Unusual Connections in Netstat

thecoolkid

Baseband Member
Messages
91
I ran the netstat -an command a few minutes ago and the output that followed was a little disturbing. Take a look:


Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3689 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3862 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 127.0.0.1:3295 ESTABLISHED
TCP 127.0.0.1:1025 127.0.0.1:3318 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3320 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3322 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3326 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3329 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3332 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3340 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3346 TIME_WAIT
TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1047 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1061 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3208 127.0.0.1:3209 ESTABLISHED
TCP 127.0.0.1:3209 127.0.0.1:3208 ESTABLISHED
TCP 127.0.0.1:3295 127.0.0.1:1025 ESTABLISHED
TCP 127.0.0.1:3323 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3328 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3334 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3336 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3342 127.0.0.1:1025 TIME_WAIT
TCP 127.0.0.1:3343 127.0.0.1:1025 TIME_WAIT
TCP Edited:139 0.0.0.0:0 LISTENING
TCP Edited:3296 64.233.187.104:80 ESTABLISHED
TCP Edited:3330 65.205.8.60:80 TIME_WAIT
TCP Edited:3338 Edited:139 TIME_WAIT
TCP Edited:3339 Edited:139 TIME_WAIT
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:1175 *:*
UDP 0.0.0.0:1176 *:*
UDP 0.0.0.0:3210 *:*
UDP 0.0.0.0:3862 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP Edited:123 *:*
UDP Edited:137 *:*
UDP Edited:138 *:*
UDP Edited:1900 *:*
UDP Edited:5353 *:*

is it possible to close some of these connections? I ran this with firefox closed. system-windows xp home

thecoolkidontheblock
 
TCP Edited:3296 64.233.187.104:80 ESTABLISHED

That's the only odd one i see, with you saying you had your browser closed, do you have google in your taskbar or something? Why would you be connected to yourself?

TCP 127.0.0.1:1025 127.0.0.1:3295 ESTABLISHED
TCP 127.0.0.1:3208 127.0.0.1:3209 ESTABLISHED
TCP 127.0.0.1:3209 127.0.0.1:3208 ESTABLISHED
TCP 127.0.0.1:3295 127.0.0.1:1025 ESTABLISHED
 
I'm using Norton and I sometimes get a connection alert on start-up that deals with TCP 127.0.0.1. I usually use the "Block Once" option. Not exactly sure what it is.
 
Block once is block that certain ip address from accessing your computer for thsi time
If it tries again it will notify you again
Hmm ... interesting just as rewtguy said ... why would you connect to yourself ?!?
 
Oh. Maybe I should've wrote it better. I knew what Block Once is but I'm not sure what that IP address is (127.0.0.1).

EDIT: 127.0.0.1 isn't my own IP as far as I know of. Am i missing something here? I have 2 IP's which i know of one for the LAN i'm on which goes something like: 192.168.0.X and my Internet IP: 24.129.X.X.
 
127.0.0.1 is a loopback address... everyone has an address 127.0.0.1

regardless of whether they even have a network card of not!
 
As root said, 127.0.0.1 is you. If you ping localhost (which is yourself) you'll notice the address is 127.0.0.1 I wonder what it is in IPv6
 
RewtGuy said:
TCP Edited:3296 64.233.187.104:80 ESTABLISHED

That's the only odd one i see, with you saying you had your browser closed, do you have google in your taskbar or something?
Thats not that odd, click here:
http://64.233.187.104:80/
Most of the time you have to just wait for connections to time out on port 80... I bet when he did that netstat he either had google open, or just closed his browser window.
 
he said he had his browser closed, and if he did it's odd. the only answer I can think of is him having that taskbar google thing opened up where you can search from your taskbar.
 
No, even if his browser window was closed it still could be perfectly normal. Now, if it was closed for 30 minutes and netstat still showed a connection to that address, then it would possibly be odd. Just because you close your browser window doesn't mean you "kill" the connection instantly you know. If you just close the window the connection will simply time out after time, but not instantly. Since we don't know when he closed his browser window, we can't say if it's "normal" or not.
 
Back
Top Bottom