|
-
January 17th, 2003, 06:41 AM
#1
Junior Member
Close_wait?????
hi,
every time when i go to command prompt and type in "netstat" i get this .....
Proto Local Address Foreign Address State
TCP mycomputer unknown.level3.net:http CLOSE_WAIT
the foreign address is using port 80...wait here is what i get when i type in "netstat -n"....
Proto Local Address Foreign Address State
TCP xxxxxxxxxxx:1028 63.211.121.166:80 CLOSE_WAIT
I actually checked out unknown.level3.net and it was a like an ISP website, but why do i always get their address even when i restart the computer or when i'm not opening any Internet windows. (I'm using road runner btw).
Can someone give me a explanation of why this is happening?
thanks.
-
January 17th, 2003, 08:17 AM
#2
Senior Member
hi
perhaps it is because of adware?
have you installed any shareware or supposed freeware lately?
perhaps you have one which is set to start up when windows does, and the adware side tries to get to that website.
regards,
mark.
\'hi, welcome to *****. if you would like to speak to an operator, please hang up now.\'
* click *
-
January 17th, 2003, 04:30 PM
#3
I use to socket programming but its been awhile so I did some research on the state CLOSE_WAIT and came up with:
from http://www.cygwin.com/ml/cygwin-patc.../msg00039.html -if your not developing this not a solution but I thought you might find it useful.
Cheers,
-D
If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
-
January 17th, 2003, 05:10 PM
#4
Try using something like TCP View to track the connection in real-time. This way, you will be able to see what application may be initiating the connection. I hope that helps you at least a little. Take care. Let us know if you need any additional help.
t2k2
Opinions are like  holes - everybody\'s got\'em.
Smile 
-
January 17th, 2003, 05:24 PM
#5
If you haven't done so, you might download and install some free software to help harden your system. There are many programs to choose from but here are a few:
Ad Aware www.lavasoftusa.com/ -- scans for adware and removes it
ZoneAlarm www.zonelabs.com/store/content/home.jsp -- free firewall for personal use
Antivirus www.grisoft.com
-
January 17th, 2003, 05:39 PM
#6
Member
Run Fport from www.foundstone.com - you will be able to tell if the app using the connection is one you expect...
Krang
.....Brain Failure....dumping core.... z z z
-
January 17th, 2003, 05:45 PM
#7
Junior Member
thanks guys.
actually i've never installed any freeware nor shareware, but maybe it is an ad.
when i get home from work today, i will try all the suggestions voiced. I will let you know what happens.
thanks for the help.
-
January 17th, 2003, 06:22 PM
#8
CLOSE_WAIT means you have been connected to a remote host and it has been given the kill signal and it is waiting to close the connection
by the looks of it it has been a webserver you have been conected to
TCP xxxxxxxxxxx:1028 63.211.121.166:80
the xxxxxxx being you're ipaddress the 1028 being the port that has sent the siganl to the webserver 63.211.121.166:80 is the address of the webserver and the port you have been connected to ie the http port so this leads me to belive it is a webserver there doesent seem to be a whois entry on this address though it shouldnt be anything to worry about though
try running ad-aware just in case
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
http://muaythaiscotland.com/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
