epifanio67
asked on
Win7: netstat -o results: can you explain? odd connections
Hello Experts,
Most mornings, after boot up, I open cmd and run netstat -o.
I have no processes running at boot (expect Kaspersky).
My host name is donna.
Below netstat -o results
Then, I go my linux machine and search for the IP address with no PID and get:
I search the web and find PSINet is owned by Cogent Communications.
Questions:
1. What are these, any ideas why they have Established connection to my host:
a23-66-136-154:http
COX-66-210-41-10-static:ht tp
COX-66-210-41-16-static:ht tp
(Cox communications is my ISP; but why do they have an active communications to my host?)
2. what is this process, any ideas why does it have Established connection to my host?
38.117.98.199:http
I have no apps, browsers or anything active on this host.
Thanks for your help.
Most mornings, after boot up, I open cmd and run netstat -o.
I have no processes running at boot (expect Kaspersky).
My host name is donna.
Below netstat -o results
Active Connections
Proto Local Address Foreign Address State PID
TCP 127.0.0.1:1030 donna:5354 ESTABLISHED 1736 (AppleMobileDeviceService.exe)
TCP 127.0.0.1:1031 donna:5354 ESTABLISHED 1736
TCP 127.0.0.1:1032 donna:27015 ESTABLISHED 2104 (iTunesHelper.exe)
TCP 127.0.0.1:5354 donna:1030 ESTABLISHED 1964 (mDNSResponder.exe - Bonjour Service)
TCP 127.0.0.1:5354 donna:1031 ESTABLISHED 1964
TCP 127.0.0.1:27015 donna:1032 ESTABLISHED 1736
TCP 192.168.1.116:1036 a23-66-136-154:http ESTABLISHED 1172 (NETWORK SERVICE - Host process for win services
TCP 192.168.1.116:1037 COX-66-210-41-10-static:http ESTABLISHED 1172
TCP 192.168.1.116:1039 COX-66-210-41-16-static:http ESTABLISHED 1172
TCP 192.168.1.116:1072 38.117.98.212:http ESTABLISHED 1572 (Kaspersky)
Then, I wait a few min, run the command again and get:
C:\>netstat -o
Active Connections
Proto Local Address Foreign Address State PID
TCP 127.0.0.1:1030 donna:5354 ESTABLISHED 1736
TCP 127.0.0.1:1031 donna:5354 ESTABLISHED 1736
TCP 127.0.0.1:1032 donna:27015 ESTABLISHED 2104
TCP 127.0.0.1:5354 donna:1030 ESTABLISHED 1964
TCP 127.0.0.1:5354 donna:1031 ESTABLISHED 1964
TCP 127.0.0.1:27015 donna:1032 ESTABLISHED 1736
TCP 192.168.1.116:1072 38.117.98.212:http CLOSE_WAIT 1572
TCP 192.168.1.116:1134 38.117.98.199:http ESTABLISHED 2712 (no PID with this number - displaying processes from all usrs)
Then, I go my linux machine and search for the IP address with no PID and get:
[user1@test ~]$ whois 38.117.98.199
PSINet, Inc. COGENT-A (NET-38-0-0-0-1) 38.0.0.0 - 38.255.255.255
PSINet, Inc. COGENT-NB-0002 (NET-38-112-0-0-1) 38.112.0.0 - 38.119.255.255
I search the web and find PSINet is owned by Cogent Communications.
Questions:
1. What are these, any ideas why they have Established connection to my host:
a23-66-136-154:http
COX-66-210-41-10-static:ht
COX-66-210-41-16-static:ht
(Cox communications is my ISP; but why do they have an active communications to my host?)
2. what is this process, any ideas why does it have Established connection to my host?
38.117.98.199:http
I have no apps, browsers or anything active on this host.
Thanks for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
do you have anti-virus running? Kaspersky?
ASKER
Thank you Experts,
"is your isp /or router lan address set as a gateway for your host NIC?"
the router default address is set as gateway, yes...
Ethernet adapter Local Area Connection:
IPv4 Address. . . . . . . . . . . : 192.168.1.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, January 28, 2015 5:24:19 AM
Lease Expires . . . . . . . . . . : Thursday, January 29, 2015 5:24:19 AM
Default Gateway . . . . . . . . . : 192.168.1.1
This is the only way I know how to add default access to the internet to a host...
----
I ran the suggested command, but get an odd msg:
C:\>netstat -a -n -o -b
The requested operation requires elevation.
I am logged in as administrator...
never seen this msg before
------
I do have an anti-virus running.. Kaspersky... its PID and established address is ok is clear and verifiable..
------
Thank you for your help, any other suggestions?
Regards
"is your isp /or router lan address set as a gateway for your host NIC?"
the router default address is set as gateway, yes...
Ethernet adapter Local Area Connection:
IPv4 Address. . . . . . . . . . . : 192.168.1.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, January 28, 2015 5:24:19 AM
Lease Expires . . . . . . . . . . : Thursday, January 29, 2015 5:24:19 AM
Default Gateway . . . . . . . . . : 192.168.1.1
This is the only way I know how to add default access to the internet to a host...
----
I ran the suggested command, but get an odd msg:
C:\>netstat -a -n -o -b
The requested operation requires elevation.
I am logged in as administrator...
never seen this msg before
------
I do have an anti-virus running.. Kaspersky... its PID and established address is ok is clear and verifiable..
------
Thank you for your help, any other suggestions?
Regards
You had better use x-netstat to monitor all Network traffic that establishes with your machine and all process and program related https://www.freshsoftware.com/xns/pro/
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you for your help..