100+ Connections. netstat -a Normal?

M

MySongRanHills

Limp Gawd
Joined
May 27, 2011
Messages
237
I just recently started studying for my ICND1 and decided to try running netstat for myself. Before I even opened command prompt I stopped all the user processes and even stuff like java updater ,driver updaters , etc. So I'm wondering if this much traffic is normal? The only thing I could think of was possibly windows tiles are polling a ton of updates?

Code: 
netstat -a
Active Connections
 
  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            Server:0               LISTENING
  TCP    0.0.0.0:445            Server:0               LISTENING
  TCP    0.0.0.0:554            Server:0               LISTENING
  TCP    0.0.0.0:2869           Server:0               LISTENING
  TCP    0.0.0.0:3389           Server:0               LISTENING
  TCP    0.0.0.0:5357           Server:0               LISTENING
  TCP    0.0.0.0:8084           Server:0               LISTENING
  TCP    0.0.0.0:9595           Server:0               LISTENING
  TCP    0.0.0.0:10243          Server:0               LISTENING
  TCP    0.0.0.0:19455          Server:0               LISTENING
  TCP    0.0.0.0:49152          Server:0               LISTENING
  TCP    0.0.0.0:49153          Server:0               LISTENING
  TCP    0.0.0.0:49154          Server:0               LISTENING
  TCP    0.0.0.0:49155          Server:0               LISTENING
  TCP    0.0.0.0:49166          Server:0               LISTENING
  TCP    0.0.0.0:49167          Server:0               LISTENING
  TCP    127.0.0.1:23401        activation:50422       TIME_WAIT
  TCP    127.0.0.1:23401        activation:50423       TIME_WAIT
  TCP    127.0.0.1:23401        activation:50424       TIME_WAIT
  TCP    127.0.0.1:23401        activation:50431       TIME_WAIT
  TCP    127.0.0.1:23401        activation:50432       TIME_WAIT
  TCP    127.0.0.1:23401        activation:50433       TIME_WAIT
  TCP    127.0.0.1:23401        activation:50442       TIME_WAIT
  TCP    127.0.0.1:23401        activation:50443       TIME_WAIT
  TCP    127.0.0.1:23401        activation:50444       TIME_WAIT
  TCP    127.0.0.1:50446        activation:50447       TIME_WAIT
  TCP    127.0.0.1:65000        activation:50445       TIME_WAIT
  TCP    192.168.1.10:139       Server:0               LISTENING
  TCP    192.168.1.10:2869      RT-AC66R:53102         TIME_WAIT
  TCP    192.168.1.10:2869      RT-AC66R:53103         TIME_WAIT
  TCP    192.168.1.10:2869      RT-AC66R:53104         TIME_WAIT
  TCP    192.168.1.10:49204     bn1wns1011501:https    ESTABLISHED
  TCP    192.168.1.10:50359     og-in-f141:https       TIME_WAIT
  TCP    192.168.1.10:50415     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50416     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50417     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50418     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50419     a96-6-88-52:http       TIME_WAIT
  TCP    192.168.1.10:50420     a96-6-88-52:http       TIME_WAIT
  TCP    192.168.1.10:50428     a96-6-88-52:http       TIME_WAIT
  TCP    192.168.1.10:50429     a96-6-88-52:http       TIME_WAIT
  TCP    192.168.1.10:50437     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50438     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50439     a23-207-40-52:http     TIME_WAIT
  TCP    192.168.1.10:50440     a23-207-40-52:http     TIME_WAIT
  TCP    192.168.1.10:50448     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50449     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50450     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50451     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50452     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50453     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50454     RT-AC66R:45560         TIME_WAIT
  TCP    192.168.1.10:50455     RT-AC66R:45560         TIME_WAIT
  TCP    [::]:135               Server:0               LISTENING
  TCP    [::]:445               Server:0               LISTENING
  TCP    [::]:554               Server:0               LISTENING
  TCP    [::]:2869              Server:0               LISTENING
  TCP    [::]:3389              Server:0               LISTENING
  TCP    [::]:3587              Server:0               LISTENING
  TCP    [::]:5357              Server:0               LISTENING
  TCP    [::]:8084              Server:0               LISTENING
  TCP    [::]:9595              Server:0               LISTENING
  TCP    [::]:10243             Server:0               LISTENING
  TCP    [::]:19455             Server:0               LISTENING
  TCP    [::]:49152             Server:0               LISTENING
  TCP    [::]:49153             Server:0               LISTENING
  TCP    [::]:49154             Server:0               LISTENING
  TCP    [::]:49155             Server:0               LISTENING
  TCP    [::]:49166             Server:0               LISTENING
  TCP    [::]:49167             Server:0               LISTENING
  TCP    [::1]:49156            Server:0               LISTENING
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:3389           *:*
  UDP    0.0.0.0:3544           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:4500           *:*
  UDP    0.0.0.0:5004           *:*
  UDP    0.0.0.0:5005           *:*
  UDP    0.0.0.0:5355           *:*
  UDP    0.0.0.0:49516          *:*
  UDP    0.0.0.0:50225          *:*
  UDP    0.0.0.0:59180          *:*
  UDP    127.0.0.1:1900         *:*
  UDP    127.0.0.1:58874        *:*
  UDP    192.168.1.10:137       *:*
  UDP    192.168.1.10:138       *:*
  UDP    192.168.1.10:1900      *:*
  UDP    192.168.1.10:58873     *:*
  UDP    192.168.1.10:59079     *:*
  UDP    [::]:500               *:*
  UDP    [::]:3389              *:*
  UDP    [::]:3540              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:4500              *:*
  UDP    [::]:5004              *:*
  UDP    [::]:5005              *:*
  UDP    [::]:5355              *:*
  UDP    [::]:49517             *:*
  UDP    [::]:50226             *:*
  UDP    [::]:59181             *:*
  UDP    [::1]:1900             *:*
  UDP    [::1]:58872            *:*
  UDP    [fe80::1cd5:1938:9d36:3937%5]:546  *:*
  UDP    [fe80::d10c:cee5:9eb3:6a63%3]:546  *:*
  UDP    [fe80::d10c:cee5:9eb3:6a63%3]:1900  *:*
  UDP    [fe80::d10c:cee5:9eb3:6a63%3]:58871  *:*
 
It's only 35 recent but currently torn down connections and a single established connection.
 
What you're seeing might not be unusual for your system, depending on what' background services are running on it... Instead of netstat -a, run netstat -ban to see what process is creating the connections.

What's listening on those high level ports? (49xxx) What process is making those outbound connections on port 23401?

If you want a more "live" view of the setup and tear-down of connections, check out TCPVIEW:
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
 
You must log in or register to reply here.
Back
Top