Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer and ports


  • Please log in to reply
3 replies to this topic

#1 Chris_In_Motown

Chris_In_Motown

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 30 November 2008 - 05:26 PM

I've just spent the weekend digging ever deeper into my system (for reasons unrelated to this post), and stumbled onto something that's got me puzzled. This may reveal my naivete, so you have my permission to point and laugh at me if need be.

I ran a netstat command to see a list of active port connections ("netstat -ao"), and identified the various process-ID numbers. And I see that explorer.exe (pid 472) is showing up twice, as seen in this excerpted list:

Proto .. Local Address ....... Foreign Address ............ State ............ PID
TCP .... MYNAME:37371 ...... MYNAME:0 ...................... LISTENING ..... 472
TCP .... MYNAME:3127 ........ 209.160.26.253:http ..... CLOSE_WAIT .. 472


Is any of this reason for concern?

Thanks -
Chris

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:13 PM

Posted 30 November 2008 - 06:47 PM

The first one says that explore is listening for traffic - that's usually normal IME
The second one says that it's connected to 209.160.26.253 using http (the IP resolves to HopOne Internet Corporation)

From this link: http://support.microsoft.com/kb/137984

CLOSE_WAIT Indicates passive close. Server just received first FIN from a client.


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Chris_In_Motown

Chris_In_Motown
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 30 November 2008 - 07:06 PM

The second one says that it's connected to 209.160.26.253 using http (the IP resolves to HopOne Internet Corporation)


Right -- and that's the one I'm really wondering about. Why would Windows Explorer be connected to an Internet address?

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:13 PM

Posted 30 November 2008 - 09:07 PM

HopOne is registered in the US, but if you surf to that IP address you'll get a page that's in Estonian (just a guess).
Probably not a good thing unless you're Estonian.

If you're not, I'd suggest a couple of the free, online scans listed here: http://www.bleepingcomputer.com/blogs/usas...?showentry=1252
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users