Solved

what are these network connections for

Posted on 2015-01-14
5
201 Views
Last Modified: 2015-01-21
I have a 2003 domain controller and need demote them. when I check the network connections on these two servers, I found some of the following connections and want to know if it's OK to stop them or not.


>netstat -na -p tcp | more
Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:53             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:88             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:389            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:464            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:593            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:636            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1027           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1089           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1125           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1160           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1167           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3052           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3268           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3269           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5007           0.0.0.0:0              LISTENING
  TCP    10.1.6.4:135           10.1.6.4:4379          ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.15:3433         ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.20:3214         ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.221:41697       ESTABLISHED
  TCP    10.1.6.4:135           10.1.6.222:34122       ESTABLISHED
  TCP    10.1.6.4:135           10.1.7.60:61516        ESTABLISHED
  TCP    10.1.6.4:135           10.50.240.6:56882      ESTABLISHED
  TCP    10.1.6.4:135           10.50.240.6:56883      ESTABLISHED
  TCP    10.1.6.4:135           10.50.240.164:49202    ESTABLISHED
  TCP    10.1.6.4:135           192.168.254.79:61903   ESTABLISHED
  TCP    10.1.6.4:139           0.0.0.0:0              LISTENING
  TCP    10.1.6.4:139           10.1.6.70:2853         ESTABLISHED
  TCP    10.1.6.4:139           10.1.7.217:22800       ESTABLISHED
  TCP    10.1.6.4:389           10.1.5.28:1556         TIME_WAIT
  TCP    10.1.6.4:389           10.1.5.28:1560         TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.4:4412          ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.9:2554          ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.20:4150         ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.24:60342        TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.143:61669       TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.173:58442       TIME_WAIT
  TCP    10.1.6.4:389           10.1.6.223:12533       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:17701       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:17703       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:18997       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:18999       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19000       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19009       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19013       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19015       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19020       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19031       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19032       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19042       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:19114       ESTABLISHED
  TCP    10.1.6.4:389           10.1.6.223:33771       ESTABLISHED


.......
 TCP    10.1.6.4:389           10.150.1.10:49986      TIME_WAIT
 TCP    10.1.6.4:389           10.150.1.10:53343      ESTABLISHED
 TCP    10.1.6.4:389           10.150.1.10:55249      TIME_WAIT
 TCP    10.1.6.4:389           10.150.4.196:55330     TIME_WAIT
 TCP    10.1.6.4:389           172.26.1.83:13063      TIME_WAIT
 TCP    10.1.6.4:389           172.26.1.83:13064      TIME_WAIT
 TCP    10.1.6.4:389           172.26.1.83:13069      TIME_WAIT
 TCP    10.1.6.4:389           192.168.252.45:52631   TIME_WAIT
 TCP    10.1.6.4:389           192.168.254.76:49343   TIME_WAIT
 TCP    10.1.6.4:445           10.1.4.47:50705        ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.13:56776        ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.42:61897        ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.46:2858         ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.120:63566       ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.145:59268       ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.218:59709       ESTABLISHED
 TCP    10.1.6.4:445           10.1.6.244:49230       ESTABLISHED
 TCP    10.1.6.4:445           10.1.7.124:55670       ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.5:62971      ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.6:54482      ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.7:54571      ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.44:49454     ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.48:57235     ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.53:63978     ESTABLISHED
 TCP    10.1.6.4:445           10.50.240.164:53562    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.125:23781    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.135:62081    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.193:50397    ESTABLISHED
 TCP    10.1.6.4:445           10.50.249.231:50372    ESTABLISHED
 TCP    10.1.6.4:445           10.100.1.76:54148      ESTABLISHED
 TCP    10.1.6.4:445           10.100.2.184:61596     ESTABLISHED
 TCP    10.1.6.4:445           10.100.3.84:61326      ESTABLISHED
 TCP    10.1.6.4:445           10.101.1.137:56579     ESTABLISHED
 TCP    10.1.6.4:445           10.101.4.174:49452     ESTABLISHED
 TCP    10.1.6.4:445           10.102.2.43:56053      ESTABLISHED
 TCP    10.1.6.4:445           10.102.2.53:57267      ESTABLISHED
 TCP    10.1.6.4:445           10.103.2.192:52987     ESTABLISHED
 TCP    10.1.6.4:445           10.104.2.173:50059     ESTABLISHED
 TCP    10.1.6.4:445           10.105.1.98:49742      ESTABLISHED
 TCP    10.1.6.4:445           10.105.2.23:56695      ESTABLISHED
 TCP    10.1.6.4:445           10.108.1.14:58221      ESTABLISHED
 TCP    10.1.6.4:445           10.108.4.34:26511      ESTABLISHED
 TCP    10.1.6.4:445           10.110.2.85:23872      ESTABLISHED
 TCP    10.1.6.4:445           10.111.1.41:15494      ESTABLISHED
 TCP    10.1.6.4:445           10.120.20.64:54369     ESTABLISHED
 TCP    10.1.6.4:445           10.120.21.155:62529    ESTABLISHED
 TCP    10.1.6.4:445           10.120.30.177:50972    ESTABLISHED
 TCP    10.1.6.4:445           10.120.31.161:50646    ESTABLISHED
 TCP    10.1.6.4:445           10.120.31.225:57164    ESTABLISHED
 TCP    10.1.6.4:445           10.150.4.9:49178       ESTABLISHED
 TCP    10.1.6.4:445           10.150.6.173:62500     ESTABLISHED
 TCP    10.1.6.4:1026          10.1.5.28:1554         ESTABLISHED
 TCP    10.1.6.4:1026          10.1.5.94:20671        ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:1095          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:3903          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:4422          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.4:4458          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.5:2599          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.5:2618          ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.15:3434         ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.20:3215         ESTABLISHED
 TCP    10.1.6.4:1026          10.1.6.24:60339        ESTABLISHED


If I want to do a test to manully kill them, which command should I use, thank you.
0
Comment
Question by:Jason Yu
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
sr75 earned 500 total points
ID: 40550129
Port 135 is MS End Point Mapper
Port 139 is NetBIOS
Port 389 is LDAP (Active Directory)
Port 445 is AD Directory Services
Port 1026 is Microsoft DCOM

I would expect to see these connections on a DC in my domain.  I do not know what is connecting to them as those are your internal systems.  But they are connecting to your DC using those ports for those services.
0
 

Author Comment

by:Jason Yu
ID: 40550135
If I demote this dc, will these connections be redirected to other domain controllers?
0
 
LVL 15

Expert Comment

by:sr75
ID: 40550140
Yes they will, provided they can reach those servers.  These services are standard connections and AD clients use DNS to find the closest DC.  So if you have a new DC and its in DNS (which it should be), then the clients will redirect to them.
0
 

Author Comment

by:Jason Yu
ID: 40550204
Thanks, then do you have other suggestions to demote domain controllers?

Or any links will help? thanks.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 40550244
The best test is to just shutdown that server. I don't expect you to have any issues, but doing that will show you.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Resolve DNS query failed errors for Exchange
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now