:0 LISTENING
TCP Edited:3296 64.233.187.104:80 ESTABLISHED
TCP Edited:3330 65.205.8.60:80 TIME_WAIT
TCP Edited:3338 Edited:139 TIME_WAIT
TCP Edited:3339 Edited:139 TIME_WAIT
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:1175 *:*
UDP 0.0.0.0:1176 *:*
UDP 0.0.0.0:3210 *:*
UDP 0.0.0.0:3862 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP Edited:123 *:*
UDP Edited:137 *:*
UDP Edited:138 *:*
UDP Edited:1900 *:*
UDP Edited:5353 *:*

is it possible to close some of these connections? I ran this with firefox closed. system-windows xp home

thecoolkidontheblock

RewtGuy 07-02-2005 11:28 PM

Re: Unusual Connections in Netstat
 
TCP Edited:3296 64.233.187.104:80 ESTABLISHED

That's the only odd one i see, with you saying you had your browser closed, do you have google in your taskbar or something? Why would you be connected to yourself?

TCP 127.0.0.1:1025 127.0.0.1:3295 ESTABLISHED
TCP 127.0.0.1:3208 127.0.0.1:3209 ESTABLISHED
TCP 127.0.0.1:3209 127.0.0.1:3208 ESTABLISHED
TCP 127.0.0.1:3295 127.0.0.1:1025 ESTABLISHED

Lazyflip 07-08-2005 10:37 PM

Re: Unusual Connections in Netstat
 
I'm using Norton and I sometimes get a connection alert on start-up that deals with TCP 127.0.0.1. I usually use the "Block Once" option. Not exactly sure what it is.

dyserq 07-09-2005 12:24 AM

Re: Unusual Connections in Netstat
 
Block once is block that certain ip address from accessing your computer for thsi time
If it tries again it will notify you again
Hmm ... interesting just as rewtguy said ... why would you connect to yourself ?!?

Lazyflip 07-09-2005 03:01 AM

Re: Unusual Connections in Netstat
 
Oh. Maybe I should've wrote it better. I knew what Block Once is but I'm not sure what that IP address is (127.0.0.1).

EDIT: 127.0.0.1 isn't my own IP as far as I know of. Am i missing something here? I have 2 IP's which i know of one for the LAN i'm on which goes something like: 192.168.0.X and my Internet IP: 24.129.X.X.

root 07-11-2005 10:04 AM

Re: Unusual Connections in Netstat
 
127.0.0.1 is a loopback address... everyone has an address 127.0.0.1

regardless of whether they even have a network card of not!

RewtGuy 07-11-2005 02:08 PM

Re: Unusual Connections in Netstat
 
As root said, 127.0.0.1 is you. If you ping localhost (which is yourself) you'll notice the address is 127.0.0.1 I wonder what it is in IPv6

x0r515t 07-14-2005 06:08 PM

Re: Unusual Connections in Netstat
 
Quote:

Originally Posted by RewtGuy
TCP Edited:3296 64.233.187.104:80 ESTABLISHED

That's the only odd one i see, with you saying you had your browser closed, do you have google in your taskbar or something?

Thats not that odd, click here:
http://64.233.187.104:80/
Most of the time you have to just wait for connections to time out on port 80... I bet when he did that netstat he either had google open, or just closed his browser window.

RewtGuy 07-15-2005 03:33 PM

Re: Unusual Connections in Netstat
 
he said he had his browser closed, and if he did it's odd. the only answer I can think of is him having that taskbar google thing opened up where you can search from your taskbar.

x0r515t 07-15-2005 06:47 PM

No, even if his browser window was closed it still could be perfectly normal. Now, if it was closed for 30 minutes and netstat still showed a connection to that address, then it would possibly be odd. Just because you close your browser window doesn't mean you "kill" the connection instantly you know. If you just close the window the connection will simply time out after time, but not instantly. Since we don't know when he closed his browser window, we can't say if it's "normal" or not.


All times are GMT -5. The time now is 05:07 AM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0