looking for detailed IP traceroute

Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

Hello everyone.
I'd like to know if there is a way to look up an IP address to see what
service or company it is a part of.

I am running Win XP Pro behind a firewall/router. When I run netstat I get
some IP addresses I am not familiar with. I'm pretty sure they're not local
and I'd like to trace them to find out if they are part of a service or
software program I am using. I know that when you are running Symantec's
software firewall, and it detects an attack, Symantec's map shows you the
approximate street address of the attacker. That's much more accurate than
a standard traceroute, and that is kind of what I am looking for.

Is there such a service available to look up any IP address, not just an
attacker?

TIA
12 answers Last reply
More about looking detailed traceroute
  1. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    You're kind of getting things confused.

    A traceroute shows the the routers through which a packet travels to its
    destination, but doesn't really tell you anything about the final IP itself.

    What you're looking for is the physical location of an IP. Half of the
    time, it's impossible to figure that out. The other half, it's pretty easy.

    Use the link Tom provided, or try SamSpade at www.samspade.org

    Matt Gibson - GSEC

    "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    news:uPybzEAKFHA.2716@TK2MSFTNGP15.phx.gbl...
    > Hello everyone.
    > I'd like to know if there is a way to look up an IP address to see what
    > service or company it is a part of.
    >
    > I am running Win XP Pro behind a firewall/router. When I run netstat I
    > get some IP addresses I am not familiar with. I'm pretty sure they're not
    > local and I'd like to trace them to find out if they are part of a service
    > or software program I am using. I know that when you are running
    > Symantec's software firewall, and it detects an attack, Symantec's map
    > shows you the approximate street address of the attacker. That's much
    > more accurate than a standard traceroute, and that is kind of what I am
    > looking for.
    >
    > Is there such a service available to look up any IP address, not just an
    > attacker?
    >
    > TIA
    >
  2. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    NetStat XP Pro
    http://www.commodon.com/products/netstatxp/

    How to check open ports on windows XP.
    http://www.experts-exchange.com/Miscellaneous/Q_20873048.html

    Network Tools
    http://network-tools.com/

    --
    Carey Frisch
    Microsoft MVP
    Windows XP - Shell/User
    Microsoft Newsgroups

    Be Smart! Protect Your PC!
    http://www.microsoft.com/athome/security/protect/default.mspx

    ------------------------------------------------------------------------------

    "DCSouthSide" wrote:

    | Hello everyone.
    | I'd like to know if there is a way to look up an IP address to see what
    | service or company it is a part of.
    |
    | I am running Win XP Pro behind a firewall/router. When I run netstat I get
    | some IP addresses I am not familiar with. I'm pretty sure they're not local
    | and I'd like to trace them to find out if they are part of a service or
    | software program I am using. I know that when you are running Symantec's
    | software firewall, and it detects an attack, Symantec's map shows you the
    | approximate street address of the attacker. That's much more accurate than
    | a standard traceroute, and that is kind of what I am looking for.
    |
    | Is there such a service available to look up any IP address, not just an
    | attacker?
    |
    | TIA
  3. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    news:uPybzEAKFHA.2716@TK2MSFTNGP15.phx.gbl...
    > Hello everyone.
    > I'd like to know if there is a way to look up an IP address to see what
    > service or company it is a part of.
    >
    > I am running Win XP Pro behind a firewall/router. When I run netstat I
    > get some IP addresses I am not familiar with. I'm pretty sure they're not
    > local and I'd like to trace them to find out if they are part of a service
    > or software program I am using. I know that when you are running
    > Symantec's software firewall, and it detects an attack, Symantec's map
    > shows you the approximate street address of the attacker. That's much
    > more accurate than a standard traceroute, and that is kind of what I am
    > looking for.
    >
    > Is there such a service available to look up any IP address, not just an
    > attacker?
    >
    > TIA
    >

    http://www.arin.net/index.html

    Place IP addy in the search field.

    Or, you can open a command prompt, type (no quotes) "tracert>Ip address and
    hit enter, and get the info that way. If you hit another's firewall, it will
    timeout, as it did when I ran one on you:

    Tracing route to adsl-68-88-52-29.dsl.stlsmo.swbell.net [68.88.52.29]
    over a maximum of 30 hops:

    1 11 ms 7 ms 7 ms 10.10.80.1
    2 12 ms 8 ms 8 ms 12-220-6-145.client.insightBB.com
    [12.220.6.145]

    3 14 ms 12 ms 12 ms 12-220-1-166.client.insightBB.com
    [12.220.1.166]

    4 19 ms 20 ms 18 ms 12-220-0-42.client.insightBB.com
    [12.220.0.42]
    5 18 ms 18 ms 21 ms gbr6-p40.sl9mo.ip.att.net [12.123.25.30]
    6 20 ms 20 ms 18 ms tbr2-p013601.sl9mo.ip.att.net
    [12.122.11.125]
    7 32 ms 33 ms 32 ms tbr2-cl6.dlstx.ip.att.net [12.122.10.90]
    8 33 ms 34 ms 32 ms ggr2-p390.dlstx.ip.att.net [12.123.17.85]
    9 31 ms 32 ms 37 ms att-gw.dfw.sprint.net [192.205.32.70]
    10 35 ms 53 ms 33 ms sl-bb24-fw-11-0.sprintlink.net
    [144.232.11.22]
    11 32 ms 34 ms 47 ms sl-bb27-fw-14-0.sprintlink.net
    [144.232.11.74]
    12 36 ms 36 ms 35 ms sl-st20-dal-13-0.sprintlink.net
    [144.232.20.83]

    13 34 ms 35 ms 41 ms sl-sbcint-3-0.sprintlink.net
    [144.228.250.110]
    14 34 ms 33 ms 34 ms ex2-p2-0.eqdltx.sbcglobal.net
    [151.164.242.42]
    15 35 ms 36 ms 38 ms bb2-p12-0.dllstx.sbcglobal.net
    [151.164.42.18]
    16 36 ms 72 ms 34 ms bb1-p10-0.dllstx.sbcglobal.net
    [151.164.40.209]

    17 50 ms 51 ms 49 ms bb1-p3-0.stlsmo.sbcglobal.net
    [151.164.189.33]
    18 51 ms 50 ms 51 ms dist1-vlan31.stlsmo.sbcglobal.net
    [151.164.165.1
    ]
    19 49 ms 50 ms 49 ms rback10-fa2-0.stlsmo.sbcglobal.net
    [151.164.14.1
    44]
    20 * * * Request timed out.
    21 * * * Request timed out.
    22 * * * Request timed out.
    23 * * * Request timed out.
  4. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    Thanks Tom. Here is what I got when I ran netstat.

    Active Connections

    Proto Local Address Foreign Address State
    TCP _____________:#### localhost:#### ESTABLISHED
    TCP _____________:#### localhost:#### ESTABLISHED
    TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED

    I replaced my computer's name with _ and the four digit port number with
    ####.
    Can you tell me what the difference is between "local address" and "foreign
    address"? Are they related or are they two separate categories?


    "Tom" <noway@nothere.com> wrote in message
    news:ey0prIAKFHA.3992@TK2MSFTNGP15.phx.gbl...
    >
    > "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    > news:uPybzEAKFHA.2716@TK2MSFTNGP15.phx.gbl...
    >> Hello everyone.
    >> I'd like to know if there is a way to look up an IP address to see what
    >> service or company it is a part of.
    >>
    >> I am running Win XP Pro behind a firewall/router. When I run netstat I
    >> get some IP addresses I am not familiar with. I'm pretty sure they're
    >> not local and I'd like to trace them to find out if they are part of a
    >> service or software program I am using. I know that when you are running
    >> Symantec's software firewall, and it detects an attack, Symantec's map
    >> shows you the approximate street address of the attacker. That's much
    >> more accurate than a standard traceroute, and that is kind of what I am
    >> looking for.
    >>
    >> Is there such a service available to look up any IP address, not just an
    >> attacker?
    >>
    >> TIA
    >>
    >
    > http://www.arin.net/index.html
    >
    > Place IP addy in the search field.
    >
    > Or, you can open a command prompt, type (no quotes) "tracert>Ip address
    > and hit enter, and get the info that way. If you hit another's firewall,
    > it will timeout, as it did when I ran one on you:
    >
    > Tracing route to adsl-68-88-52-29.dsl.stlsmo.swbell.net [68.88.52.29]
    > over a maximum of 30 hops:
    >
    > 1 11 ms 7 ms 7 ms 10.10.80.1
    > 2 12 ms 8 ms 8 ms 12-220-6-145.client.insightBB.com
    > [12.220.6.145]
    >
    > 3 14 ms 12 ms 12 ms 12-220-1-166.client.insightBB.com
    > [12.220.1.166]
    >
    > 4 19 ms 20 ms 18 ms 12-220-0-42.client.insightBB.com
    > [12.220.0.42]
    > 5 18 ms 18 ms 21 ms gbr6-p40.sl9mo.ip.att.net [12.123.25.30]
    > 6 20 ms 20 ms 18 ms tbr2-p013601.sl9mo.ip.att.net
    > [12.122.11.125]
    > 7 32 ms 33 ms 32 ms tbr2-cl6.dlstx.ip.att.net [12.122.10.90]
    > 8 33 ms 34 ms 32 ms ggr2-p390.dlstx.ip.att.net [12.123.17.85]
    > 9 31 ms 32 ms 37 ms att-gw.dfw.sprint.net [192.205.32.70]
    > 10 35 ms 53 ms 33 ms sl-bb24-fw-11-0.sprintlink.net
    > [144.232.11.22]
    > 11 32 ms 34 ms 47 ms sl-bb27-fw-14-0.sprintlink.net
    > [144.232.11.74]
    > 12 36 ms 36 ms 35 ms sl-st20-dal-13-0.sprintlink.net
    > [144.232.20.83]
    >
    > 13 34 ms 35 ms 41 ms sl-sbcint-3-0.sprintlink.net
    > [144.228.250.110]
    > 14 34 ms 33 ms 34 ms ex2-p2-0.eqdltx.sbcglobal.net
    > [151.164.242.42]
    > 15 35 ms 36 ms 38 ms bb2-p12-0.dllstx.sbcglobal.net
    > [151.164.42.18]
    > 16 36 ms 72 ms 34 ms bb1-p10-0.dllstx.sbcglobal.net
    > [151.164.40.209]
    >
    > 17 50 ms 51 ms 49 ms bb1-p3-0.stlsmo.sbcglobal.net
    > [151.164.189.33]
    > 18 51 ms 50 ms 51 ms dist1-vlan31.stlsmo.sbcglobal.net
    > [151.164.165.1
    > ]
    > 19 49 ms 50 ms 49 ms rback10-fa2-0.stlsmo.sbcglobal.net
    > [151.164.14.1
    > 44]
    > 20 * * * Request timed out.
    > 21 * * * Request timed out.
    > 22 * * * Request timed out.
    > 23 * * * Request timed out.
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    Local address is the IP/Port on your computer that the connection is bound
    to.

    Foreign Address is the same thing, only on the remote computer.

    The first two entries show something on your computer connecting to your
    computer through TCP.

    The last one probably shows Outlook express connecting to these newsgroups.

    Matt Gibson - GSEC


    "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    news:uI0q1oAKFHA.3500@TK2MSFTNGP14.phx.gbl...
    > Thanks Tom. Here is what I got when I ran netstat.
    >
    > Active Connections
    >
    > Proto Local Address Foreign Address State
    > TCP _____________:#### localhost:#### ESTABLISHED
    > TCP _____________:#### localhost:#### ESTABLISHED
    > TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
    >
    > I replaced my computer's name with _ and the four digit port number with
    > ####.
    > Can you tell me what the difference is between "local address" and
    > "foreign address"? Are they related or are they two separate categories?
    >
    >
    > "Tom" <noway@nothere.com> wrote in message
    > news:ey0prIAKFHA.3992@TK2MSFTNGP15.phx.gbl...
    >>
    >> "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    >> news:uPybzEAKFHA.2716@TK2MSFTNGP15.phx.gbl...
    >>> Hello everyone.
    >>> I'd like to know if there is a way to look up an IP address to see what
    >>> service or company it is a part of.
    >>>
    >>> I am running Win XP Pro behind a firewall/router. When I run netstat I
    >>> get some IP addresses I am not familiar with. I'm pretty sure they're
    >>> not local and I'd like to trace them to find out if they are part of a
    >>> service or software program I am using. I know that when you are
    >>> running Symantec's software firewall, and it detects an attack,
    >>> Symantec's map shows you the approximate street address of the attacker.
    >>> That's much more accurate than a standard traceroute, and that is kind
    >>> of what I am looking for.
    >>>
    >>> Is there such a service available to look up any IP address, not just an
    >>> attacker?
    >>>
    >>> TIA
    >>>
    >>
    >> http://www.arin.net/index.html
    >>
    >> Place IP addy in the search field.
    >>
    >> Or, you can open a command prompt, type (no quotes) "tracert>Ip address
    >> and hit enter, and get the info that way. If you hit another's firewall,
    >> it will timeout, as it did when I ran one on you:
    >>
    >> Tracing route to adsl-68-88-52-29.dsl.stlsmo.swbell.net [68.88.52.29]
    >> over a maximum of 30 hops:
    >>
    >> 1 11 ms 7 ms 7 ms 10.10.80.1
    >> 2 12 ms 8 ms 8 ms 12-220-6-145.client.insightBB.com
    >> [12.220.6.145]
    >>
    >> 3 14 ms 12 ms 12 ms 12-220-1-166.client.insightBB.com
    >> [12.220.1.166]
    >>
    >> 4 19 ms 20 ms 18 ms 12-220-0-42.client.insightBB.com
    >> [12.220.0.42]
    >> 5 18 ms 18 ms 21 ms gbr6-p40.sl9mo.ip.att.net [12.123.25.30]
    >> 6 20 ms 20 ms 18 ms tbr2-p013601.sl9mo.ip.att.net
    >> [12.122.11.125]
    >> 7 32 ms 33 ms 32 ms tbr2-cl6.dlstx.ip.att.net [12.122.10.90]
    >> 8 33 ms 34 ms 32 ms ggr2-p390.dlstx.ip.att.net [12.123.17.85]
    >> 9 31 ms 32 ms 37 ms att-gw.dfw.sprint.net [192.205.32.70]
    >> 10 35 ms 53 ms 33 ms sl-bb24-fw-11-0.sprintlink.net
    >> [144.232.11.22]
    >> 11 32 ms 34 ms 47 ms sl-bb27-fw-14-0.sprintlink.net
    >> [144.232.11.74]
    >> 12 36 ms 36 ms 35 ms sl-st20-dal-13-0.sprintlink.net
    >> [144.232.20.83]
    >>
    >> 13 34 ms 35 ms 41 ms sl-sbcint-3-0.sprintlink.net
    >> [144.228.250.110]
    >> 14 34 ms 33 ms 34 ms ex2-p2-0.eqdltx.sbcglobal.net
    >> [151.164.242.42]
    >> 15 35 ms 36 ms 38 ms bb2-p12-0.dllstx.sbcglobal.net
    >> [151.164.42.18]
    >> 16 36 ms 72 ms 34 ms bb1-p10-0.dllstx.sbcglobal.net
    >> [151.164.40.209]
    >>
    >> 17 50 ms 51 ms 49 ms bb1-p3-0.stlsmo.sbcglobal.net
    >> [151.164.189.33]
    >> 18 51 ms 50 ms 51 ms dist1-vlan31.stlsmo.sbcglobal.net
    >> [151.164.165.1
    >> ]
    >> 19 49 ms 50 ms 49 ms rback10-fa2-0.stlsmo.sbcglobal.net
    >> [151.164.14.1
    >> 44]
    >> 20 * * * Request timed out.
    >> 21 * * * Request timed out.
    >> 22 * * * Request timed out.
    >> 23 * * * Request timed out.
    >>
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    Then, while chatting on Yahoo Messenger I ran netstat again and got this:

    Active Connections

    Proto Local Address Foreign Address State
    TCP _____________:#### localhost:#### ESTABLISHED
    TCP _____________:#### localhost:#### TIME_WAIT
    TCP _____________:#### localhost:#### TIME_WAIT
    TCP _____________:#### localhost:#### TIME_WAIT
    TCP _____________:#### localhost:#### TIME_WAIT
    TCP _____________:#### localhost:#### ESTABLISHED
    TCP _____________:#### localhost:#### TIME_WAIT
    TCP _____________:#### localhost:#### ESTABLISHED
    TCP _____________:#### localhost:#### ESTABLISHED
    TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
    TCP _____________:#### cs19.msg.dcn.yahoo.com:5050 ESTABLISHED
    TCP _____________:#### 204.71.200.36:http TIME_WAIT
    TCP _____________:#### 205.161.6.47:http ESTABLISHED

    Obviously msnews.microsoft.com:nntp is Outlook Express's connection to the
    Microsoft news server. Yahoo.com is equally obvious. 204.71.200.36 is
    Yahoo, I believe. I have no idea what 205.161.6.47 is.
  7. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    "Matt Gibson" <mattg@blueedgetech.ca> wrote in message
    news:OkvDtzAKFHA.3652@TK2MSFTNGP10.phx.gbl...
    > Local address is the IP/Port on your computer that the connection is bound
    > to.
    >
    > Foreign Address is the same thing, only on the remote computer.

    No, the foreign address is the where the connection is made, and described
    in "state" (e.g. established, etc)
  8. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    news:ugEf%231AKFHA.4028@tk2msftngp13.phx.gbl...
    > Then, while chatting on Yahoo Messenger I ran netstat again and got this:
    >
    > Active Connections
    >
    > Proto Local Address Foreign Address State
    > TCP _____________:#### localhost:#### ESTABLISHED
    > TCP _____________:#### localhost:#### TIME_WAIT
    > TCP _____________:#### localhost:#### TIME_WAIT
    > TCP _____________:#### localhost:#### TIME_WAIT
    > TCP _____________:#### localhost:#### TIME_WAIT
    > TCP _____________:#### localhost:#### ESTABLISHED
    > TCP _____________:#### localhost:#### TIME_WAIT
    > TCP _____________:#### localhost:#### ESTABLISHED
    > TCP _____________:#### localhost:#### ESTABLISHED
    > TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
    > TCP _____________:#### cs19.msg.dcn.yahoo.com:5050 ESTABLISHED
    > TCP _____________:#### 204.71.200.36:http TIME_WAIT
    > TCP _____________:#### 205.161.6.47:http ESTABLISHED
    >
    > Obviously msnews.microsoft.com:nntp is Outlook Express's connection to the
    > Microsoft news server. Yahoo.com is equally obvious. 204.71.200.36 is
    > Yahoo, I believe. I have no idea what 205.161.6.47 is.
    >

    Your only concern should be whether your firewall is working properly. If
    you
    are getting hit, and your FW doesn't detect, or you allowed the setting to
    accept other connections, then you will see these other addresses you not
    sure of. For example, you may be at yahoo, and the address is listed, the
    other addresses may be conntection from yahoo that show up also.

    In mine, while only using OE connected to the MS servers, I get this:

    Proto Local Address Foreign Address State
    TCP home-pc:1073 msnews.microsoft.com:nntp ESTABLISHED
    TCP home-pc:1028 207.46.248.16:nntp TIME_WAIT
    TCP home-pc:1073 207.46.248.16:nntp ESTABLISHED

    The lower IP addy is MS in Redmond WA, and I can assume that is the news
    servers there where I am connected.

    Close all active Windows, run Netstat, and you'll get nothing (maybe,
    sometimes you get a similar connection that doesn't list active, reboot
    Windows if you want a true showing), open IE and
    see what shows up. Another addy may just be tracking how well MS's website
    gets hits, and you show that in netstat, or it will show MS, and the related
    IP addy is uses to be on the web..
  9. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    Who initiates the connection has no bearing on if it's under local or
    remote.

    Local is always the local IP, and remote is always the remote IP. The local
    IP is specified because it's possible to either have multiple IP's bound to
    a single NIC, or multiple NICs in the computer.

    Matt Gibson - GSEC


    "Tom" <noway@nothere.com> wrote in message
    news:OeYcBpBKFHA.1528@TK2MSFTNGP09.phx.gbl...
    >
    > "Matt Gibson" <mattg@blueedgetech.ca> wrote in message
    > news:OkvDtzAKFHA.3652@TK2MSFTNGP10.phx.gbl...
    >> Local address is the IP/Port on your computer that the connection is
    >> bound to.
    >>
    >> Foreign Address is the same thing, only on the remote computer.
    >
    > No, the foreign address is the where the connection is made, and described
    > in "state" (e.g. established, etc)
    >
  10. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    My reason for getting concerned about who is connecting to my computer is
    this: when I first installed Yahoo Messenger, I had the option set to allow
    Yahoo websites (games, chat) to show whether I am online or offline. I did
    not list myself in the Yahoo directory, so no one could find me by searching
    for my screen name. I turned that first option off because I was receiving
    unsolicited IMs all the time. They have decreased significantly. What I am
    worried about, however, is whether an advertiser or someone harmful could
    have detected my IP and stored it on their computer. Call me paranoid if
    you wish, but Yahoo has a terrible problem with advertisers abusing
    Messenger.


    "Tom" <noway@nothere.com> wrote in message
    news:OyleNxBKFHA.2428@TK2MSFTNGP10.phx.gbl...
    >
    > "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    > news:ugEf%231AKFHA.4028@tk2msftngp13.phx.gbl...
    >> Then, while chatting on Yahoo Messenger I ran netstat again and got this:
    >>
    >> Active Connections
    >>
    >> Proto Local Address Foreign Address State
    >> TCP _____________:#### localhost:#### ESTABLISHED
    >> TCP _____________:#### localhost:#### TIME_WAIT
    >> TCP _____________:#### localhost:#### TIME_WAIT
    >> TCP _____________:#### localhost:#### TIME_WAIT
    >> TCP _____________:#### localhost:#### TIME_WAIT
    >> TCP _____________:#### localhost:#### ESTABLISHED
    >> TCP _____________:#### localhost:#### TIME_WAIT
    >> TCP _____________:#### localhost:#### ESTABLISHED
    >> TCP _____________:#### localhost:#### ESTABLISHED
    >> TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
    >> TCP _____________:#### cs19.msg.dcn.yahoo.com:5050 ESTABLISHED
    >> TCP _____________:#### 204.71.200.36:http TIME_WAIT
    >> TCP _____________:#### 205.161.6.47:http ESTABLISHED
    >>
    >> Obviously msnews.microsoft.com:nntp is Outlook Express's connection to
    >> the
    >> Microsoft news server. Yahoo.com is equally obvious. 204.71.200.36 is
    >> Yahoo, I believe. I have no idea what 205.161.6.47 is.
    >>
    >
    > Your only concern should be whether your firewall is working properly. If
    > you
    > are getting hit, and your FW doesn't detect, or you allowed the setting to
    > accept other connections, then you will see these other addresses you not
    > sure of. For example, you may be at yahoo, and the address is listed, the
    > other addresses may be conntection from yahoo that show up also.
    >
    > In mine, while only using OE connected to the MS servers, I get this:
    >
    > Proto Local Address Foreign Address State
    > TCP home-pc:1073 msnews.microsoft.com:nntp ESTABLISHED
    > TCP home-pc:1028 207.46.248.16:nntp TIME_WAIT
    > TCP home-pc:1073 207.46.248.16:nntp ESTABLISHED
    >
    > The lower IP addy is MS in Redmond WA, and I can assume that is the news
    > servers there where I am connected.
    >
    > Close all active Windows, run Netstat, and you'll get nothing (maybe,
    > sometimes you get a similar connection that doesn't list active, reboot
    > Windows if you want a true showing), open IE and
    > see what shows up. Another addy may just be tracking how well MS's website
    > gets hits, and you show that in netstat, or it will show MS, and the
    > related IP addy is uses to be on the web..
    >
    >
    >
  11. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    BTW, I noticed I have my name incorrect in Outlook Express (I had restored a
    previous backup which restored my old name). My name is now what it should
    be, Truth_Seeker1.

    "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    news:eDDm5%23JKFHA.2736@TK2MSFTNGP09.phx.gbl...
    > My reason for getting concerned about who is connecting to my computer is
    > this: when I first installed Yahoo Messenger, I had the option set to
    > allow Yahoo websites (games, chat) to show whether I am online or offline.
    > I did not list myself in the Yahoo directory, so no one could find me by
    > searching for my screen name. I turned that first option off because I
    > was receiving unsolicited IMs all the time. They have decreased
    > significantly. What I am worried about, however, is whether an advertiser
    > or someone harmful could have detected my IP and stored it on their
    > computer. Call me paranoid if you wish, but Yahoo has a terrible problem
    > with advertisers abusing Messenger.
    >
    >
    > "Tom" <noway@nothere.com> wrote in message
    > news:OyleNxBKFHA.2428@TK2MSFTNGP10.phx.gbl...
    >>
    >> "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    >> news:ugEf%231AKFHA.4028@tk2msftngp13.phx.gbl...
    >>> Then, while chatting on Yahoo Messenger I ran netstat again and got
    >>> this:
    >>>
    >>> Active Connections
    >>>
    >>> Proto Local Address Foreign Address State
    >>> TCP _____________:#### localhost:#### ESTABLISHED
    >>> TCP _____________:#### localhost:#### TIME_WAIT
    >>> TCP _____________:#### localhost:#### TIME_WAIT
    >>> TCP _____________:#### localhost:#### TIME_WAIT
    >>> TCP _____________:#### localhost:#### TIME_WAIT
    >>> TCP _____________:#### localhost:#### ESTABLISHED
    >>> TCP _____________:#### localhost:#### TIME_WAIT
    >>> TCP _____________:#### localhost:#### ESTABLISHED
    >>> TCP _____________:#### localhost:#### ESTABLISHED
    >>> TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
    >>> TCP _____________:#### cs19.msg.dcn.yahoo.com:5050 ESTABLISHED
    >>> TCP _____________:#### 204.71.200.36:http TIME_WAIT
    >>> TCP _____________:#### 205.161.6.47:http ESTABLISHED
    >>>
    >>> Obviously msnews.microsoft.com:nntp is Outlook Express's connection to
    >>> the
    >>> Microsoft news server. Yahoo.com is equally obvious. 204.71.200.36 is
    >>> Yahoo, I believe. I have no idea what 205.161.6.47 is.
    >>>
    >>
    >> Your only concern should be whether your firewall is working properly. If
    >> you
    >> are getting hit, and your FW doesn't detect, or you allowed the setting
    >> to
    >> accept other connections, then you will see these other addresses you not
    >> sure of. For example, you may be at yahoo, and the address is listed, the
    >> other addresses may be conntection from yahoo that show up also.
    >>
    >> In mine, while only using OE connected to the MS servers, I get this:
    >>
    >> Proto Local Address Foreign Address State
    >> TCP home-pc:1073 msnews.microsoft.com:nntp ESTABLISHED
    >> TCP home-pc:1028 207.46.248.16:nntp TIME_WAIT
    >> TCP home-pc:1073 207.46.248.16:nntp ESTABLISHED
    >>
    >> The lower IP addy is MS in Redmond WA, and I can assume that is the news
    >> servers there where I am connected.
    >>
    >> Close all active Windows, run Netstat, and you'll get nothing (maybe,
    >> sometimes you get a similar connection that doesn't list active, reboot
    >> Windows if you want a true showing), open IE and
    >> see what shows up. Another addy may just be tracking how well MS's
    >> website
    >> gets hits, and you show that in netstat, or it will show MS, and the
    >> related IP addy is uses to be on the web..
    >>
    >>
    >>
    >
    >
  12. Archived from groups: microsoft.public.windowsxp.security_admin,microsoft.public.windowsxp.perform_maintain,microsoft.public.windowsxp.help_and_support (More info?)

    Again, I wouldn't be too concerned. If you allow and application to
    communicate with your PC, then you're allowing it. If you have a
    professional type firewall software installed, then you may allow certain
    ports to be open/closed for certain things.
    If you are using a software firewall, try deleting every program that you
    are using for what you are concerned, then when you restart them, your
    firewall should ask if you want to allow this. If any other connections seem
    to arise from that program, your firewall should alert you, and you can
    deny, or allow (if even for one instance at a time).


    "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    news:eDDm5%23JKFHA.2736@TK2MSFTNGP09.phx.gbl...
    > My reason for getting concerned about who is connecting to my computer is
    > this: when I first installed Yahoo Messenger, I had the option set to
    > allow Yahoo websites (games, chat) to show whether I am online or offline.
    > I did not list myself in the Yahoo directory, so no one could find me by
    > searching for my screen name. I turned that first option off because I
    > was receiving unsolicited IMs all the time. They have decreased
    > significantly. What I am worried about, however, is whether an advertiser
    > or someone harmful could have detected my IP and stored it on their
    > computer. Call me paranoid if you wish, but Yahoo has a terrible problem
    > with advertisers abusing Messenger.
    >
    >
    > "Tom" <noway@nothere.com> wrote in message
    > news:OyleNxBKFHA.2428@TK2MSFTNGP10.phx.gbl...
    >>
    >> "DCSouthSide" <DrewStuffL@excite.com> wrote in message
    >> news:ugEf%231AKFHA.4028@tk2msftngp13.phx.gbl...
    >>> Then, while chatting on Yahoo Messenger I ran netstat again and got
    >>> this:
    >>>
    >>> Active Connections
    >>>
    >>> Proto Local Address Foreign Address State
    >>> TCP _____________:#### localhost:#### ESTABLISHED
    >>> TCP _____________:#### localhost:#### TIME_WAIT
    >>> TCP _____________:#### localhost:#### TIME_WAIT
    >>> TCP _____________:#### localhost:#### TIME_WAIT
    >>> TCP _____________:#### localhost:#### TIME_WAIT
    >>> TCP _____________:#### localhost:#### ESTABLISHED
    >>> TCP _____________:#### localhost:#### TIME_WAIT
    >>> TCP _____________:#### localhost:#### ESTABLISHED
    >>> TCP _____________:#### localhost:#### ESTABLISHED
    >>> TCP _____________:#### msnews.microsoft.com:nntp ESTABLISHED
    >>> TCP _____________:#### cs19.msg.dcn.yahoo.com:5050 ESTABLISHED
    >>> TCP _____________:#### 204.71.200.36:http TIME_WAIT
    >>> TCP _____________:#### 205.161.6.47:http ESTABLISHED
    >>>
    >>> Obviously msnews.microsoft.com:nntp is Outlook Express's connection to
    >>> the
    >>> Microsoft news server. Yahoo.com is equally obvious. 204.71.200.36 is
    >>> Yahoo, I believe. I have no idea what 205.161.6.47 is.
    >>>
    >>
    >> Your only concern should be whether your firewall is working properly. If
    >> you
    >> are getting hit, and your FW doesn't detect, or you allowed the setting
    >> to
    >> accept other connections, then you will see these other addresses you not
    >> sure of. For example, you may be at yahoo, and the address is listed, the
    >> other addresses may be conntection from yahoo that show up also.
    >>
    >> In mine, while only using OE connected to the MS servers, I get this:
    >>
    >> Proto Local Address Foreign Address State
    >> TCP home-pc:1073 msnews.microsoft.com:nntp ESTABLISHED
    >> TCP home-pc:1028 207.46.248.16:nntp TIME_WAIT
    >> TCP home-pc:1073 207.46.248.16:nntp ESTABLISHED
    >>
    >> The lower IP addy is MS in Redmond WA, and I can assume that is the news
    >> servers there where I am connected.
    >>
    >> Close all active Windows, run Netstat, and you'll get nothing (maybe,
    >> sometimes you get a similar connection that doesn't list active, reboot
    >> Windows if you want a true showing), open IE and
    >> see what shows up. Another addy may just be tracking how well MS's
    >> website
    >> gets hits, and you show that in netstat, or it will show MS, and the
    >> related IP addy is uses to be on the web..
    >>
    >>
    >>
    >
    >
Ask a new question

Read More

Microsoft Windows XP