Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OSX Virus connecting to: 2.20.188.163


  • Please log in to reply
16 replies to this topic

#1 HappyDude1234

HappyDude1234

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 24 November 2015 - 10:26 AM

Virus connecting out to random IP:  2.20.188.163

Whilst connecting to the internet, my NOD32 Cyber Security Process: eset_proxy connected to this IP address:2.20.188.163

 

I've done a search on google:

https://gyazo.com/e069344010246521376d3ca5b9dc9f3b

https://gyazo.com/c3a43d477e607cec6a69fa617fa3a9fb

 

https://www.virustotal.com/en/ip-address/2.20.188.163/information/

This Virus total report indicates there have been detected files that communicate with this IP address.https://gyazo.com/e069344010246521376d3ca5b9dc9f3b

 

Checking the IP address, port 80, HTTP is open. When accessing the IP address via Chrome I am given this message.

 

Invalid URL

The requested URL "/", is invalid.

Reference #9.9fbc1402.1448377597.36f6112

 

Upon page refresh the reference number seems to keep changing.

 

If anyone can help shed some light on this strange behaviour I'd be most grateful.

 

Thanks.



BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:55 AM

Posted 24 November 2015 - 11:12 AM

That IP address is owned by Akamai Technologies, which performs content delivery for most major companies. Among other companies that proxy through Akamai is Apple, so it is feasible that your computer is simply checking for updates; if not Apple, it's almost certainly not malware as Akamai is very selective with their clients.

 

In (one of the) samples you linked, that IP is associated with downloading updates for Windows from Microsoft, who also uses Akamai.


Edited by iangcarroll, 24 November 2015 - 11:16 AM.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 dante12

dante12

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 PM

Posted 24 November 2015 - 11:14 AM

Have you checked the Eset logfiles in the Settings window -> Tools -> Log files for entries?

 

Without Port 80 you are not able to connect the web. So port 80 must be open. That is normal.

 

Tell me if you visit this sites:

 

elixirstrings

lancastereaglegazette

olx

turnoutblog


Edited by dante12, 24 November 2015 - 11:15 AM.


#4 HappyDude1234

HappyDude1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 24 November 2015 - 01:37 PM

No I am not familiar with any of these.

 

Port 80 is open by default, I don't think I explained clearly. 

 

When you connect to the rouge IP address using your browser: http://2.20.188.163 

 

It outputs this:

 

-----------

Invalid URL

The requested URL "/", is invalid.

Reference #9.9fbc1402.1448377597.36f6112

 

-----------

 

As you can see the IP address has been detected by virus total as malicious on various occasions.

 

I have disabled ESET to see if that is the issue.

 

It doesn't seem normal.


Edited by HappyDude1234, 24 November 2015 - 01:45 PM.


#5 dante12

dante12

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 PM

Posted 24 November 2015 - 01:50 PM

There is not possible to connect direct to this ip. It's Akamai Technologies. There are many domains registered there on this ip (including Malicious Sites), Apple, Adobe, Microsoft for example and many other.

 

http://www.tcpiputils.com/browse/ip-address/2.20.188.0-2.20.191.255

 

So what's exactly the problem have you problem with your mac or need only information about this IP -> you got it :)


Edited by dante12, 24 November 2015 - 01:50 PM.


#6 HappyDude1234

HappyDude1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 24 November 2015 - 02:10 PM

This is what happens when I try to connect to it via my browser. 
 
 
These are the open ports
 
 
Thus I tired to connect via port 80.
 
EDIT:
 
Just uncovered this:
 
 
Another hostname that my chrome browser seems to be connecting to, operating the same way. 
 
AND ANOTHER...
 
All are showing the same thing.
 
Here is a list of them from port monitor:  https://gyazo.com/05d017bb0f2c33d065e7e42d71ef4029
 
All of them are operating in the same way...
 
 
It seems to be redirecting to mixpanel? I am very confused...
 
 
*Sigh* There's more...
 
 
What the hell are all of these hostnames?
 

Edited by HappyDude1234, 24 November 2015 - 02:57 PM.


#7 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:55 AM

Posted 24 November 2015 - 03:19 PM

Hi HappyDude1234,

 

I would advise not digging this far into your computer's internet traffic, as it may worry you if you're not aware of what's fully happening. Akamai is a large proxy service that accelerates traffic for large companies, thus a lot of traffic travels through their servers (15-30% of all traffic). You're receiving that error page because you're not specifying content to request, and the request ID shown is used internally by Akamai to track failed requests if that error turns out to be incorrectly triggered. 

 

VirusTotal does not detect Akamai's servers as malicious, they merely have samples that connect to Akamai for an unrelated purpose (certificate revocation, windows updates, etc).

 

The Mixpanel site is a tracking system used by some websites to monitor engagements you have with websites. You can use a tool like AdBlock or Ghostery to block these, but they're not all that harmful.

 

Additionally, nr-data is New Relic, an analytics system used to track performance of web applications in the browser and on the server.


Edited by iangcarroll, 24 November 2015 - 03:21 PM.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#8 HappyDude1234

HappyDude1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 24 November 2015 - 03:28 PM

"VirusTotal does not detect Akamai's servers as malicious, they merely have samples that connect to Akamai for an unrelated purpose (certificate revocation, windows updates, etc)."

 

This is the link to virus total regarding this IP address: 2.20.188.163

 

https://www.virustotal.com/en/ip-address/2.20.188.163/information/

 

If you follow the links that are supplied here you can see the software that has been uploaded to virus total:

 

https://www.virustotal.com/en/file/e418babbd28890b6742a9b2f4dc7b9f03af69f9225962407ec76d0b744cd1598/analysis/

https://www.virustotal.com/en/file/06e26a656824889e733dd079b2388339085a11df4af5cecbdcb5114a5092e49d/analysis/

https://www.virustotal.com/en/file/5ad4f7e454c32a0acb79154cd40d2bfc7ef891cbc94ad006146fbdc64f689214/analysis/

https://www.virustotal.com/en/file/852764d17fc1e3b6eabf17cc9c03b9764de191b332800f7ca9413fccec6ffaab/analysis/

 

As you can see there have been detections on files that connect to this IP address. It is an IP address related to malware.

 

Please can you explain this, thanks for your help.

 

Also...

 

What about the other domain names that are doing the same thing? 

 

203-109-179-18.dsl.dyn.ihug.co.nz

 

https://who.is/whois/203-109-179-18.dsl.dyn.ihug.co.nz

https://gyazo.com/dbfdd7addc954b00ef50f6f96284751f

https://gyazo.com/418a7e73281461cb841862351508a27e

 

This one seems to be a residential connection, yet when you open it with HTTP, it does the same thing as Akamai.


Edited by HappyDude1234, 24 November 2015 - 03:42 PM.


#9 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:55 AM

Posted 24 November 2015 - 03:34 PM

All of the connections to that IP in the linked samples are to "www.download.windowsupdate.com", which is a server run by Microsoft and proxied by Akamai. This domain, among other things, is used to download trust lists for populating the Windows trusted certificate store. It is not malicious. Windows initiates this connection on its own whenever you connect to an HTTPS site or download signed code to ensure it has the latest trust list.

Edited by iangcarroll, 24 November 2015 - 03:35 PM.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#10 HappyDude1234

HappyDude1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 24 November 2015 - 03:51 PM

I am using a Mac so why would it connect to windows update.

 

Furthermore, if you could take a look at my prior message, there are some alarming residential connections that are behaving in the exact same way as the initially stated IP address.

 

The hostname is not even Akami, the who is data looks false.

 

203-109-179-18.dsl.dyn.ihug.co.nz

 

Old who.is data:

 

technical_contact_address1: P O Box 7281 
technical_contact_address2: Wellesley Street 
technical_contact_city: Auckland 
technical_contact_country: NZ (NEW ZEALAND)
technical_contact_phone: +64 9 3585067 
technical_contact_fax: +64 9 3584112 
technical_contact_email: feb76c8d10f0494.png@ihugbusiness.co.nz 

 

New Who.is Data

 

echnical_contact_name: Vodafone NMC 
technical_contact_address1: Private Bag 92161 
technical_contact_city: Auckland 
technical_contact_country: NZ (NEW ZEALAND)
technical_contact_phone: +64 9 3552313 
technical_contact_fax: +64 9 3552005 
technical_contact_email: 63ea407f93952da.png@vodafone.co.nz 

 

Please look at prior message for more details. Thanks again.

 

------

Another to take note of: 91.4.211.130.bc.googleusercontent.com

https://gyazo.com/b7f39c37c97950e801fc19501af39f8c

 

Behaves the same way.


Edited by HappyDude1234, 24 November 2015 - 04:04 PM.


#11 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:55 AM

Posted 24 November 2015 - 04:10 PM

The samples you linked to connect to Windows Update. Your connections are likely to a different service that Akamai proxies, which has the same IP as they're both via Akamai.

It would appear Akamai operates a caching node on Ihug's network (now owned by Vodafone), hence the similar error: http://www.computerworld.co.nz/article/506705/akamai_taps_ihug_global_network/

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#12 HappyDude1234

HappyDude1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 24 November 2015 - 04:48 PM

So you're saying that all of this is normal and nothing to worry about. 

 

I feel better knowing that this is a trusted service.

 

If there is any more information that you could provide me with I'd really appreciate it. 

 

Thanks.


Edited by HappyDude1234, 24 November 2015 - 04:50 PM.


#13 dante12

dante12

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 PM

Posted 24 November 2015 - 05:16 PM

I am using a Mac so why would it connect to windows update.

 

 

Possible that you're using Window Software on mac?

 

  • Download Malwarebytes for Mac, open the DMG and move the app to your program folder.
  • Start it and click on the Scan button. After done you're get a message. If any malware found will move automatically to the trash.
  • Don't close the app (unless you need to restart the mac, please start the app again).
  • Make sure the app is still activated (click everywhere on the Window from Malwarebyes).
  • Go on the top of your Screen and choose from the menu Scanner the option Take System Snapshot.
  • Copy the Log and insert it here


#14 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:55 AM

Posted 24 November 2015 - 05:21 PM

So you're saying that all of this is normal and nothing to worry about. 
 
I feel better knowing that this is a trusted service.
 
If there is any more information that you could provide me with I'd really appreciate it. 
 
Thanks.


Yes, from what you have provided you are fine.

While there is likely no harm in following dante12's MBAM instructions (it does not appear he fully read this thread), you're probably fine.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#15 HappyDude1234

HappyDude1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 24 November 2015 - 05:31 PM

No I am using no windows software whatsoever. 

 

Sorry to bleat on about this, but I'm getting more and more confused. 

 

After this I'm just going to give up with it because it seems silly to waste your time.

 

https://who.is/whois/a104-84-42-16.deploy.static.akamaitechnologies.com

 

^ This host was on my connection list. 

 

It's registered with twocows and there are many reports of it being malicious.

 

b4b0d6ba6892b707 stream      0      0                0 b4b0d6ba6892bbb7                0                0 /var/run/mDNSResponder

b4b0d6ba6892bbb7 stream      0      0                0 b4b0d6ba6892b707                0                0

b4b0d6ba6892a767 stream      0      0                0 b4b0d6ba6892b7cf                0                0 /var/run/mDNSResponder

b4b0d6ba6892b7cf stream      0      0                0 b4b0d6ba6892a767                0                0

b4b0d6ba6892bf9f stream      0      0                0 b4b0d6ba6892ba27                0                0 /var/run/mDNSResponder

b4b0d6ba6892ba27 stream      0      0                0 b4b0d6ba6892bf9f                0                0

b4b0d6ba6892b0c7 stream      0      0                0 b4b0d6ba6892b18f                0                0

b4b0d6ba6892b18f stream      0      0                0 b4b0d6ba6892b0c7                0                0

b4b0d6ba6892cb57 stream      0      0 b4b0d6ba6ce12947                0                0                0 /var/folders/dq/dhzhxlyn4qqdh757c19q11l00000gn/T/chrome-6U4Arb/Socket

b4b0d6ba6892a8f7 stream      0      0 b4b0d6ba6ce12b27                0                0                0 /var/folders/dq/dhzhxlyn4qqdh757c19q11l00000gn/T/.com.google.Chrome.2aOPtJ/SingletonSocket

b4b0d6ba4fe9de6f stream      0      0                0 b4b0d6ba666528f7                0                0

b4b0d6ba666528f7 stream      0      0                0 b4b0d6ba4fe9de6f                0                0

b4b0d6ba68933007 stream      0      0                0 b4b0d6ba6892cc1f                0                0 /var/run/mDNSResponder

b4b0d6ba6892cc1f stream      0      0                0 b4b0d6ba68933007                0                0

b4b0d6ba6892c44f stream      0      0                0 b4b0d6ba6892b95f                0                0 /var/run/mDNSResponder

b4b0d6ba6892b95f stream      0      0                0 b4b0d6ba6892c44f                0                0

b4b0d6ba66652fff stream      0      0                0 b4b0d6ba6892ca8f                0                0 /var/run/mDNSResponder

b4b0d6ba6892ca8f stream      0      0                0 b4b0d6ba66652fff                0                0

b4b0d6ba666546a7 stream      0      0                0 b4b0d6ba6892c2bf                0                0 /var/run/mDNSResponder

b4b0d6ba6892c2bf stream      0      0                0 b4b0d6ba666546a7                0                0

b4b0d6ba6892c9c7 stream      0      0                0 b4b0d6ba6892c1f7                0                0 /var/run/mDNSResponder

b4b0d6ba6892c1f7 stream      0      0                0 b4b0d6ba6892c9c7                0                0

b4b0d6ba6665250f stream      0      0                0 b4b0d6ba66654517                0                0 /var/run/mDNSResponder

b4b0d6ba66654517 stream      0      0                0 b4b0d6ba6665250f                0                0

b4b0d6ba66654f3f stream      0      0                0 b4b0d6ba666522b7                0                0 /var/run/mDNSResponder

b4b0d6ba666522b7 stream      0      0                0 b4b0d6ba66654f3f                0                0

b4b0d6ba66653aef stream      0      0                0 b4b0d6ba6665395f                0                0

b4b0d6ba6665395f stream      0      0                0 b4b0d6ba66653aef                0                0

b4b0d6ba4fe9d50f stream      0      0                0 b4b0d6ba66653d47                0                0 /var/run/mDNSResponder

b4b0d6ba66653d47 stream      0      0                0 b4b0d6ba4fe9d50f                0                0

b4b0d6ba666545df stream      0      0                0 b4b0d6ba4fe9ebb7                0                0

b4b0d6ba4fe9ebb7 stream      0      0                0 b4b0d6ba666545df                0                0

b4b0d6ba4fe9eaef stream      0      0                0 b4b0d6ba66653577                0                0

b4b0d6ba66653577 stream      0      0                0 b4b0d6ba4fe9eaef                0                0

b4b0d6ba66654387 stream      0      0                0 b4b0d6ba6665476f                0                0

b4b0d6ba6665476f stream      0      0                0 b4b0d6ba66654387                0                0

b4b0d6ba66654837 stream      0      0                0 b4b0d6ba4fe9d447                0                0

b4b0d6ba4fe9d447 stream      0      0                0 b4b0d6ba66654837                0                0

b4b0d6ba6665318f stream      0      0                0 b4b0d6ba66654067                0                0 /var/run/mDNSResponder

b4b0d6ba66654067 stream      0      0                0 b4b0d6ba6665318f                0                0

b4b0d6ba666534af stream      0      0                0 b4b0d6ba66653bb7                0                0 /var/run/mDNSResponder

b4b0d6ba66653bb7 stream      0      0                0 b4b0d6ba666534af                0                0

b4b0d6ba66653897 stream      0      0                0 b4b0d6ba666537cf                0                0 /var/run/mDNSResponder

b4b0d6ba666537cf stream      0      0                0 b4b0d6ba66653897                0                0

b4b0d6ba66653c7f stream      0      0                0 b4b0d6ba66653e0f                0                0 /var/run/mDNSResponder

b4b0d6ba66653e0f stream      0      0                0 b4b0d6ba66653c7f                0                0

b4b0d6ba666541f7 stream      0      0 b4b0d6ba666f5d07                0                0                0 /var/folders/dq/dhzhxlyn4qqdh757c19q11l00000gn/T/icssuis501

b4b0d6ba4fe9d5d7 stream      0      0                0 b4b0d6ba4fe9d69f                0                0

b4b0d6ba4fe9d69f stream      0      0                0 b4b0d6ba4fe9d5d7                0                0

b4b0d6ba4fe9d9bf stream      0      0                0 b4b0d6ba4fe9da87                0                0 /var/run/mDNSResponder

b4b0d6ba4fe9da87 stream      0      0                0 b4b0d6ba4fe9d9bf                0                0

b4b0d6ba4fe9db4f stream      0      0                0 b4b0d6ba4fe9dc17                0                0 /var/run/mDNSResponder

b4b0d6ba4fe9dc17 stream      0      0                0 b4b0d6ba4fe9db4f                0                0

b4b0d6ba4fe9dcdf stream      0      0                0 b4b0d6ba4fe9dda7                0                0 /var/run/mDNSResponder

b4b0d6ba4fe9dda7 stream      0      0                0 b4b0d6ba4fe9dcdf                0                0

b4b0d6ba4fe9df37 stream      0      0                0 b4b0d6ba4fe9dfff                0                0 /var/run/mDNSResponder

b4b0d6ba4fe9dfff stream      0      0                0 b4b0d6ba4fe9df37                0                0

b4b0d6ba4fe9e0c7 stream      0      0                0 b4b0d6ba4fe9e18f                0                0 /var/run/mDNSResponder

b4b0d6ba4fe9e18f stream      0      0                0 b4b0d6ba4fe9e0c7                0                0

b4b0d6ba4fe9e3e7 stream      0      0 b4b0d6ba655ed0c7                0                0                0 /private/tmp/com.apple.launchd.eDFS5Bv38X/Listeners

b4b0d6ba4fe9e4af stream      0      0 b4b0d6ba655942b7                0                0                0 /private/tmp/com.apple.launchd.E8w9HJluBx/Render

b4b0d6ba4fe9e577 stream      0      0 b4b0d6ba65594497                0                0                0 /var/tmp/filesystemui.socket

b4b0d6ba4fe9ef9f stream      0      0                0 b4b0d6ba4fe9f067                0                0

b4b0d6ba4fe9f067 stream      0      0                0 b4b0d6ba4fe9ef9f                0                0

b4b0d6ba4fe9f387 stream      0      0 b4b0d6ba643af1b7                0                0                0 /var/run/pppconfd

b4b0d6ba4fe9f5df stream      0      0 b4b0d6ba63eca857                0                0                0 /private/var/run/cupsd

b4b0d6ba4fe9f6a7 stream      0      0 b4b0d6ba63ecafd7                0                0                0 /var/run/usbmuxd

b4b0d6ba4fe9f76f stream      0      0 b4b0d6ba63ecb0c7                0                0                0 /var/run/systemkeychaincheck.socket

b4b0d6ba4fe9f837 stream      0      0 b4b0d6ba63ecb1b7                0                0                0 /var/run/portmap.socket

b4b0d6ba4fe9f8ff stream      0      0 b4b0d6ba63eb22b7                0                0                0 /var/run/vpncontrol.sock

b4b0d6ba4fe9f9c7 stream      0      0 b4b0d6ba63eb23a7                0                0                0 /var/rpc/ncacn_np/wkssvc

b4b0d6ba4fe9fa8f stream      0      0 b4b0d6ba63eb2497                0                0                0 /var/rpc/ncalrpc/wkssvc

b4b0d6ba4fe9fb57 stream      0      0 b4b0d6ba63eb2587                0                0                0 /var/rpc/ncacn_np/srvsvc

b4b0d6ba4fe9fc1f stream      0      0 b4b0d6ba63eb2677                0                0                0 /var/rpc/ncalrpc/srvsvc

b4b0d6ba4fe9fce7 stream      0      0 b4b0d6ba63eb2767                0                0                0 /var/rpc/ncalrpc/NETLOGON

b4b0d6ba4fe9fdaf stream      0      0 b4b0d6ba63eb2857                0                0                0 /var/rpc/ncacn_np/lsarpc

b4b0d6ba4fe9fe77 stream      0      0 b4b0d6ba63eb2947                0                0                0 /var/rpc/ncalrpc/lsarpc

b4b0d6ba4fe9ff3f stream      0      0 b4b0d6ba63eb2b27                0                0                0 /var/rpc/ncacn_np/mdssvc

b4b0d6ba4fea0007 stream      0      0 b4b0d6ba63eb2df7                0                0                0 /var/run/mDNSResponder

b4b0d6ba6892acdf dgram       0      0                0 b4b0d6ba6892a82f b4b0d6ba6892a82f                0

b4b0d6ba6892a82f dgram       0      0                0 b4b0d6ba6892acdf b4b0d6ba6892acdf                0

b4b0d6ba6892a69f dgram       0      0                0 b4b0d6ba6665282f b4b0d6ba6665282f                0

b4b0d6ba6665282f dgram       0      0                0 b4b0d6ba6892a69f b4b0d6ba6892a69f                0

b4b0d6ba6665412f dgram       0      0                0 b4b0d6ba6892cf3f b4b0d6ba6892cf3f                0

b4b0d6ba6892cf3f dgram       0      0                0 b4b0d6ba6665412f b4b0d6ba6665412f                0

b4b0d6ba4fe9e7cf dgram       0      0                0 b4b0d6ba68932daf b4b0d6ba68932daf                0

b4b0d6ba68932daf dgram       0      0                0 b4b0d6ba4fe9e7cf b4b0d6ba4fe9e7cf                0

b4b0d6ba6892c5df dgram       0      0                0 b4b0d6ba6892c6a7 b4b0d6ba6892c6a7                0

b4b0d6ba6892c6a7 dgram       0      0                0 b4b0d6ba6892c5df b4b0d6ba6892c5df                0

b4b0d6ba6892d197 dgram       0      0                0 b4b0d6ba6892c837 b4b0d6ba6892c837                0

b4b0d6ba6892c837 dgram       0      0                0 b4b0d6ba6892d197 b4b0d6ba6892d197                0

b4b0d6ba6892cdaf dgram       0      0                0 b4b0d6ba6892bd47 b4b0d6ba6892bd47                0

b4b0d6ba6892bd47 dgram       0      0                0 b4b0d6ba6892cdaf b4b0d6ba6892cdaf                0

b4b0d6ba68932e77 dgram       0      0                0 b4b0d6ba6892c76f b4b0d6ba6892c76f                0

b4b0d6ba6892c76f dgram       0      0                0 b4b0d6ba68932e77 b4b0d6ba68932e77                0

b4b0d6ba66654b57 dgram       0      0                0 b4b0d6ba66654e77 b4b0d6ba66654e77                0

b4b0d6ba66654e77 dgram       0      0                0 b4b0d6ba66654b57 b4b0d6ba66654b57                0

b4b0d6ba66653707 dgram       0      0                0 b4b0d6ba666548ff b4b0d6ba666548ff                0

b4b0d6ba666548ff dgram       0      0                0 b4b0d6ba66653707 b4b0d6ba66653707                0

b4b0d6ba66654c1f dgram       0      0                0 b4b0d6ba66654daf b4b0d6ba66654daf                0

b4b0d6ba66654daf dgram       0      0                0 b4b0d6ba66654c1f b4b0d6ba66654c1f                0

b4b0d6ba6665363f dgram       0      0                0 b4b0d6ba6665331f b4b0d6ba6665331f                0

b4b0d6ba6665331f dgram       0      0                0 b4b0d6ba6665363f b4b0d6ba6665363f                0

b4b0d6ba666530c7 dgram       0      0                0 b4b0d6ba66653ed7 b4b0d6ba66653ed7                0

b4b0d6ba66653ed7 dgram       0      0                0 b4b0d6ba666530c7 b4b0d6ba666530c7                0

b4b0d6ba66653a27 dgram       0      0                0 b4b0d6ba66653f9f b4b0d6ba66653f9f                0

b4b0d6ba66653f9f dgram       0      0                0 b4b0d6ba66653a27 b4b0d6ba66653a27                0

b4b0d6ba66653257 dgram       0      0                0 b4b0d6ba4fea0197                0 b4b0d6ba4fe9d8f7

b4b0d6ba4fe9d767 dgram       0      0                0 b4b0d6ba4fe9d82f b4b0d6ba4fe9d82f                0

b4b0d6ba4fe9d82f dgram       0      0                0 b4b0d6ba4fe9d767 b4b0d6ba4fe9d767                0

b4b0d6ba4fe9d8f7 dgram       0      0                0 b4b0d6ba4fea0197                0 b4b0d6ba4fe9f12f

b4b0d6ba4fe9e257 dgram       0      0                0 b4b0d6ba4fe9e31f b4b0d6ba4fe9e31f                0

b4b0d6ba4fe9e31f dgram       0      0                0 b4b0d6ba4fe9e257 b4b0d6ba4fe9e257                0

b4b0d6ba4fe9e63f dgram       0      0                0 b4b0d6ba4fe9e707 b4b0d6ba4fe9e707                0

b4b0d6ba4fe9e707 dgram       0      0                0 b4b0d6ba4fe9e63f b4b0d6ba4fe9e63f                0

b4b0d6ba4fe9e95f dgram       0      0                0 b4b0d6ba4fe9ea27 b4b0d6ba4fe9ea27                0

b4b0d6ba4fe9ea27 dgram       0      0                0 b4b0d6ba4fe9e95f b4b0d6ba4fe9e95f                0

b4b0d6ba4fe9ec7f dgram       0      0                0 b4b0d6ba4fe9ed47 b4b0d6ba4fe9ed47                0

b4b0d6ba4fe9ed47 dgram       0      0                0 b4b0d6ba4fe9ec7f b4b0d6ba4fe9ec7f                0

b4b0d6ba4fe9ee0f dgram       0      0                0 b4b0d6ba4fe9eed7 b4b0d6ba4fe9eed7                0

b4b0d6ba4fe9eed7 dgram       0      0                0 b4b0d6ba4fe9ee0f b4b0d6ba4fe9ee0f                0

b4b0d6ba4fe9f12f dgram       0      0                0 b4b0d6ba4fea0197                0 b4b0d6ba4fea00cf

b4b0d6ba4fe9f1f7 dgram       0      0                0 b4b0d6ba4fe9f2bf b4b0d6ba4fe9f2bf                0

b4b0d6ba4fe9f2bf dgram       0      0                0 b4b0d6ba4fe9f1f7 b4b0d6ba4fe9f1f7                0

b4b0d6ba4fe9f44f dgram       0      0                0 b4b0d6ba4fe9f517 b4b0d6ba4fe9f517                0

b4b0d6ba4fe9f517 dgram       0      0                0 b4b0d6ba4fe9f44f b4b0d6ba4fe9f44f                0

b4b0d6ba4fea00cf dgram       0      0                0 b4b0d6ba4fea0197                0                0

b4b0d6ba4fea0197 dgram       0      0 b4b0d6ba4fe902b7                0 b4b0d6ba66653257                0 /private//var/run/syslog

Registered kernel control modules

id       flags    pcbcount rcvbuf   sndbuf   name 

       1        9        0   131072     8192 com.apple.flow-divert 

       2        1        0    16384     2048 com.apple.nke.sockwall 

       3        9        0   524288   524288 com.apple.content-filter 

       4        9        0     8192     2048 com.apple.packet-mangler 

       5        1        1    65536    65536 com.apple.net.necp_control 

       6        9        0   524288   524288 com.apple.net.utun_control 

       7        1        0    65536    65536 com.apple.net.ipsec_control 

       8        0       12     8192     2048 com.apple.netsrc 

       9       18        2     8192     2048 com.apple.network.statistics 

       a        5        0     8192     2048 com.apple.network.tcp_ccdebug 

Active kernel event sockets

Proto Recv-Q Send-Q vendor  class subcla

kevt       0      0      1      1      2

kevt       0      0      1      6      1

kevt       0      0      1      6      1

kevt       0      0      1      6      1

kevt       0      0      1      6      1

kevt       0      0      1      6      1

kevt       0      0      1      6      1

kevt       0      0      1      6      1

kevt       0      0      1      6      1

kevt       0      0      1      1      1

kevt       0      0      1      6      1

kevt       0      0      1      1      2

kevt       0      0      1      1      2

kevt       0      0      1      6      1

kevt       0      0      1      1      0

Active kernel control sockets

Proto Recv-Q Send-Q   unit     id name

kctl       0      0      1      5 com.apple.net.necp_control

kctl       0      0      1      8 com.apple.netsrc

kctl       0      0      2      8 com.apple.netsrc

kctl       0      0      3      8 com.apple.netsrc

kctl       0      0      4      8 com.apple.netsrc

kctl       0      0      5      8 com.apple.netsrc

kctl       0      0      6      8 com.apple.netsrc

kctl       0      0      7      8 com.apple.netsrc

kctl       0      0      8      8 com.apple.netsrc

kctl       0      0      9      8 com.apple.netsrc

kctl       0      0     10      8 com.apple.netsrc

kctl       0      0     11      8 com.apple.netsrc

kctl       0      0     12      8 com.apple.netsrc

kctl       0      0      1      9 com.apple.network.statistics

kctl       0      0      2      9 com.apple.network.statistics

 

There is some logs for you, if you can see anything strange please let me know!


Edited by HappyDude1234, 24 November 2015 - 10:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users