wierd happenings with netstat
Results 1 to 6 of 6

Thread: wierd happenings with netstat

  1. #1
    Elite Hacker
    Join Date
    Mar 2003

    wierd happenings with netstat

    So I open up AIM and then do a netstat -n.
    It shows three ip's with the aim port. normal enough(even though there was only one buddy on. I guess you have to connect to a server first.). Then I pinged all of them just to see if they would respond. Then I do netstat -n again and get the same three ip's with the aim ports plus two other one's with port 80. So I open up ie and type in the two ip's and both get the same thing, a page which says "nothing to see here". one of the ip's started with 205 and the other with 64. Here is the source from view source in ie:

    <HTML><HEAD><meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l r (ca 1 lz 1 nz 1 oz 1 vz 1) gen true for "" r (ca 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0) gen true for "" r (n 0 s 0 v 0 l 0))' /></HEAD><BODY>Nothing to see here</BODY></HTML>

    What do you all make of this?


  2. #2
    Join Date
    Apr 2003
    hmm this is interesting ..why are some links
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    hidden in the source ... the link doesnt show up anywhere on this page .... http://www.rsac.org/rsac/

  3. #3
    The link shouldn't show up anywhere on the page, all that is happening in that part of the source code is the doctype is being declared - amusing that it should be declared as 'strict' since the code is not current w/the latest HTML standard, but =P if you don't exactly follow, go to http://www.w3schools.com and read up a bit on regular HTML vs. xhtml and you'll find a DOCTYPE section I'm sure.


  4. #4
    Join Date
    Apr 2003
    I like to use SamSpade (http://www.samspade.org/) to figure out who is on the other end of IP numbers:

    Trying whois -h whois.arin.net

    OrgName: America Online, Inc.
    OrgID: AMERIC-158
    Address: 10600 Infantry Ridge Road
    City: Manassas
    StateProv: VA
    PostalCode: 20109
    Country: US

    NetRange: -
    NetName: AOL-MTC
    NetHandle: NET-64-12-0-0-1
    Parent: NET-64-0-0-0-0
    NetType: Direct Assignment
    NameServer: DNS-01.NS.AOL.COM
    NameServer: DNS-02.NS.AOL.COM
    RegDate: 1999-12-13
    Updated: 1999-12-16

    TechHandle: AOL-NOC-ARIN
    TechName: America Online, Inc.
    TechPhone: +1-703-265-4670
    TechEmail: domains@aol.net

    # ARIN WHOIS database, last updated 2003-10-08 19:15
    # Enter ? for additional hints on searching ARIN's WHOIS database.
    What it looks like is you are seeing some of the routing servers or hops from your machine to the site you ping'ed. Try a TraceRt or pick up a PingPlotter to see where things go from your location to the ping target.

    BTW, I did a little Google on some of the strings you posted. Here is one of the results:


    Curioser and curioser.

  5. #5
    Senior Member
    Join Date
    Sep 2003
    Those connections on port 80 might be to the servers that host the ads and crap on the top of AIM and the news ticker/headlines.

    I could be completely wrong..but it was just a thought.

  6. #6
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Tekno, I believe has hit the nail on the head. This is just AIM pulling banners from various aol sites:
    Non-authoritative answer:
    Name: ads.web.aol.com

    Blocking these sites will reportedly screw AIM up but I hear that DeadAIM does a good job.

    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts