alright, what the f is this nonsense?

shwaip

Noticed I had way more active connections than I should. results of netstat -n :


MSE tells me that I have no viruses, but does anyone know what this is?

kryyst

Based on that port range it looks like p2p connections.

Thrax

Specifically, BitTorrent.

MAGIC

Specifically, pr0n.

Thrax

Specifically, DV-- nevermind.

shwaip

No bittorrent running (or even installed). Maybe some sort of chrome plugin that uses BT to distribute data? It seems unlikely to be BT if all the IPs are the same, too.

ardichoke

Actually, all the IPs are not the same... you just have small blocks of IPs that are the same. That's exactly what BitTorrent does.

Shut down everything that you have open and run a netstat, see if it's still like that. If it is then you may have a problem. Otherwise start reopening programs one at a time until you find the culprit.

shwaip

Everytime I use BT, it has 1 IP per port...and actually I tend to set up my torrent programs to use 1 port so I don't have to open up a bunch in my firewall.

ed: plus they're all going to port 80.

ardichoke

that's only the listening port. Once a client contacts the listening port the actual connection is established on a different port so that the listening port isn't tied up for other connections. Generally speaking.

Regardless, I suggested where to start troubleshooting. Take it or leave it.

shwaip

Happens with all internet browsing, regardless of browser.

ardichoke

Well, it looks like those IPs (at least the ones that I noticed repeat the most) belong to Level3, Akamai Technologies and Amazon. You probably have sites open that are pulling data/libraries/something else that are hosted by them. Akamai Technologies also hosts a lot of distributed content (apparently) such as software updates, virus scanner updates, etc.

shwaip

I'm seeing it with stuff like browsing icrontic as well:

  TCP    192.168.1.106:55763    69.167.168.132:http
  TCP    192.168.1.106:55765    69.167.168.132:http
  TCP    192.168.1.106:55766    69.167.168.132:http
  TCP    192.168.1.106:55767    69.167.168.132:http
  TCP    192.168.1.106:55768    69.167.168.132:http
  TCP    192.168.1.106:55771    69.167.168.132:http
  TCP    192.168.1.106:55779    69.167.168.132:http
  TCP    192.168.1.106:55782    74:http
  TCP    192.168.1.106:55783    69.167.168.132:http
  TCP    192.168.1.106:55789    69.167.168.132:http
  TCP    192.168.1.106:55790    69.167.168.132:http
  TCP    192.168.1.106:55791    69.167.168.132:http
  TCP    192.168.1.106:55792    69.167.168.132:http
  TCP    192.168.1.106:55793    69.167.168.132:http
  TCP    192.168.1.106:55795    69.167.168.132:http
  TCP    192.168.1.106:55796    69.167.168.132:http
  TCP    192.168.1.106:55797    69.167.168.132:http
  TCP    192.168.1.106:55798    69.167.168.132:http
  TCP    192.168.1.106:55799    69.167.168.132:http
  TCP    192.168.1.106:55807    69.167.168.132:http
  TCP    192.168.1.106:55808    69.167.168.132:http

(that's icrontic's IP, at least according to my interwibbles)

ardichoke

Yes that is Icrontic's IP. As to why you're opening multiple connections... depending on your browser it's probably just a feature to speed up page loading. I believe Firefox calls it http pipelining. There's also HTTP keepalives which keep connections open between page loads to speed up response time and multiple other tricks that could be causing multiple connections to stay open. If you have the IC IRC page open that's probably also causing some of it.

Linc

Ever seen how many HTTP requests it takes to load Icrontic? It makes me sad.

ardichoke

Yeah, I just watched that.... and shuddered.