Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: TCP Foreign Addresses

25 Sep 2016   #1
timw128

Windows 7 Pro SP1 x64
 
 
TCP Foreign Addresses

Hello- I am having trouble finding out who the established addresses are within 'netstat -an'.

I can find the geolocation, but I don't know who they are. I believe my Kaspersky Internet Security v16

is the one established to Russia, but not sure. Also, the one's established in the US in California can't be found-

or at least I don't know how to find them. Can someone help me, please?

Thank you!


My System SpecsSystem Spec
.
25 Sep 2016   #2
sml156

Microsoft Windows 7 Ultimate 32-bit 7601
 
 

I usually use IP Address Details - ipinfo.io to find info on a IP's
My System SpecsSystem Spec
25 Sep 2016   #3
timw128

Windows 7 Pro SP1 x64
 
 

Quote   Quote: Originally Posted by sml156 View Post
I usually use IP Address Details - ipinfo.io to find info on a IP's
Thanks for that...take a look at this. Never heard of this outfit and have no idea what they do-

https://www.fastly.com


Attached Thumbnails
TCP Foreign Addresses-lu.jpg  
My System SpecsSystem Spec
.

25 Sep 2016   #4
timw128

Windows 7 Pro SP1 x64
 
 

Then there's this one, which is, perhaps, my Kaspersky-

AS3327 Linx Telecommunications B.V. - ipinfo.io


Attached Thumbnails
TCP Foreign Addresses-lu2.jpg  
My System SpecsSystem Spec
26 Sep 2016   #5
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by timw128 View Post
I believe my Kaspersky Internet Security v16 is the one established to Russia, but not sure.
From an elevated commend prompt, try:
Code:
netstat -an -b
The "-b" option might show you the app that made the connection.

From netstat's help:
Code:
C:\windows\system32>netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-x] [-t] [interval]

  -a            Displays all connections and listening ports.
  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.
Sometimes you will only get...
Code:
Can not obtain ownership information
...instead of the app info.
My System SpecsSystem Spec
26 Sep 2016   #6
timw128

Windows 7 Pro SP1 x64
 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
Sometimes you will only get...
Code:
Can not obtain ownership information
...instead of the app info.
Yeah, a lot of Opera browser connects established but that's due to my Gmail being open, to retrieve thread update info for here, and of course, 'sevenforums' is open, as well.


Attached Thumbnails
TCP Foreign Addresses-ns1.jpg  
My System SpecsSystem Spec
26 Sep 2016   #7
UsernameIssues

W7 Pro SP1 64bit
 
 

You might also want to look at Windows 7's native Resource Monitor > Network tab.
My System SpecsSystem Spec
27 Sep 2016   #8
sml156

Microsoft Windows 7 Ultimate 32-bit 7601
 
 

I am not sure what the companies do that own those IP's but if you can make heads or tails out of their web page's here ya go.

https://www.fastly.com/
AS54113 Fastly - ipinfo.io Details

History €“ LinxTelecom and LinxDatacenter
AS3327 Linx Telecommunications B.V. - ipinfo.io Details

If they are ISP's and your computer is talking to one of their users you may want to do a thorough malware scan.
My System SpecsSystem Spec
27 Sep 2016   #9
timw128

Windows 7 Pro SP1 x64
 
 

Quote   Quote: Originally Posted by sml156 View Post
I am not sure what the companies do that own those IP's but if you can make heads or tails out of their web page's here ya go.

https://www.fastly.com/
AS54113 Fastly - ipinfo.io Details

History – LinxTelecom and LinxDatacenter
AS3327 Linx Telecommunications B.V. - ipinfo.io Details

If they are ISP's and your computer is talking to one of their users you may want to do a thorough malware scan.
Yeah, it's crazy... that 'fastly.com' outfit has something to do with outfits that interface with social media platforms. That's a whole different market. For instance, Fastly's clients include Vimeo, BuzzFeed, New Relic,
KAYAK, Opera Software ( of which I use Opera browser), et al.
'linxtelecom.com' is a server mamagement concern and provider. I went to Kaspersky Internet Security a year ago, after being with avast! for about 6 yrs. Why?... Kaspersky and BitDefender have consistently been ranked the #1 AV for 4-5 yrs. running. BitDefender does not integrate with Opera browser, and Kaspersky does, to a degree.

I'm going to run that cmd prompt-

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Timbo-ENVY
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 34-64-A9-1B-D9-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::599b:348f:15ee:747b%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, September 27, 2016 10:03:51 AM
Lease Expires . . . . . . . . . . : Wednesday, September 28, 2016 10:52:58 PM

Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 338977961
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-4F-C8-F9-34-64-A9-1B-D9-01

DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
2001:4860:4860::8844
8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{B16CB80A-70E0-44EC-B5A1-005A9E168400}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Now, netstat -an-

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1046 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 192.168.1.3:139 0.0.0.0:0 LISTENING
TCP 192.168.1.3:6877 62.128.100.174:443 ESTABLISHED
TCP 192.168.1.3:6891 216.58.216.69:443 ESTABLISHED
TCP 192.168.1.3:6926 173.194.198.189:443 ESTABLISHED
TCP 192.168.1.3:7052 91.203.99.18:443 ESTABLISHED
TCP 192.168.1.3:7109 184.172.52.106:80 ESTABLISHED
TCP 192.168.1.3:7110 216.58.216.68:443 ESTABLISHED
TCP 192.168.1.3:7111 216.58.216.78:443 ESTABLISHED
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:554 [::]:0 LISTENING
TCP [::]:1025 [::]:0 LISTENING
TCP [::]:1026 [::]:0 LISTENING
TCP [::]:1027 [::]:0 LISTENING
TCP [::]:1028 [::]:0 LISTENING
TCP [::]:1029 [::]:0 LISTENING
TCP [::]:1046 [::]:0 LISTENING
TCP [::]:2869 [::]:0 LISTENING
TCP [::]:3587 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:10243 [::]:0 LISTENING
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5004 *:*
UDP 0.0.0.0:5005 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:55943 *:*
UDP 0.0.0.0:62705 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:57039 *:*
UDP 127.0.0.1:57359 *:*
UDP 192.168.1.3:137 *:*
UDP 192.168.1.3:138 *:*
UDP 192.168.1.3:1900 *:*
UDP 192.168.1.3:57038 *:*
UDP [::]:500 *:*
UDP [::]:3540 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:4500 *:*
UDP [::]:5004 *:*
UDP [::]:5005 *:*
UDP [::]:5355 *:*
UDP [::]:55944 *:*
UDP [::]:62706 *:*
UDP [::1]:1900 *:*
UDP [::1]:57037 *:*
UDP [fe80::599b:348f:15ee:747b%12]:546 *:*
UDP [fe80::599b:348f:15ee:747b%12]:1900 *:*
UDP [fe80::599b:348f:15ee:747b%12]:57036 *:*

C:\Windows\system32>
My System SpecsSystem Spec
28 Sep 2016   #10
sml156

Microsoft Windows 7 Ultimate 32-bit 7601
 
 

I took the liberty to find some info on your last post.

{
"ip": "62.128.100.174",
"hostname": "No Hostname",
"city": "Kiev",
"region": "Kyiv City",
"country": "UA",
"loc": "50.4333,30.5167",
"org": "AS3327 Linx Telecommunications B.V."
}{
"ip": "216.58.216.69",
"hostname": "ord30s21-in-f69.1e100.net",
"city": "Mountain View",
"region": "California",
"country": "US",
"loc": "37.4192,-122.0574",
"org": "AS15169 Google Inc.",
"postal": "94043"
}{
"ip": "173.194.198.189",
"hostname": "iz-in-f189.1e100.net",
"city": "Mountain View",
"region": "California",
"country": "US",
"loc": "37.4192,-122.0574",
"org": "AS15169 Google Inc.",
"postal": "94043"
}{
"ip": "91.203.99.18",
"hostname": "autoupdate.opera.com",
"city": "Oslo",
"region": "Oslo County",
"country": "NO",
"loc": "59.9167,10.7500",
"org": "AS39832 Opera Software AS",
"postal": "0001"
}{
"ip": "184.172.52.106",
"hostname": "6a.34.acb8.ip4.static.sl-reverse.com",
"city": "Houston",
"region": "Texas",
"country": "US",
"loc": "29.7633,-95.3633",
"org": "AS36351 SoftLayer Technologies Inc.",
"postal": "77002"
}{
"ip": "216.58.216.68",
"hostname": "ord30s21-in-f68.1e100.net",
"city": "Mountain View",
"region": "California",
"country": "US",
"loc": "37.4192,-122.0574",
"org": "AS15169 Google Inc.",
"postal": "94043"
}{
"ip": "216.58.216.78",
"hostname": "ord30s21-in-f14.1e100.net",
"city": "Mountain View",
"region": "California",
"country": "US",
"loc": "37.4192,-122.0574",
"org": "AS15169 Google Inc.",
"postal": "94043"
}

I'm using Windows 10 right now so instead of my usual way to search a list in a text file of multiple IP's for info on IP's I used Win 10 Bash instead of Linux.
My System SpecsSystem Spec
Reply

 TCP Foreign Addresses




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Import foreign dyanamic HDD or not
I had to completely re-install Win 7 Pro on the 240gb SSD. I had/have 2 HDD that were used - 1 for files and the other for music. I finally got around to hooking up 1 of the HDDs. It shows up under disk mngr as Disk 0 Dynamic foreign. Do I import the disk or what are my options?:sarc: It...
Hardware & Devices
Cannot input foreign language
Hello, all. I have tried for an hour to configure my keyboard input properly, and I've searched online to no avail. The problem is that I cannot input a foreign language (attempting to enable Korean). I installed the keyboard and set it up so that left alt + shift switches languages. The language...
General Discussion
Foreign characters?
When i open my start menu and try to type in the search bar it types characters such as these фывапкуее what does this mean / how do i fix it? thank you so much.
General Discussion
Removing Foreign MUI's etc??
hello all, i notice in my win7 installation that i have numerous folders labeled "fr-fr", "hr-hr", "it-it", "da-dk", etc. from what i gather, these are because i have a multilingual version of windows 7 (?) can anyone offer a way to safely remove them?
Customization
Installing on a foreign notebook
Hi, I bought my laptop abroad and everything is in foreign language. It's an ACER ASPIRE 5739G - 754G50Mn with Vista Home Premium. I wanted to get a new os vista ultimate or windows 7 installed. Some questions: 1. If I get a new os in english, I would only be able to clean install as it...
Drivers


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App