Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Netstat reporting 60 connections

Status
Not open for further replies.
Noip

Noip

IS-IT--Management
Apr 25, 2002
240
0
0
MU
Hi I've just reinstall winxp home on a laptop (Format the whole thing and clean install) since I was suspecting the laptop to have been infected by Trojans/Viruses. On top of winxp I've installed only the laptop drivers, utilities such as winzip, Acrobat Reader, McAfee Internet Security, HP software drivers and ISP's ADSL software. All software were installed from original CDs. The first time I launch the connection I found out that I was very slow.
A printout of netstat below. The fact is that it is almost impossible that I have been infected. pls advise.
Active Connections

Proto Local Address Foreign Address State
TCP aqic0t9t9x4mskp:epmap localhost:1028 ESTABLISHED
TCP aqic0t9t9x4mskp:1028 localhost:epmap ESTABLISHED
TCP aqic0t9t9x4mskp:2010 localhost:1031 TIME_WAIT
TCP aqic0t9t9x4mskp:3010 202.123.86.27:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3011 202.123.46.62:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3012 202.123.42.185:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3013 202.123.53.129:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3014 153.205.2.0:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3015 250.111.254.64.virtela.com:microsoft-ds SYN_SEN
T
TCP aqic0t9t9x4mskp:3016 99.13.178.88:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3017 90.99.182.172:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3019 93.15.214.207:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3020 41.42.49.152:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3021 211.178.220.48:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3022 87.154.206.213:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3023 221.146.37.168:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3024 197.46.141.45:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3025 23.211.135.97:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3026 159.105.13.191:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3027 131.44.177.170:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3028 host152-127.pool8290.interbusiness.it:microsoft-
ds SYN_SENT
TCP aqic0t9t9x4mskp:3029 83.210.177.176:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3030 143.27.97.80:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3031 196.210.206.87:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3032 144.70.56.193:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3033 111.40.30.72:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3034 223.118.209.224:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3035 79.137.44.9:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3036 65.17.226.202:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3038 78.134.229.159:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3039 44.121.26.43:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3040 83.101.158.92:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3041 218.100.181.91:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3042 33.129.167.92:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3043 50.129.162.8:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3044 94.163.255.26:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3045 51.119.105.74:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3046 139.82.146.208:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3047 86.205.126.113:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3048 138.21.19.151:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3049 144.103.94.15:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3050 57.158.51.195:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3051 23.187.88.145:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3052 138.173.105.36:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3053 205.212.180.178:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3054 96.19.223.161:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3055 141.44.60.66:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3056 16.208.10.170:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3057 54.198.141.79:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3058 33.250.218.115:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3060 96.8.245.175:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3061 145.37.236.91:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3062 113.78.83.224:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3063 37.72.222.83:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3064 149.175.195.146:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3066 136.1.129.78:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3068 197.116.93.123:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3070 172.217.201.83:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3071 39.48.7.198:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3072 124.167.119.0:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3074 26.34.164.112:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3078 spc1-horn1-3-0-cust211.cosh.broadband.ntl.com:mi
crosoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3079 41.50.67.62:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3081 176.237.57.82:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3082 25.128.47.247:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3083 130.5.26.51:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3084 1.167.1.195:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3085 71.98.203.138:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3087 103.209.18.2:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3088 138.202.76.130:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3089 74.84.77.51:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3090 114.193.109.54:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3092 177.100.184.15:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3093 34.161.113.192:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3094 201.26.188.182:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3095 169.104.72.67:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3096 108.174.143.137:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3097 42.209.168.49:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3098 158.156.99.54:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3099 171.126.251.5:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3100 13.27.198.147:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3101 206.185.175.254:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3103 YahooBB219063078001.bbtec.net:microsoft-ds SYN_
SENT
TCP aqic0t9t9x4mskp:3104 84.147.104.84:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3105 43.211.174.216:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3106 11.102.54.185:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3107 113.185.43.141:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:3109 ADSL-TPLUS-15-2.intnet.mu:microsoft-ds SYN_SENT


C:\Documents and Settings\Mario>netstat

Active Connections

Proto Local Address Foreign Address State
TCP aqic0t9t9x4mskp:epmap localhost:1028 ESTABLISHED
TCP aqic0t9t9x4mskp:1028 localhost:epmap ESTABLISHED
TCP aqic0t9t9x4mskp:3808 66.102.9.99:http ESTABLISHED
TCP aqic0t9t9x4mskp:3809 66.102.9.99:http ESTABLISHED
TCP aqic0t9t9x4mskp:3907 LAST_ACK
TCP aqic0t9t9x4mskp:3913 166.63.208.156:http ESTABLISHED
TCP aqic0t9t9x4mskp:3914 166.63.208.156:http ESTABLISHED
TCP aqic0t9t9x4mskp:4004 203.26.44.59:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4005 29.113.118.86:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4006 202-123-128-146.talaya.com:microsoft-ds SYN_SEN
T
TCP aqic0t9t9x4mskp:4007 82.146.173.33:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4008 54.37.169.106:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4009 202.123.113.189:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4010 103.55.41.186:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4011 147.208.233.139:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4012 128.100.25.212:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4015 80.91.177.31:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4016 76.115.124.213:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4017 56.238.233.197:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4018 u212-239-165-4.adsl.pi.be:microsoft-ds SYN_SENT

TCP aqic0t9t9x4mskp:4019 8.37.33.49:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4020 44.210.152.15:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4021 25.182.182.186:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4022 27.197.203.69:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4023 188.156.177.255:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4025 40.235.68.190:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4026 11.6.174.232:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4027 103.21.75.48:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4028 213.69.42.253:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4029 202.123.200.40:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4030 44.157.228.91:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4031 56.60.140.135.in-addr.arpa:microsoft-ds SYN_SEN
T
TCP aqic0t9t9x4mskp:4032 187.64.209.118:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4033 host126174.arnet.net.ar:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4034 92.171.61.140:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4035 73.119.34.98:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4036 166.144.103.113:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4038 129.18.203.73:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4039 75.149.249.23:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4040 133.199.151.62:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4041 89.196.112.240:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4042 54.7.90.230:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4043 222.79.166.31:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4044 103.110.85.126:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4045 175.146.234.133:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4046 204.125.52.194:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4047 196.0.76.37:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4049 180.135.37.171:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4050 201.168.96.146:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4051 11.130.23.64:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4052 105.219.202.130:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4053 86.89.10.173:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4054 188.138.110.248:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4055 85.146.153.172:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4057 212.176.219.172:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4058 158.52.251.42:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4059 71.221.81.8:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4060 187.126.100.121:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4061 89.64.223.41:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4062 94.169.48.156:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4063 95.57.233.130:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4064 20.53.175.4:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4065 157.200.188.208:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4066 197.202.240.93:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4068 134.238.111.244:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4070 138.247.249.104:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4071 7.134.16.91:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4072 87.18.211.158:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4073 18.67.5.161:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4075 113.53.213.17:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4078 216.46.143.34:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4079 176.192.104.82:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4080 7.253.129.238:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4081 178.225.29.198:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4082 125.113.96.109:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4084 115.246.221.49:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4086 134.80.68.75:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4087 dslam241-69-58-81.adsl.zonnet.nl:microsoft-ds S
YN_SENT
TCP aqic0t9t9x4mskp:4088 161.150.211.166:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4089 14.27.27.241:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4091 181.231.160.148:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4092 111.144.230.72:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4093 212.176.5.187:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4094 99.166.125.143:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4095 131.1.235.118:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4098 177.96.252.15:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4099 119.158.50.89:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4100 7.147.46.163:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4101 en86ap03.us.rig.net:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4102 41.155.97.50:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4103 202.123.227.231:microsoft-ds SYN_SENT
TCP aqic0t9t9x4mskp:4104 ADSL-TPLUS-15-13.intnet.mu:microsoft-ds SYN_SEN
T
 
Sort by date Sort by votes
Is your laptop out on the internet, without any kind of firewall? As we'll do you have File and printer sharing enabled?. It look like many users are attempting to make connections, not connected. If you are just putting your pc out on the internet with only AV protecting it, get yourself a firewall, either software like zonealarm or hardware like a smc,dlink, etc [cheers]
 
Upvote 0 Downvote
See Response Number 2 (possible causal explanation):


Try running 'TCPView' - it provides a more informative and conveniently presented subset of the Netstat program.


It will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint.

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]
 
Upvote 0 Downvote
i have the same problem too. i run the AV program,spyware removal program, update all the patches. The problem still here.

Active Connections

Proto Local Address Foreign Address State
TCP IBM-928726E3523:1085 192.168.28.123:netbios-ssn TIME_WAIT
TCP IBM-928726E3523:1185 MATHCSDELL.emporia.edu:7000 ESTABLISHED
TCP IBM-928726E3523:2263 192.168.247.33:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2264 192.168.108.92:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2265 192.168.174.77:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2266 192.168.3.235:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2267 192.168.95.59:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2268 192.168.17.176:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2269 192.168.153.160:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2270 192.168.154.27:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2271 192.168.168.10:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2272 192.168.27.18:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2273 192.168.20.96:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2274 192.168.181.234:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2275 192.168.200.168:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2276 192.168.148.238:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2277 192.168.110.17:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2278 192.168.203.193:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2279 192.168.217.64:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2280 192.168.234.17:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2281 192.168.59.49:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2282 192.168.211.179:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2283 192.168.152.226:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2284 192.168.201.37:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2285 192.168.122.8:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2286 192.168.202.41:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2287 192.168.231.244:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2288 192.168.144.111:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2289 192.168.31.97:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2290 192.168.158.211:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2291 192.168.49.177:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2292 192.168.75.170:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2293 192.168.195.141:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2294 192.168.140.78:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2295 192.168.62.71:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2296 192.168.110.12:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2297 192.168.159.153:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2298 192.168.192.47:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2299 192.168.229.228:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2300 192.168.184.46:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2301 192.168.22.167:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2302 192.168.70.172:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2303 192.168.77.108:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2304 192.168.11.34:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2305 192.168.185.188:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2306 192.168.66.56:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2307 192.168.144.246:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2308 192.168.128.55:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2309 192.168.251.109:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2310 192.168.109.143:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2311 192.168.160.204:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2312 192.168.141.49:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2313 192.168.167.104:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2314 192.168.224.79:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2315 192.168.92.127:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2316 192.168.141.144:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2317 192.168.77.210:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2318 192.168.182.229:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2319 192.168.196.135:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2320 192.168.8.237:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2321 192.168.247.217:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2322 192.168.145.212:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2323 192.168.127.62:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2324 192.168.210.53:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2325 192.168.11.8:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2326 192.168.22.11:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2327 192.168.86.233:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2328 192.168.2.203:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2329 192.168.86.94:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2330 192.168.108.202:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2331 192.168.183.214:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2332 192.168.113.102:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2333 192.168.135.55:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2334 192.168.51.130:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2335 192.168.193.29:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2336 192.168.62.27:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2337 192.168.178.185:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2338 192.168.198.92:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2339 192.168.0.86:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2340 192.168.76.104:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2341 192.168.206.220:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2342 192.168.46.74:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2343 192.168.120.242:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2344 192.168.194.207:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2345 192.168.55.247:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2346 192.168.152.5:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2347 192.168.50.175:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2348 192.168.139.13:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2349 192.168.44.228:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2350 192.168.16.30:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2351 192.168.129.60:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2352 192.168.212.205:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2353 192.168.82.53:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2354 192.168.251.54:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2355 192.168.136.173:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2356 192.168.145.132:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2357 192.168.47.246:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2358 192.168.94.215:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2359 192.168.237.151:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2360 192.168.248.64:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2361 192.168.176.252:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2362 192.168.218.218:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2363 192.168.231.23:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2364 192.168.4.168:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2365 192.168.164.76:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2366 192.168.75.53:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2367 192.168.152.58:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2368 192.168.243.231:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2369 192.168.63.137:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2377 192.168.43.159:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2378 192.168.12.48:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2379 192.168.140.60:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2380 192.168.3.156:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2381 192.168.25.54:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2382 192.168.88.200:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2383 192.168.95.36:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2384 192.168.194.143:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2385 192.168.225.85:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2388 192.168.26.80:microsoft-ds SYN_SENT
TCP IBM-928726E3523:2389 192.168.112.116:microsoft-ds SYN_SENT
 
Upvote 0 Downvote
however i find that all the foriegn address are from the internal network.

 
Upvote 0 Downvote
There has to be a reason for each connection. TCPview (freeware) will identify by name all IP-based running processes if you have XP or better. It will also show you whether you have a constant cycle of dying (red) and reinvented new (green) endpoints.

In the TCPview window, get familiar with the 2nd and 3rd icons (the 'A - resolve addresses' and the 'show unconnected endpoints'). Make sure they are both 'enabled' (no 'x' thru them).

What I do is right click on selected running processes one at a time and close them down to see whether changes in listed IP endpoints do occur.

Here is an example of what I was able to discover in one representative case:

Having selected two (2) suspect but similarly named .EXEs and by 'closing the connections', I noticed that the majority of the 'cycling' endpoints turned red and died. I was left with a very much shorter list of TCP and UDP items since the regenerating cycle seemed to have been killed for good.

One remaining item identifed its process name as iexplore.exe. However, the right click or highlight info told me by its folder location that it was definitely not who it claimed to be - 'Internet Explorer' (IE). Besides, IE or a browser window was not even running. It was definitely a compromised ZOOMBIE machine trying to do someone else's bidding. Fortunately, it was being blocked at the router. Needed to get rid of that folder and its related registry entries (someone else did that).

Kazaa and other P2P apps seem to have a lot of (telltail) internal IP traffic associated with their operation (192.168.x.x).

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

spizotfl
  • Locked
  • Question
Reporting Phishing emails
Replies
2
Views
42
goombawaho
goombawaho
kkuhle
  • Locked
  • Question
NAV Corp Reporting and Sharepoint
Replies
0
Views
9
kkuhle
kkuhle
juanchisv
  • Locked
  • Question
Symantec Antivirus Corporate Event ID 60
Replies
0
Views
17
juanchisv
juanchisv
Geoffhalton
  • Locked
  • Question
Symantec CE reporting
Replies
0
Views
12
Geoffhalton
Geoffhalton
sidmickmol
  • Locked
  • Question
Bogus Wireless connections 1
Replies
3
Views
14
sidmickmol
sidmickmol

Part and Inventory Search

Sponsor

Back
Top