TCP Foreign Addresses

Page 1 of 2 12 LastLast

  1. Posts : 294
    Windows 7 Pro SP1 x64
       #1

    TCP Foreign Addresses


    Hello- I am having trouble finding out who the established addresses are within 'netstat -an'.

    I can find the geolocation, but I don't know who they are. I believe my Kaspersky Internet Security v16

    is the one established to Russia, but not sure. Also, the one's established in the US in California can't be found-

    or at least I don't know how to find them. Can someone help me, please?

    Thank you!
      My Computer


  2. Posts : 399
    Microsoft Windows 7 Ultimate 32-bit 7601
       #2

    I usually use IP Address Details - ipinfo.io to find info on a IP's
      My Computer


  3. Posts : 294
    Windows 7 Pro SP1 x64
    Thread Starter
       #3

    sml156 said:
    I usually use IP Address Details - ipinfo.io to find info on a IP's
    Thanks for that...take a look at this. Never heard of this outfit and have no idea what they do-

    https://www.fastly.com
    Attached Thumbnails Attached Thumbnails TCP Foreign Addresses-lu.jpg  
      My Computer


  4. Posts : 294
    Windows 7 Pro SP1 x64
    Thread Starter
       #4

    Then there's this one, which is, perhaps, my Kaspersky-

    AS3327 Linx Telecommunications B.V. - ipinfo.io
    Attached Thumbnails Attached Thumbnails TCP Foreign Addresses-lu2.jpg  
      My Computer


  5. Posts : 10,485
    W7 Pro SP1 64bit
       #5

    timw128 said:
    I believe my Kaspersky Internet Security v16 is the one established to Russia, but not sure.
    From an elevated commend prompt, try:
    Code:
    netstat -an -b
    The "-b" option might show you the app that made the connection.

    From netstat's help:
    Code:
    C:\windows\system32>netstat /?
    
    Displays protocol statistics and current TCP/IP network connections.
    
    NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-x] [-t] [interval]
    
      -a            Displays all connections and listening ports.
      -b            Displays the executable involved in creating each connection or
                    listening port. In some cases well-known executables host
                    multiple independent components, and in these cases the
                    sequence of components involved in creating the connection
                    or listening port is displayed. In this case the executable
                    name is in [] at the bottom, on top is the component it called,
                    and so forth until TCP/IP was reached. Note that this option
                    can be time-consuming and will fail unless you have sufficient
                    permissions.
    Sometimes you will only get...
    Code:
    Can not obtain ownership information
    ...instead of the app info.
      My Computer


  6. Posts : 294
    Windows 7 Pro SP1 x64
    Thread Starter
       #6

    UsernameIssues said:
    Sometimes you will only get...
    Code:
    Can not obtain ownership information
    ...instead of the app info.
    Yeah, a lot of Opera browser connects established but that's due to my Gmail being open, to retrieve thread update info for here, and of course, 'sevenforums' is open, as well.
    Attached Thumbnails Attached Thumbnails TCP Foreign Addresses-ns1.jpg  
      My Computer


  7. Posts : 10,485
    W7 Pro SP1 64bit
       #7

    You might also want to look at Windows 7's native Resource Monitor > Network tab.
      My Computer


  8. Posts : 399
    Microsoft Windows 7 Ultimate 32-bit 7601
       #8

    I am not sure what the companies do that own those IP's but if you can make heads or tails out of their web page's here ya go.

    https://www.fastly.com/
    AS54113 Fastly - ipinfo.io Details

    History – LinxTelecom and LinxDatacenter
    AS3327 Linx Telecommunications B.V. - ipinfo.io Details

    If they are ISP's and your computer is talking to one of their users you may want to do a thorough malware scan.
      My Computer


  9. Posts : 294
    Windows 7 Pro SP1 x64
    Thread Starter
       #9

    sml156 said:
    I am not sure what the companies do that own those IP's but if you can make heads or tails out of their web page's here ya go.

    https://www.fastly.com/
    AS54113 Fastly - ipinfo.io Details

    History – LinxTelecom and LinxDatacenter
    AS3327 Linx Telecommunications B.V. - ipinfo.io Details

    If they are ISP's and your computer is talking to one of their users you may want to do a thorough malware scan.
    Yeah, it's crazy... that 'fastly.com' outfit has something to do with outfits that interface with social media platforms. That's a whole different market. For instance, Fastly's clients include Vimeo, BuzzFeed, New Relic,
    KAYAK, Opera Software ( of which I use Opera browser), et al.
    'linxtelecom.com' is a server mamagement concern and provider. I went to Kaspersky Internet Security a year ago, after being with avast! for about 6 yrs. Why?... Kaspersky and BitDefender have consistently been ranked the #1 AV for 4-5 yrs. running. BitDefender does not integrate with Opera browser, and Kaspersky does, to a degree.

    I'm going to run that cmd prompt-

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Timbo-ENVY
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
    Physical Address. . . . . . . . . : 34-64-A9-1B-D9-01
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::599b:348f:15ee:747b%12(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Tuesday, September 27, 2016 10:03:51 AM
    Lease Expires . . . . . . . . . . : Wednesday, September 28, 2016 10:52:58 PM

    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DHCPv6 IAID . . . . . . . . . . . : 338977961
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-4F-C8-F9-34-64-A9-1B-D9-01

    DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
    2001:4860:4860::8844
    8.8.8.8
    8.8.4.4
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{B16CB80A-70E0-44EC-B5A1-005A9E168400}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Now, netstat -an-

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>netstat -an

    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1046 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
    TCP 192.168.1.3:139 0.0.0.0:0 LISTENING
    TCP 192.168.1.3:6877 62.128.100.174:443 ESTABLISHED
    TCP 192.168.1.3:6891 216.58.216.69:443 ESTABLISHED
    TCP 192.168.1.3:6926 173.194.198.189:443 ESTABLISHED
    TCP 192.168.1.3:7052 91.203.99.18:443 ESTABLISHED
    TCP 192.168.1.3:7109 184.172.52.106:80 ESTABLISHED
    TCP 192.168.1.3:7110 216.58.216.68:443 ESTABLISHED
    TCP 192.168.1.3:7111 216.58.216.78:443 ESTABLISHED
    TCP [::]:135 [::]:0 LISTENING
    TCP [::]:445 [::]:0 LISTENING
    TCP [::]:554 [::]:0 LISTENING
    TCP [::]:1025 [::]:0 LISTENING
    TCP [::]:1026 [::]:0 LISTENING
    TCP [::]:1027 [::]:0 LISTENING
    TCP [::]:1028 [::]:0 LISTENING
    TCP [::]:1029 [::]:0 LISTENING
    TCP [::]:1046 [::]:0 LISTENING
    TCP [::]:2869 [::]:0 LISTENING
    TCP [::]:3587 [::]:0 LISTENING
    TCP [::]:5357 [::]:0 LISTENING
    TCP [::]:10243 [::]:0 LISTENING
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:4500 *:*
    UDP 0.0.0.0:5004 *:*
    UDP 0.0.0.0:5005 *:*
    UDP 0.0.0.0:5355 *:*
    UDP 0.0.0.0:55943 *:*
    UDP 0.0.0.0:62705 *:*
    UDP 127.0.0.1:1900 *:*
    UDP 127.0.0.1:57039 *:*
    UDP 127.0.0.1:57359 *:*
    UDP 192.168.1.3:137 *:*
    UDP 192.168.1.3:138 *:*
    UDP 192.168.1.3:1900 *:*
    UDP 192.168.1.3:57038 *:*
    UDP [::]:500 *:*
    UDP [::]:3540 *:*
    UDP [::]:3702 *:*
    UDP [::]:3702 *:*
    UDP [::]:3702 *:*
    UDP [::]:3702 *:*
    UDP [::]:4500 *:*
    UDP [::]:5004 *:*
    UDP [::]:5005 *:*
    UDP [::]:5355 *:*
    UDP [::]:55944 *:*
    UDP [::]:62706 *:*
    UDP [::1]:1900 *:*
    UDP [::1]:57037 *:*
    UDP [fe80::599b:348f:15ee:747b%12]:546 *:*
    UDP [fe80::599b:348f:15ee:747b%12]:1900 *:*
    UDP [fe80::599b:348f:15ee:747b%12]:57036 *:*

    C:\Windows\system32>
      My Computer


  10. Posts : 399
    Microsoft Windows 7 Ultimate 32-bit 7601
       #10

    I took the liberty to find some info on your last post.

    {
    "ip": "62.128.100.174",
    "hostname": "No Hostname",
    "city": "Kiev",
    "region": "Kyiv City",
    "country": "UA",
    "loc": "50.4333,30.5167",
    "org": "AS3327 Linx Telecommunications B.V."
    }{
    "ip": "216.58.216.69",
    "hostname": "ord30s21-in-f69.1e100.net",
    "city": "Mountain View",
    "region": "California",
    "country": "US",
    "loc": "37.4192,-122.0574",
    "org": "AS15169 Google Inc.",
    "postal": "94043"
    }{
    "ip": "173.194.198.189",
    "hostname": "iz-in-f189.1e100.net",
    "city": "Mountain View",
    "region": "California",
    "country": "US",
    "loc": "37.4192,-122.0574",
    "org": "AS15169 Google Inc.",
    "postal": "94043"
    }{
    "ip": "91.203.99.18",
    "hostname": "autoupdate.opera.com",
    "city": "Oslo",
    "region": "Oslo County",
    "country": "NO",
    "loc": "59.9167,10.7500",
    "org": "AS39832 Opera Software AS",
    "postal": "0001"
    }{
    "ip": "184.172.52.106",
    "hostname": "6a.34.acb8.ip4.static.sl-reverse.com",
    "city": "Houston",
    "region": "Texas",
    "country": "US",
    "loc": "29.7633,-95.3633",
    "org": "AS36351 SoftLayer Technologies Inc.",
    "postal": "77002"
    }{
    "ip": "216.58.216.68",
    "hostname": "ord30s21-in-f68.1e100.net",
    "city": "Mountain View",
    "region": "California",
    "country": "US",
    "loc": "37.4192,-122.0574",
    "org": "AS15169 Google Inc.",
    "postal": "94043"
    }{
    "ip": "216.58.216.78",
    "hostname": "ord30s21-in-f14.1e100.net",
    "city": "Mountain View",
    "region": "California",
    "country": "US",
    "loc": "37.4192,-122.0574",
    "org": "AS15169 Google Inc.",
    "postal": "94043"
    }

    I'm using Windows 10 right now so instead of my usual way to search a list in a text file of multiple IP's for info on IP's I used Win 10 Bash instead of Linux.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:06.
Find Us