Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Port 2012


  • Please log in to reply
7 replies to this topic

#1 LittleGreenDots

LittleGreenDots

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:07:47 PM

Posted 08 April 2018 - 04:17 PM

I'm trying to find out what this port is for, why it has an established connection on my Windows 7 machine.  I just want to rule out that it is malicious.

 

I found that it was established from a netstat -ano report. 

 

When I look it up, I found this information:

 

https://www.speedguide.net/port.php?port=2012

 

One listing states it as a ttyinfo service and when I looked that up, it indicated a connection with another computer, if I understand this (and that is very questionable.)  I should not have any external connections, or at least I do not want any. 

 

Any idea what this port is used for?

 

Thank you.


Edited by hamluis, 09 April 2018 - 10:13 AM.
Moved from Win 7 to Networking - Hamluis.


BC AdBot (Login to Remove)

 


#2 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:07:47 PM

Posted 08 April 2018 - 04:26 PM

Here are all the established ports.

 

There is also another instance of port 2012 lower down the list but I could not include it using the snipping tool.

 

The data is:

 

TCP 192.168.254.102:50862 | 104.42.234.255:443  ESTABLISHED    2012

 

 

Attached Files



#3 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:07:47 PM

Posted 09 April 2018 - 08:50 AM

My REAL question is....how do I figure out what's connecting to my computer?  One the netstat report, are either of those two  columns of addresses searchable? 



#4 toofarnorth

toofarnorth

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 09 April 2018 - 02:17 PM

Hello

 

Your computer (192.168.254.102) is using port 50892 to make a connection to ip 104.42.234.255 on https port 443.
The https certificate on that IP belongs to pif.symantec.com, so I presume it is legitime traffic. Especially if you have a Norton or Symantec product.

The last number is the PID of the process running on your computer.
This is a number reference the operating system uses and not by any means a port in usage.

Take a look here for some more information:

https://www.lifewire.com/netstat-command-2618098

 

Hth!

 

tfn

 



#5 Vicin

Vicin

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:01:47 AM

Posted 09 April 2018 - 02:22 PM

Use "nslookup" ex. on how to write the command in cmd "nslookup 8.8.8.8" that will show you if the IP is connected to a website. and/or whois https://www.whois.com/ for more info. The info before ":*****" is the IP, after ":" it's the port number.

 

Here you can just enter the IP and see if there's any known malicious content where it's connecting.

https://www.virustotal.com/

 

Perhaps someone else knows of more ways, but those are 3 ways to get more info about what you're connecting to.



#6 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:07:47 PM

Posted 10 April 2018 - 09:01 AM

Thanks.  I want to learn more about this whole process.  What concerned me the other day was noticing a private computer hooking up.  I have Glasswire free version installed on my computer and thought it was odd to see a private PC.  I did a screen shot but now I can't find it again and haven't been able to learn more about this as the information just says it's a personal computer and I will probably have to pay to gain more info.  This computer was definitely hacked a few years ago and I recently had an IT tech lock down the firewall, another reason I thought it odd that a private computer is listed on the live Glasswire report.

 

Thanks for the links for more information.


Edited by LittleGreenDots, 10 April 2018 - 09:04 AM.


#7 Vicin

Vicin

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:01:47 AM

Posted 10 April 2018 - 02:58 PM

You could also try Wireshark  (https://www.wireshark.org/) for more info about the traffic that goes in and out of the computer.  However it's a bit more complicated then glasswire to read and it's usually quite hard to get assistance reading the logs considering that it takes a lot of work to figure out what's the normal traffic. Also, be prepared for some sleepless nights untill you learn to read it in case you get paranoid easily since before you learn how to read it - a lot will look quite strange and suspicious.

 

Do you have windows update set to share updates with other computers on the internet? If so, that might be why you connect to a private PC.

Check: Controll Panel>Update and security>Advanced Options>Delivery Optimization>Allow Downloads from other PCs

 

Other applications such as Spotify might also use P2P networking to share content with other users.



#8 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:07:47 PM

Posted 11 April 2018 - 05:19 PM

Vicin:   I'll stay aware from WireShark for now.

 

I didn't find Update and Security in Control Panel.  I have a Windows 7 machine.  I've never agreed to any connections on this computer.  The Remote App and Desktop Connections indicated I have no connections.

 

Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users