Win7: netstat -o results: can you explain? odd connections

Hello Experts,

Most mornings, after boot up, I open cmd and run netstat -o.
I have no processes running at boot (expect Kaspersky).
My host name is donna.

Below netstat -o results
Active Connections
  Proto  Local Address          Foreign Address        State           PID
  TCP    127.0.0.1:1030         donna:5354             ESTABLISHED     1736 (AppleMobileDeviceService.exe)
  TCP    127.0.0.1:1031         donna:5354             ESTABLISHED     1736
  TCP    127.0.0.1:1032         donna:27015            ESTABLISHED     2104 (iTunesHelper.exe)
  TCP    127.0.0.1:5354         donna:1030             ESTABLISHED     1964 (mDNSResponder.exe - Bonjour Service)
  TCP    127.0.0.1:5354         donna:1031             ESTABLISHED     1964
  TCP    127.0.0.1:27015        donna:1032             ESTABLISHED     1736
  TCP    192.168.1.116:1036     a23-66-136-154:http    ESTABLISHED     1172 (NETWORK SERVICE - Host process for win services
  TCP    192.168.1.116:1037     COX-66-210-41-10-static:http  ESTABLISHED     1172
  TCP    192.168.1.116:1039     COX-66-210-41-16-static:http  ESTABLISHED     1172
  TCP    192.168.1.116:1072     38.117.98.212:http     ESTABLISHED     1572 (Kaspersky)

  Then, I wait a few min, run the command again and get: 
  
C:\>netstat -o
Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    127.0.0.1:1030         donna:5354             ESTABLISHED     1736
  TCP    127.0.0.1:1031         donna:5354             ESTABLISHED     1736
  TCP    127.0.0.1:1032         donna:27015            ESTABLISHED     2104
  TCP    127.0.0.1:5354         donna:1030             ESTABLISHED     1964
  TCP    127.0.0.1:5354         donna:1031             ESTABLISHED     1964
  TCP    127.0.0.1:27015        donna:1032             ESTABLISHED     1736
  TCP    192.168.1.116:1072     38.117.98.212:http     CLOSE_WAIT      1572
  TCP    192.168.1.116:1134     38.117.98.199:http     ESTABLISHED     2712 (no PID with this number - displaying processes from all usrs)

Open in new window


Then, I go my linux machine and search for the IP address with no PID and get:

[user1@test ~]$ whois 38.117.98.199

PSINet, Inc. COGENT-A (NET-38-0-0-0-1) 38.0.0.0 - 38.255.255.255
PSINet, Inc. COGENT-NB-0002 (NET-38-112-0-0-1) 38.112.0.0 - 38.119.255.255

Open in new window


I search the web and find PSINet is owned by Cogent Communications.

Questions:
1. What are these, any ideas why they have Established connection to my host:
a23-66-136-154:http
COX-66-210-41-10-static:http
COX-66-210-41-16-static:http

(Cox communications is my ISP; but why do they have an active communications to my host?)

2. what is this process, any ideas why does it have Established connection to my host?
38.117.98.199:http

I have no apps, browsers or anything active on this host.

Thanks for your help.
epifanio67Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FarWestCommented:
is your isp /or router lan address set as a gateway for your host NIC,
if yes remove it and use browser proxy setting instead

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nader alkahtaniConsultantCommented:
With run as an administrator issue the following
Netstat  -a -n -o -b
This command will tell you about all ports and process... Etc
Then Google it with malware word
Jan SpringerCommented:
from the linux machine, do a wget of each (one at a time) and inspect the downloaded file.
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

naderzCommented:
do you have anti-virus running? Kaspersky?
epifanio67Author Commented:
Thank you Experts,

"is your isp /or router lan address set as a gateway for your host NIC?"
the router default address is set as gateway, yes...

Ethernet adapter Local Area Connection:

   IPv4 Address. . . . . . . . . . . : 192.168.1.116(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, January 28, 2015 5:24:19 AM
   Lease Expires . . . . . . . . . . : Thursday, January 29, 2015 5:24:19 AM
   Default Gateway . . . . . . . . . : 192.168.1.1

This is the only way I know how to add default access to the internet to a host...  

----

I ran the suggested command, but get an odd msg:

C:\>netstat -a -n -o -b
The requested operation requires elevation.

I am logged in as administrator...

never seen this msg before

------

I do have an anti-virus running.. Kaspersky... its PID and established address is ok is clear and verifiable..

------

Thank you for your help, any other suggestions?

Regards
nader alkahtaniConsultantCommented:
You had better use x-netstat to monitor all Network  traffic that establishes with your machine and all process and program related https://www.freshsoftware.com/xns/pro/
giltjrCommented:
Even though you are logged on as Administrator, when you go to run cmd.exe, you still need to select "Run as Administrator."
epifanio67Author Commented:
thank you for your help..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.