what are these network connections for

I have a 2003 domain controller and need demote them. when I check the network connections on these two servers, I found some of the following connections and want to know if it's OK to stop them or not.


>netstat -na -p tcp | more
Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:53             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:88             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:389            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:464            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:593            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:636            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1027           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1089           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1125           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1160           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1167           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3052           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3268           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3269           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5007           0.0.0.0:0              LISTENING
  TCP    10.1.6.4:135           10.1.6.4:4379          ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.15:3433         ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.20:3214         ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.221:41697       ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.222:34122       ESTABLISHED
  TCP    10.1.6.4:135           10.1.7.60:61516        ESTABLISHED
  TCP    10.1.6.4:135           10.50.240.6:56882      ESTABLISHED
  TCP    10.1.6.4:135           10.50.240.6:56883      ESTABLISHED
  TCP    10.1.6.4:135           10.50.240.164:49202    ESTABLISHED
  TCP    10.1.6.4:135           192.168.254.79:61903   ESTABLISHED
  TCP    10.1.6.4:139           0.0.0.0:0              LISTENING
  TCP    10.1.6.4:139           10.1.6.70:2853         ESTABLISHED
  TCP    10.1.6.4:139           10.1.7.217:22800       ESTABLISHED
  TCP    10.1.6.4:389           10.1.5.28:1556         TIME_WAIT
  TCP    10.1.6.4:389           10.1.5.28:1560         TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.4:4412          ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.9:2554          ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.20:4150         ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.24:60342        TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.143:61669       TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.173:58442       TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.223:12533       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:17701       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:17703       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:18997       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:18999       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19000       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19009       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19013       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19015       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19020       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19031       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19032       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19042       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19114       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:33771       ESTABLISHED


.......
 TCP    10.1.6.4:389           10.150.1.10:49986      TIME_WAIT
 TCP    10.1.6.4:389           10.150.1.10:53343      ESTABLISHED
 TCP    10.1.6.4:389           10.150.1.10:55249      TIME_WAIT
 TCP    10.1.6.4:389           10.150.4.196:55330     TIME_WAIT
 TCP    10.1.6.4:389           172.26.1.83:13063      TIME_WAIT
 TCP    10.1.6.4:389           172.26.1.83:13064      TIME_WAIT
 TCP    10.1.6.4:389           172.26.1.83:13069      TIME_WAIT
 TCP    10.1.6.4:389           192.168.252.45:52631   TIME_WAIT
 TCP    10.1.6.4:389           192.168.254.76:49343   TIME_WAIT
 TCP    10.1.6.4:445           10.1.4.47:50705        ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.13:56776        ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.42:61897        ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.46:2858         ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.120:63566       ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.145:59268       ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.218:59709       ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.244:49230       ESTABLISHED
 TCP    10.1.6.4:445           10.1.7.124:55670       ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.5:62971      ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.6:54482      ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.7:54571      ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.44:49454     ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.48:57235     ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.53:63978     ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.164:53562    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.125:23781    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.135:62081    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.193:50397    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.231:50372    ESTABLISHED
 TCP    10.1.6.4:445           10.100.1.76:54148      ESTABLISHED
 TCP    10.1.6.4:445           10.100.2.184:61596     ESTABLISHED
 TCP    10.1.6.4:445           10.100.3.84:61326      ESTABLISHED
 TCP    10.1.6.4:445           10.101.1.137:56579     ESTABLISHED
 TCP    10.1.6.4:445           10.101.4.174:49452     ESTABLISHED
 TCP    10.1.6.4:445           10.102.2.43:56053      ESTABLISHED
 TCP    10.1.6.4:445           10.102.2.53:57267      ESTABLISHED
 TCP    10.1.6.4:445           10.103.2.192:52987     ESTABLISHED
 TCP    10.1.6.4:445           10.104.2.173:50059     ESTABLISHED
 TCP    10.1.6.4:445           10.105.1.98:49742      ESTABLISHED
 TCP    10.1.6.4:445           10.105.2.23:56695      ESTABLISHED
 TCP    10.1.6.4:445           10.108.1.14:58221      ESTABLISHED
 TCP    10.1.6.4:445           10.108.4.34:26511      ESTABLISHED
 TCP    10.1.6.4:445           10.110.2.85:23872      ESTABLISHED
 TCP    10.1.6.4:445           10.111.1.41:15494      ESTABLISHED
 TCP    10.1.6.4:445           10.120.20.64:54369     ESTABLISHED
 TCP    10.1.6.4:445           10.120.21.155:62529    ESTABLISHED
 TCP    10.1.6.4:445           10.120.30.177:50972    ESTABLISHED
 TCP    10.1.6.4:445           10.120.31.161:50646    ESTABLISHED
 TCP    10.1.6.4:445           10.120.31.225:57164    ESTABLISHED
 TCP    10.1.6.4:445           10.150.4.9:49178       ESTABLISHED
 TCP    10.1.6.4:445           10.150.6.173:62500     ESTABLISHED
 TCP    10.1.6.4:1026          10.1.5.28:1554         ESTABLISHED
 TCP    10.1.6.4:1026          10.1.5.94:20671        ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:1095          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:3903          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:4422          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:4458          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.5:2599          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.5:2618          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.15:3434         ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.20:3215         ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.24:60339        ESTABLISHED


If I want to do a test to manully kill them, which command should I use, thank you.
Jason YuAsked:
Who is Participating?
 
sr75Connect With a Mentor Commented:
Port 135 is MS End Point Mapper
Port 139 is NetBIOS
Port 389 is LDAP (Active Directory)
Port 445 is AD Directory Services
Port 1026 is Microsoft DCOM

I would expect to see these connections on a DC in my domain.  I do not know what is connecting to them as those are your internal systems.  But they are connecting to your DC using those ports for those services.
0
 
Jason YuAuthor Commented:
If I demote this dc, will these connections be redirected to other domain controllers?
0
 
sr75Commented:
Yes they will, provided they can reach those servers.  These services are standard connections and AD clients use DNS to find the closest DC.  So if you have a new DC and its in DNS (which it should be), then the clients will redirect to them.
0
 
Jason YuAuthor Commented:
Thanks, then do you have other suggestions to demote domain controllers?

Or any links will help? thanks.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The best test is to just shutdown that server. I don't expect you to have any issues, but doing that will show you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.