Solved

what are these network connections for

Posted on 2015-01-14
5
221 Views
Last Modified: 2015-01-21
I have a 2003 domain controller and need demote them. when I check the network connections on these two servers, I found some of the following connections and want to know if it's OK to stop them or not.


>netstat -na -p tcp | more
Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:53             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:88             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:389            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:464            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:593            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:636            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1027           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1089           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1125           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1160           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1167           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3052           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3268           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3269           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5007           0.0.0.0:0              LISTENING
  TCP    10.1.6.4:135           10.1.6.4:4379          ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.15:3433         ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.20:3214         ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.221:41697       ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.222:34122       ESTABLISHED
  TCP    10.1.6.4:135           10.1.7.60:61516        ESTABLISHED
  TCP    10.1.6.4:135           10.50.240.6:56882      ESTABLISHED
  TCP    10.1.6.4:135           10.50.240.6:56883      ESTABLISHED
  TCP    10.1.6.4:135           10.50.240.164:49202    ESTABLISHED
  TCP    10.1.6.4:135           192.168.254.79:61903   ESTABLISHED
  TCP    10.1.6.4:139           0.0.0.0:0              LISTENING
  TCP    10.1.6.4:139           10.1.6.70:2853         ESTABLISHED
  TCP    10.1.6.4:139           10.1.7.217:22800       ESTABLISHED
  TCP    10.1.6.4:389           10.1.5.28:1556         TIME_WAIT
  TCP    10.1.6.4:389           10.1.5.28:1560         TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.4:4412          ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.9:2554          ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.20:4150         ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.24:60342        TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.143:61669       TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.173:58442       TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.223:12533       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:17701       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:17703       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:18997       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:18999       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19000       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19009       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19013       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19015       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19020       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19031       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19032       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19042       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19114       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:33771       ESTABLISHED


.......
 TCP    10.1.6.4:389           10.150.1.10:49986      TIME_WAIT
 TCP    10.1.6.4:389           10.150.1.10:53343      ESTABLISHED
 TCP    10.1.6.4:389           10.150.1.10:55249      TIME_WAIT
 TCP    10.1.6.4:389           10.150.4.196:55330     TIME_WAIT
 TCP    10.1.6.4:389           172.26.1.83:13063      TIME_WAIT
 TCP    10.1.6.4:389           172.26.1.83:13064      TIME_WAIT
 TCP    10.1.6.4:389           172.26.1.83:13069      TIME_WAIT
 TCP    10.1.6.4:389           192.168.252.45:52631   TIME_WAIT
 TCP    10.1.6.4:389           192.168.254.76:49343   TIME_WAIT
 TCP    10.1.6.4:445           10.1.4.47:50705        ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.13:56776        ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.42:61897        ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.46:2858         ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.120:63566       ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.145:59268       ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.218:59709       ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.244:49230       ESTABLISHED
 TCP    10.1.6.4:445           10.1.7.124:55670       ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.5:62971      ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.6:54482      ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.7:54571      ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.44:49454     ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.48:57235     ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.53:63978     ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.164:53562    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.125:23781    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.135:62081    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.193:50397    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.231:50372    ESTABLISHED
 TCP    10.1.6.4:445           10.100.1.76:54148      ESTABLISHED
 TCP    10.1.6.4:445           10.100.2.184:61596     ESTABLISHED
 TCP    10.1.6.4:445           10.100.3.84:61326      ESTABLISHED
 TCP    10.1.6.4:445           10.101.1.137:56579     ESTABLISHED
 TCP    10.1.6.4:445           10.101.4.174:49452     ESTABLISHED
 TCP    10.1.6.4:445           10.102.2.43:56053      ESTABLISHED
 TCP    10.1.6.4:445           10.102.2.53:57267      ESTABLISHED
 TCP    10.1.6.4:445           10.103.2.192:52987     ESTABLISHED
 TCP    10.1.6.4:445           10.104.2.173:50059     ESTABLISHED
 TCP    10.1.6.4:445           10.105.1.98:49742      ESTABLISHED
 TCP    10.1.6.4:445           10.105.2.23:56695      ESTABLISHED
 TCP    10.1.6.4:445           10.108.1.14:58221      ESTABLISHED
 TCP    10.1.6.4:445           10.108.4.34:26511      ESTABLISHED
 TCP    10.1.6.4:445           10.110.2.85:23872      ESTABLISHED
 TCP    10.1.6.4:445           10.111.1.41:15494      ESTABLISHED
 TCP    10.1.6.4:445           10.120.20.64:54369     ESTABLISHED
 TCP    10.1.6.4:445           10.120.21.155:62529    ESTABLISHED
 TCP    10.1.6.4:445           10.120.30.177:50972    ESTABLISHED
 TCP    10.1.6.4:445           10.120.31.161:50646    ESTABLISHED
 TCP    10.1.6.4:445           10.120.31.225:57164    ESTABLISHED
 TCP    10.1.6.4:445           10.150.4.9:49178       ESTABLISHED
 TCP    10.1.6.4:445           10.150.6.173:62500     ESTABLISHED
 TCP    10.1.6.4:1026          10.1.5.28:1554         ESTABLISHED
 TCP    10.1.6.4:1026          10.1.5.94:20671        ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:1095          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:3903          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:4422          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:4458          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.5:2599          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.5:2618          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.15:3434         ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.20:3215         ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.24:60339        ESTABLISHED


If I want to do a test to manully kill them, which command should I use, thank you.
0
Comment
Question by:Jason Yu
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
sr75 earned 500 total points
ID: 40550129
Port 135 is MS End Point Mapper
Port 139 is NetBIOS
Port 389 is LDAP (Active Directory)
Port 445 is AD Directory Services
Port 1026 is Microsoft DCOM

I would expect to see these connections on a DC in my domain.  I do not know what is connecting to them as those are your internal systems.  But they are connecting to your DC using those ports for those services.
0
 

Author Comment

by:Jason Yu
ID: 40550135
If I demote this dc, will these connections be redirected to other domain controllers?
0
 
LVL 15

Expert Comment

by:sr75
ID: 40550140
Yes they will, provided they can reach those servers.  These services are standard connections and AD clients use DNS to find the closest DC.  So if you have a new DC and its in DNS (which it should be), then the clients will redirect to them.
0
 

Author Comment

by:Jason Yu
ID: 40550204
Thanks, then do you have other suggestions to demote domain controllers?

Or any links will help? thanks.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40550244
The best test is to just shutdown that server. I don't expect you to have any issues, but doing that will show you.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question