Sign in with
Sign up | Sign in
Your question

looking for detailed IP traceroute

Last response: in Windows XP
Share
Anonymous
March 13, 2005 4:16:48 PM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

Hello everyone.
I'd like to know if there is a way to look up an IP address to see what
service or company it is a part of.

I am running Win XP Pro behind a firewall/router. When I run netstat I get
some IP addresses I am not familiar with. I'm pretty sure they're not local
and I'd like to trace them to find out if they are part of a service or
software program I am using. I know that when you are running Symantec's
software firewall, and it detects an attack, Symantec's map shows you the
approximate street address of the attacker. That's much more accurate than
a standard traceroute, and that is kind of what I am looking for.

Is there such a service available to look up any IP address, not just an
attacker?

TIA

More about : detailed traceroute

Anonymous
March 13, 2005 4:16:49 PM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

You're kind of getting things confused.

A traceroute shows the the routers through which a packet travels to its
destination, but doesn't really tell you anything about the final IP itself.

What you're looking for is the physical location of an IP. Half of the
time, it's impossible to figure that out. The other half, it's pretty easy.

Use the link Tom provided, or try SamSpade at www.samspade.org

Matt Gibson - GSEC

"DCSouthSide" <DrewStuffL@excite.com> wrote in message
news:uPybzEAKFHA.2716@TK2MSFTNGP15.phx.gbl...
> Hello everyone.
> I'd like to know if there is a way to look up an IP address to see what
> service or company it is a part of.
>
> I am running Win XP Pro behind a firewall/router. When I run netstat I
> get some IP addresses I am not familiar with. I'm pretty sure they're not
> local and I'd like to trace them to find out if they are part of a service
> or software program I am using. I know that when you are running
> Symantec's software firewall, and it detects an attack, Symantec's map
> shows you the approximate street address of the attacker. That's much
> more accurate than a standard traceroute, and that is kind of what I am
> looking for.
>
> Is there such a service available to look up any IP address, not just an
> attacker?
>
> TIA
>
Anonymous
March 13, 2005 5:22:32 PM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

NetStat XP Pro
http://www.commodon.com/products/netstatxp/

How to check open ports on windows XP.
http://www.experts-exchange.com/Miscellaneous/Q_2087304...

Network Tools
http://network-tools.com/

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/defaul...

------------------------------------------------------------------------------

"DCSouthSide" wrote:

| Hello everyone.
| I'd like to know if there is a way to look up an IP address to see what
| service or company it is a part of.
|
| I am running Win XP Pro behind a firewall/router. When I run netstat I get
| some IP addresses I am not familiar with. I'm pretty sure they're not local
| and I'd like to trace them to find out if they are part of a service or
| software program I am using. I know that when you are running Symantec's
| software firewall, and it detects an attack, Symantec's map shows you the
| approximate street address of the attacker. That's much more accurate than
| a standard traceroute, and that is kind of what I am looking for.
|
| Is there such a service available to look up any IP address, not just an
| attacker?
|
| TIA
Related resources
March 13, 2005 5:23:42 PM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

"DCSouthSide" <DrewStuffL@excite.com> wrote in message
news:uPybzEAKFHA.2716@TK2MSFTNGP15.phx.gbl...
> Hello everyone.
> I'd like to know if there is a way to look up an IP address to see what
> service or company it is a part of.
>
> I am running Win XP Pro behind a firewall/router. When I run netstat I
> get some IP addresses I am not familiar with. I'm pretty sure they're not
> local and I'd like to trace them to find out if they are part of a service
> or software program I am using. I know that when you are running
> Symantec's software firewall, and it detects an attack, Symantec's map
> shows you the approximate street address of the attacker. That's much
> more accurate than a standard traceroute, and that is kind of what I am
> looking for.
>
> Is there such a service available to look up any IP address, not just an
> attacker?
>
> TIA
>

http://www.arin.net/index.html

Place IP addy in the search field.

Or, you can open a command prompt, type (no quotes) "tracert>Ip address and
hit enter, and get the info that way. If you hit another's firewall, it will
timeout, as it did when I ran one on you:

Tracing route to adsl-68-88-52-29.dsl.stlsmo.swbell.net [68.88.52.29]
over a maximum of 30 hops:

1 11 ms 7 ms 7 ms 10.10.80.1
2 12 ms 8 ms 8 ms 12-220-6-145.client.insightBB.com
[12.220.6.145]

3 14 ms 12 ms 12 ms 12-220-1-166.client.insightBB.com
[12.220.1.166]

4 19 ms 20 ms 18 ms 12-220-0-42.client.insightBB.com
[12.220.0.42]
5 18 ms 18 ms 21 ms gbr6-p40.sl9mo.ip.att.net [12.123.25.30]
6 20 ms 20 ms 18 ms tbr2-p013601.sl9mo.ip.att.net
[12.122.11.125]
7 32 ms 33 ms 32 ms tbr2-cl6.dlstx.ip.att.net [12.122.10.90]
8 33 ms 34 ms 32 ms ggr2-p390.dlstx.ip.att.net [12.123.17.85]
9 31 ms 32 ms 37 ms att-gw.dfw.sprint.net [192.205.32.70]
10 35 ms 53 ms 33 ms sl-bb24-fw-11-0.sprintlink.net
[144.232.11.22]
11 32 ms 34 ms 47 ms sl-bb27-fw-14-0.sprintlink.net
[144.232.11.74]
12 36 ms 36 ms 35 ms sl-st20-dal-13-0.sprintlink.net
[144.232.20.83]

13 34 ms 35 ms 41 ms sl-sbcint-3-0.sprintlink.net
[144.228.250.110]
14 34 ms 33 ms 34 ms ex2-p2-0.eqdltx.sbcglobal.net
[151.164.242.42]
15 35 ms 36 ms 38 ms bb2-p12-0.dllstx.sbcglobal.net
[151.164.42.18]
16 36 ms 72 ms 34 ms bb1-p10-0.dllstx.sbcglobal.net
[151.164.40.209]

17 50 ms 51 ms 49 ms bb1-p3-0.stlsmo.sbcglobal.net
[151.164.189.33]
18 51 ms 50 ms 51 ms dist1-vlan31.stlsmo.sbcglobal.net
[151.164.165.1
]
19 49 ms 50 ms 49 ms rback10-fa2-0.stlsmo.sbcglobal.net
[151.164.14.1
44]
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
Anonymous
March 13, 2005 5:23:43 PM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

Thanks Tom. Here is what I got when I ran netstat.

Active Connections

Proto Local Address Foreign Address State
TCP _____________:#### localhost:#### ESTABLISHED
TCP _____________:#### localhost:#### ESTABLISHED
TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED

I replaced my computer's name with _ and the four digit port number with
####.
Can you tell me what the difference is between "local address" and "foreign
address"? Are they related or are they two separate categories?


"Tom" <noway@nothere.com> wrote in message
news:ey0prIAKFHA.3992@TK2MSFTNGP15.phx.gbl...
>
> "DCSouthSide" <DrewStuffL@excite.com> wrote in message
> news:uPybzEAKFHA.2716@TK2MSFTNGP15.phx.gbl...
>> Hello everyone.
>> I'd like to know if there is a way to look up an IP address to see what
>> service or company it is a part of.
>>
>> I am running Win XP Pro behind a firewall/router. When I run netstat I
>> get some IP addresses I am not familiar with. I'm pretty sure they're
>> not local and I'd like to trace them to find out if they are part of a
>> service or software program I am using. I know that when you are running
>> Symantec's software firewall, and it detects an attack, Symantec's map
>> shows you the approximate street address of the attacker. That's much
>> more accurate than a standard traceroute, and that is kind of what I am
>> looking for.
>>
>> Is there such a service available to look up any IP address, not just an
>> attacker?
>>
>> TIA
>>
>
> http://www.arin.net/index.html
>
> Place IP addy in the search field.
>
> Or, you can open a command prompt, type (no quotes) "tracert>Ip address
> and hit enter, and get the info that way. If you hit another's firewall,
> it will timeout, as it did when I ran one on you:
>
> Tracing route to adsl-68-88-52-29.dsl.stlsmo.swbell.net [68.88.52.29]
> over a maximum of 30 hops:
>
> 1 11 ms 7 ms 7 ms 10.10.80.1
> 2 12 ms 8 ms 8 ms 12-220-6-145.client.insightBB.com
> [12.220.6.145]
>
> 3 14 ms 12 ms 12 ms 12-220-1-166.client.insightBB.com
> [12.220.1.166]
>
> 4 19 ms 20 ms 18 ms 12-220-0-42.client.insightBB.com
> [12.220.0.42]
> 5 18 ms 18 ms 21 ms gbr6-p40.sl9mo.ip.att.net [12.123.25.30]
> 6 20 ms 20 ms 18 ms tbr2-p013601.sl9mo.ip.att.net
> [12.122.11.125]
> 7 32 ms 33 ms 32 ms tbr2-cl6.dlstx.ip.att.net [12.122.10.90]
> 8 33 ms 34 ms 32 ms ggr2-p390.dlstx.ip.att.net [12.123.17.85]
> 9 31 ms 32 ms 37 ms att-gw.dfw.sprint.net [192.205.32.70]
> 10 35 ms 53 ms 33 ms sl-bb24-fw-11-0.sprintlink.net
> [144.232.11.22]
> 11 32 ms 34 ms 47 ms sl-bb27-fw-14-0.sprintlink.net
> [144.232.11.74]
> 12 36 ms 36 ms 35 ms sl-st20-dal-13-0.sprintlink.net
> [144.232.20.83]
>
> 13 34 ms 35 ms 41 ms sl-sbcint-3-0.sprintlink.net
> [144.228.250.110]
> 14 34 ms 33 ms 34 ms ex2-p2-0.eqdltx.sbcglobal.net
> [151.164.242.42]
> 15 35 ms 36 ms 38 ms bb2-p12-0.dllstx.sbcglobal.net
> [151.164.42.18]
> 16 36 ms 72 ms 34 ms bb1-p10-0.dllstx.sbcglobal.net
> [151.164.40.209]
>
> 17 50 ms 51 ms 49 ms bb1-p3-0.stlsmo.sbcglobal.net
> [151.164.189.33]
> 18 51 ms 50 ms 51 ms dist1-vlan31.stlsmo.sbcglobal.net
> [151.164.165.1
> ]
> 19 49 ms 50 ms 49 ms rback10-fa2-0.stlsmo.sbcglobal.net
> [151.164.14.1
> 44]
> 20 * * * Request timed out.
> 21 * * * Request timed out.
> 22 * * * Request timed out.
> 23 * * * Request timed out.
>
Anonymous
March 13, 2005 5:23:44 PM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

Local address is the IP/Port on your computer that the connection is bound
to.

Foreign Address is the same thing, only on the remote computer.

The first two entries show something on your computer connecting to your
computer through TCP.

The last one probably shows Outlook express connecting to these newsgroups.

Matt Gibson - GSEC


"DCSouthSide" <DrewStuffL@excite.com> wrote in message
news:uI0q1oAKFHA.3500@TK2MSFTNGP14.phx.gbl...
> Thanks Tom. Here is what I got when I ran netstat.
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP _____________:#### localhost:#### ESTABLISHED
> TCP _____________:#### localhost:#### ESTABLISHED
> TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
>
> I replaced my computer's name with _ and the four digit port number with
> ####.
> Can you tell me what the difference is between "local address" and
> "foreign address"? Are they related or are they two separate categories?
>
>
> "Tom" <noway@nothere.com> wrote in message
> news:ey0prIAKFHA.3992@TK2MSFTNGP15.phx.gbl...
>>
>> "DCSouthSide" <DrewStuffL@excite.com> wrote in message
>> news:uPybzEAKFHA.2716@TK2MSFTNGP15.phx.gbl...
>>> Hello everyone.
>>> I'd like to know if there is a way to look up an IP address to see what
>>> service or company it is a part of.
>>>
>>> I am running Win XP Pro behind a firewall/router. When I run netstat I
>>> get some IP addresses I am not familiar with. I'm pretty sure they're
>>> not local and I'd like to trace them to find out if they are part of a
>>> service or software program I am using. I know that when you are
>>> running Symantec's software firewall, and it detects an attack,
>>> Symantec's map shows you the approximate street address of the attacker.
>>> That's much more accurate than a standard traceroute, and that is kind
>>> of what I am looking for.
>>>
>>> Is there such a service available to look up any IP address, not just an
>>> attacker?
>>>
>>> TIA
>>>
>>
>> http://www.arin.net/index.html
>>
>> Place IP addy in the search field.
>>
>> Or, you can open a command prompt, type (no quotes) "tracert>Ip address
>> and hit enter, and get the info that way. If you hit another's firewall,
>> it will timeout, as it did when I ran one on you:
>>
>> Tracing route to adsl-68-88-52-29.dsl.stlsmo.swbell.net [68.88.52.29]
>> over a maximum of 30 hops:
>>
>> 1 11 ms 7 ms 7 ms 10.10.80.1
>> 2 12 ms 8 ms 8 ms 12-220-6-145.client.insightBB.com
>> [12.220.6.145]
>>
>> 3 14 ms 12 ms 12 ms 12-220-1-166.client.insightBB.com
>> [12.220.1.166]
>>
>> 4 19 ms 20 ms 18 ms 12-220-0-42.client.insightBB.com
>> [12.220.0.42]
>> 5 18 ms 18 ms 21 ms gbr6-p40.sl9mo.ip.att.net [12.123.25.30]
>> 6 20 ms 20 ms 18 ms tbr2-p013601.sl9mo.ip.att.net
>> [12.122.11.125]
>> 7 32 ms 33 ms 32 ms tbr2-cl6.dlstx.ip.att.net [12.122.10.90]
>> 8 33 ms 34 ms 32 ms ggr2-p390.dlstx.ip.att.net [12.123.17.85]
>> 9 31 ms 32 ms 37 ms att-gw.dfw.sprint.net [192.205.32.70]
>> 10 35 ms 53 ms 33 ms sl-bb24-fw-11-0.sprintlink.net
>> [144.232.11.22]
>> 11 32 ms 34 ms 47 ms sl-bb27-fw-14-0.sprintlink.net
>> [144.232.11.74]
>> 12 36 ms 36 ms 35 ms sl-st20-dal-13-0.sprintlink.net
>> [144.232.20.83]
>>
>> 13 34 ms 35 ms 41 ms sl-sbcint-3-0.sprintlink.net
>> [144.228.250.110]
>> 14 34 ms 33 ms 34 ms ex2-p2-0.eqdltx.sbcglobal.net
>> [151.164.242.42]
>> 15 35 ms 36 ms 38 ms bb2-p12-0.dllstx.sbcglobal.net
>> [151.164.42.18]
>> 16 36 ms 72 ms 34 ms bb1-p10-0.dllstx.sbcglobal.net
>> [151.164.40.209]
>>
>> 17 50 ms 51 ms 49 ms bb1-p3-0.stlsmo.sbcglobal.net
>> [151.164.189.33]
>> 18 51 ms 50 ms 51 ms dist1-vlan31.stlsmo.sbcglobal.net
>> [151.164.165.1
>> ]
>> 19 49 ms 50 ms 49 ms rback10-fa2-0.stlsmo.sbcglobal.net
>> [151.164.14.1
>> 44]
>> 20 * * * Request timed out.
>> 21 * * * Request timed out.
>> 22 * * * Request timed out.
>> 23 * * * Request timed out.
>>
>
>
Anonymous
March 13, 2005 5:44:48 PM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

Then, while chatting on Yahoo Messenger I ran netstat again and got this:

Active Connections

Proto Local Address Foreign Address State
TCP _____________:#### localhost:#### ESTABLISHED
TCP _____________:#### localhost:#### TIME_WAIT
TCP _____________:#### localhost:#### TIME_WAIT
TCP _____________:#### localhost:#### TIME_WAIT
TCP _____________:#### localhost:#### TIME_WAIT
TCP _____________:#### localhost:#### ESTABLISHED
TCP _____________:#### localhost:#### TIME_WAIT
TCP _____________:#### localhost:#### ESTABLISHED
TCP _____________:#### localhost:#### ESTABLISHED
TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
TCP _____________:#### cs19.msg.dcn.yahoo.com:5050 ESTABLISHED
TCP _____________:#### 204.71.200.36:http TIME_WAIT
TCP _____________:#### 205.161.6.47:http ESTABLISHED

Obviously msnews.microsoft.com:nntp is Outlook Express's connection to the
Microsoft news server. Yahoo.com is equally obvious. 204.71.200.36 is
Yahoo, I believe. I have no idea what 205.161.6.47 is.
March 13, 2005 8:16:07 PM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

"Matt Gibson" <mattg@blueedgetech.ca> wrote in message
news:o kvDtzAKFHA.3652@TK2MSFTNGP10.phx.gbl...
> Local address is the IP/Port on your computer that the connection is bound
> to.
>
> Foreign Address is the same thing, only on the remote computer.

No, the foreign address is the where the connection is made, and described
in "state" (e.g. established, etc)
March 13, 2005 8:30:44 PM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

"DCSouthSide" <DrewStuffL@excite.com> wrote in message
news:ugEf%231AKFHA.4028@tk2msftngp13.phx.gbl...
> Then, while chatting on Yahoo Messenger I ran netstat again and got this:
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP _____________:#### localhost:#### ESTABLISHED
> TCP _____________:#### localhost:#### TIME_WAIT
> TCP _____________:#### localhost:#### TIME_WAIT
> TCP _____________:#### localhost:#### TIME_WAIT
> TCP _____________:#### localhost:#### TIME_WAIT
> TCP _____________:#### localhost:#### ESTABLISHED
> TCP _____________:#### localhost:#### TIME_WAIT
> TCP _____________:#### localhost:#### ESTABLISHED
> TCP _____________:#### localhost:#### ESTABLISHED
> TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
> TCP _____________:#### cs19.msg.dcn.yahoo.com:5050 ESTABLISHED
> TCP _____________:#### 204.71.200.36:http TIME_WAIT
> TCP _____________:#### 205.161.6.47:http ESTABLISHED
>
> Obviously msnews.microsoft.com:nntp is Outlook Express's connection to the
> Microsoft news server. Yahoo.com is equally obvious. 204.71.200.36 is
> Yahoo, I believe. I have no idea what 205.161.6.47 is.
>

Your only concern should be whether your firewall is working properly. If
you
are getting hit, and your FW doesn't detect, or you allowed the setting to
accept other connections, then you will see these other addresses you not
sure of. For example, you may be at yahoo, and the address is listed, the
other addresses may be conntection from yahoo that show up also.

In mine, while only using OE connected to the MS servers, I get this:

Proto Local Address Foreign Address State
TCP home-pc:1073 msnews.microsoft.com:nntp ESTABLISHED
TCP home-pc:1028 207.46.248.16:nntp TIME_WAIT
TCP home-pc:1073 207.46.248.16:nntp ESTABLISHED

The lower IP addy is MS in Redmond WA, and I can assume that is the news
servers there where I am connected.

Close all active Windows, run Netstat, and you'll get nothing (maybe,
sometimes you get a similar connection that doesn't list active, reboot
Windows if you want a true showing), open IE and
see what shows up. Another addy may just be tracking how well MS's website
gets hits, and you show that in netstat, or it will show MS, and the related
IP addy is uses to be on the web..
Anonymous
March 14, 2005 1:27:56 AM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

Who initiates the connection has no bearing on if it's under local or
remote.

Local is always the local IP, and remote is always the remote IP. The local
IP is specified because it's possible to either have multiple IP's bound to
a single NIC, or multiple NICs in the computer.

Matt Gibson - GSEC


"Tom" <noway@nothere.com> wrote in message
news:o eYcBpBKFHA.1528@TK2MSFTNGP09.phx.gbl...
>
> "Matt Gibson" <mattg@blueedgetech.ca> wrote in message
> news:o kvDtzAKFHA.3652@TK2MSFTNGP10.phx.gbl...
>> Local address is the IP/Port on your computer that the connection is
>> bound to.
>>
>> Foreign Address is the same thing, only on the remote computer.
>
> No, the foreign address is the where the connection is made, and described
> in "state" (e.g. established, etc)
>
Anonymous
March 14, 2005 11:11:34 AM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

My reason for getting concerned about who is connecting to my computer is
this: when I first installed Yahoo Messenger, I had the option set to allow
Yahoo websites (games, chat) to show whether I am online or offline. I did
not list myself in the Yahoo directory, so no one could find me by searching
for my screen name. I turned that first option off because I was receiving
unsolicited IMs all the time. They have decreased significantly. What I am
worried about, however, is whether an advertiser or someone harmful could
have detected my IP and stored it on their computer. Call me paranoid if
you wish, but Yahoo has a terrible problem with advertisers abusing
Messenger.


"Tom" <noway@nothere.com> wrote in message
news:o yleNxBKFHA.2428@TK2MSFTNGP10.phx.gbl...
>
> "DCSouthSide" <DrewStuffL@excite.com> wrote in message
> news:ugEf%231AKFHA.4028@tk2msftngp13.phx.gbl...
>> Then, while chatting on Yahoo Messenger I ran netstat again and got this:
>>
>> Active Connections
>>
>> Proto Local Address Foreign Address State
>> TCP _____________:#### localhost:#### ESTABLISHED
>> TCP _____________:#### localhost:#### TIME_WAIT
>> TCP _____________:#### localhost:#### TIME_WAIT
>> TCP _____________:#### localhost:#### TIME_WAIT
>> TCP _____________:#### localhost:#### TIME_WAIT
>> TCP _____________:#### localhost:#### ESTABLISHED
>> TCP _____________:#### localhost:#### TIME_WAIT
>> TCP _____________:#### localhost:#### ESTABLISHED
>> TCP _____________:#### localhost:#### ESTABLISHED
>> TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
>> TCP _____________:#### cs19.msg.dcn.yahoo.com:5050 ESTABLISHED
>> TCP _____________:#### 204.71.200.36:http TIME_WAIT
>> TCP _____________:#### 205.161.6.47:http ESTABLISHED
>>
>> Obviously msnews.microsoft.com:nntp is Outlook Express's connection to
>> the
>> Microsoft news server. Yahoo.com is equally obvious. 204.71.200.36 is
>> Yahoo, I believe. I have no idea what 205.161.6.47 is.
>>
>
> Your only concern should be whether your firewall is working properly. If
> you
> are getting hit, and your FW doesn't detect, or you allowed the setting to
> accept other connections, then you will see these other addresses you not
> sure of. For example, you may be at yahoo, and the address is listed, the
> other addresses may be conntection from yahoo that show up also.
>
> In mine, while only using OE connected to the MS servers, I get this:
>
> Proto Local Address Foreign Address State
> TCP home-pc:1073 msnews.microsoft.com:nntp ESTABLISHED
> TCP home-pc:1028 207.46.248.16:nntp TIME_WAIT
> TCP home-pc:1073 207.46.248.16:nntp ESTABLISHED
>
> The lower IP addy is MS in Redmond WA, and I can assume that is the news
> servers there where I am connected.
>
> Close all active Windows, run Netstat, and you'll get nothing (maybe,
> sometimes you get a similar connection that doesn't list active, reboot
> Windows if you want a true showing), open IE and
> see what shows up. Another addy may just be tracking how well MS's website
> gets hits, and you show that in netstat, or it will show MS, and the
> related IP addy is uses to be on the web..
>
>
>
Anonymous
March 14, 2005 11:30:19 AM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

BTW, I noticed I have my name incorrect in Outlook Express (I had restored a
previous backup which restored my old name). My name is now what it should
be, Truth_Seeker1.

"DCSouthSide" <DrewStuffL@excite.com> wrote in message
news:eDDm5%23JKFHA.2736@TK2MSFTNGP09.phx.gbl...
> My reason for getting concerned about who is connecting to my computer is
> this: when I first installed Yahoo Messenger, I had the option set to
> allow Yahoo websites (games, chat) to show whether I am online or offline.
> I did not list myself in the Yahoo directory, so no one could find me by
> searching for my screen name. I turned that first option off because I
> was receiving unsolicited IMs all the time. They have decreased
> significantly. What I am worried about, however, is whether an advertiser
> or someone harmful could have detected my IP and stored it on their
> computer. Call me paranoid if you wish, but Yahoo has a terrible problem
> with advertisers abusing Messenger.
>
>
> "Tom" <noway@nothere.com> wrote in message
> news:o yleNxBKFHA.2428@TK2MSFTNGP10.phx.gbl...
>>
>> "DCSouthSide" <DrewStuffL@excite.com> wrote in message
>> news:ugEf%231AKFHA.4028@tk2msftngp13.phx.gbl...
>>> Then, while chatting on Yahoo Messenger I ran netstat again and got
>>> this:
>>>
>>> Active Connections
>>>
>>> Proto Local Address Foreign Address State
>>> TCP _____________:#### localhost:#### ESTABLISHED
>>> TCP _____________:#### localhost:#### TIME_WAIT
>>> TCP _____________:#### localhost:#### TIME_WAIT
>>> TCP _____________:#### localhost:#### TIME_WAIT
>>> TCP _____________:#### localhost:#### TIME_WAIT
>>> TCP _____________:#### localhost:#### ESTABLISHED
>>> TCP _____________:#### localhost:#### TIME_WAIT
>>> TCP _____________:#### localhost:#### ESTABLISHED
>>> TCP _____________:#### localhost:#### ESTABLISHED
>>> TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
>>> TCP _____________:#### cs19.msg.dcn.yahoo.com:5050 ESTABLISHED
>>> TCP _____________:#### 204.71.200.36:http TIME_WAIT
>>> TCP _____________:#### 205.161.6.47:http ESTABLISHED
>>>
>>> Obviously msnews.microsoft.com:nntp is Outlook Express's connection to
>>> the
>>> Microsoft news server. Yahoo.com is equally obvious. 204.71.200.36 is
>>> Yahoo, I believe. I have no idea what 205.161.6.47 is.
>>>
>>
>> Your only concern should be whether your firewall is working properly. If
>> you
>> are getting hit, and your FW doesn't detect, or you allowed the setting
>> to
>> accept other connections, then you will see these other addresses you not
>> sure of. For example, you may be at yahoo, and the address is listed, the
>> other addresses may be conntection from yahoo that show up also.
>>
>> In mine, while only using OE connected to the MS servers, I get this:
>>
>> Proto Local Address Foreign Address State
>> TCP home-pc:1073 msnews.microsoft.com:nntp ESTABLISHED
>> TCP home-pc:1028 207.46.248.16:nntp TIME_WAIT
>> TCP home-pc:1073 207.46.248.16:nntp ESTABLISHED
>>
>> The lower IP addy is MS in Redmond WA, and I can assume that is the news
>> servers there where I am connected.
>>
>> Close all active Windows, run Netstat, and you'll get nothing (maybe,
>> sometimes you get a similar connection that doesn't list active, reboot
>> Windows if you want a true showing), open IE and
>> see what shows up. Another addy may just be tracking how well MS's
>> website
>> gets hits, and you show that in netstat, or it will show MS, and the
>> related IP addy is uses to be on the web..
>>
>>
>>
>
>
March 14, 2005 12:54:49 PM

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

Again, I wouldn't be too concerned. If you allow and application to
communicate with your PC, then you're allowing it. If you have a
professional type firewall software installed, then you may allow certain
ports to be open/closed for certain things.
If you are using a software firewall, try deleting every program that you
are using for what you are concerned, then when you restart them, your
firewall should ask if you want to allow this. If any other connections seem
to arise from that program, your firewall should alert you, and you can
deny, or allow (if even for one instance at a time).


"DCSouthSide" <DrewStuffL@excite.com> wrote in message
news:eDDm5%23JKFHA.2736@TK2MSFTNGP09.phx.gbl...
> My reason for getting concerned about who is connecting to my computer is
> this: when I first installed Yahoo Messenger, I had the option set to
> allow Yahoo websites (games, chat) to show whether I am online or offline.
> I did not list myself in the Yahoo directory, so no one could find me by
> searching for my screen name. I turned that first option off because I
> was receiving unsolicited IMs all the time. They have decreased
> significantly. What I am worried about, however, is whether an advertiser
> or someone harmful could have detected my IP and stored it on their
> computer. Call me paranoid if you wish, but Yahoo has a terrible problem
> with advertisers abusing Messenger.
>
>
> "Tom" <noway@nothere.com> wrote in message
> news:o yleNxBKFHA.2428@TK2MSFTNGP10.phx.gbl...
>>
>> "DCSouthSide" <DrewStuffL@excite.com> wrote in message
>> news:ugEf%231AKFHA.4028@tk2msftngp13.phx.gbl...
>>> Then, while chatting on Yahoo Messenger I ran netstat again and got
>>> this:
>>>
>>> Active Connections
>>>
>>> Proto Local Address Foreign Address State
>>> TCP _____________:#### localhost:#### ESTABLISHED
>>> TCP _____________:#### localhost:#### TIME_WAIT
>>> TCP _____________:#### localhost:#### TIME_WAIT
>>> TCP _____________:#### localhost:#### TIME_WAIT
>>> TCP _____________:#### localhost:#### TIME_WAIT
>>> TCP _____________:#### localhost:#### ESTABLISHED
>>> TCP _____________:#### localhost:#### TIME_WAIT
>>> TCP _____________:#### localhost:#### ESTABLISHED
>>> TCP _____________:#### localhost:#### ESTABLISHED
>>> TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
>>> TCP _____________:#### cs19.msg.dcn.yahoo.com:5050 ESTABLISHED
>>> TCP _____________:#### 204.71.200.36:http TIME_WAIT
>>> TCP _____________:#### 205.161.6.47:http ESTABLISHED
>>>
>>> Obviously msnews.microsoft.com:nntp is Outlook Express's connection to
>>> the
>>> Microsoft news server. Yahoo.com is equally obvious. 204.71.200.36 is
>>> Yahoo, I believe. I have no idea what 205.161.6.47 is.
>>>
>>
>> Your only concern should be whether your firewall is working properly. If
>> you
>> are getting hit, and your FW doesn't detect, or you allowed the setting
>> to
>> accept other connections, then you will see these other addresses you not
>> sure of. For example, you may be at yahoo, and the address is listed, the
>> other addresses may be conntection from yahoo that show up also.
>>
>> In mine, while only using OE connected to the MS servers, I get this:
>>
>> Proto Local Address Foreign Address State
>> TCP home-pc:1073 msnews.microsoft.com:nntp ESTABLISHED
>> TCP home-pc:1028 207.46.248.16:nntp TIME_WAIT
>> TCP home-pc:1073 207.46.248.16:nntp ESTABLISHED
>>
>> The lower IP addy is MS in Redmond WA, and I can assume that is the news
>> servers there where I am connected.
>>
>> Close all active Windows, run Netstat, and you'll get nothing (maybe,
>> sometimes you get a similar connection that doesn't list active, reboot
>> Windows if you want a true showing), open IE and
>> see what shows up. Another addy may just be tracking how well MS's
>> website
>> gets hits, and you show that in netstat, or it will show MS, and the
>> related IP addy is uses to be on the web..
>>
>>
>>
>
>
!