PDA

View Full Version : Why do 4 programs take up 50 connections in netstat?!?!?!


chrisdudeperson
11-09-2008, 18:45
Hey guys,

My internet keeps on overloading and i did a netstat and i found out that programs like google chrome or firefox are using like 20 established connections!!!

How do i stop them from doing this because it is killing my internet!

Thanks
Chris

Raistlin
11-09-2008, 19:03
If the number of connections you were seeing from those applications was responsible for killing your Internet connection then everybody would be having the same issue.

The number of connections showing in netstat will depend largely on what you're doing with Firefox/Chrome, it's also worth realising (although I'm sure you don't need to be told this) that not every line in netstat is a live/established connection.

Finally, what are the actual symptoms that you are getting? Giving us this information might help us diagnose what your problem is more accurately.

chrisdudeperson
11-09-2008, 19:18
Well, those 50 were established.

And all i was doing was browsing about 3 or 4 sites. Virgin PCGuard is responsible for taking a lot as well. Even itunes uses about 7 when i'm not even on itunes store

Sometimes the internet goes very slow or dies. And quiet often it goes slowish but loads in the end it loads.

Thanks
Chris

whydoIneedatech
11-09-2008, 19:21
Try netstat -an and tell us how many listening and established you have.

Also XP or Vista?

chrisdudeperson
11-09-2008, 19:24
44 Established and 10 listening

I am running XP Pro

Graham M
11-09-2008, 19:25
Can you post your netstat output here?

chrisdudeperson
11-09-2008, 19:26
Active Connections

Proto Local Address Foreign Address State
TCP your-7750a80450:1034 localhost:27015 ESTABLISHED
TCP your-7750a80450:1676 localhost:27015 ESTABLISHED
TCP your-7750a80450:1677 localhost:5354 ESTABLISHED
TCP your-7750a80450:1678 localhost:5354 ESTABLISHED
TCP your-7750a80450:1680 localhost:5354 ESTABLISHED
TCP your-7750a80450:1681 localhost:5354 ESTABLISHED
TCP your-7750a80450:1682 localhost:5354 ESTABLISHED
TCP your-7750a80450:1683 localhost:5354 ESTABLISHED
TCP your-7750a80450:2206 localhost:2205 TIME_WAIT
TCP your-7750a80450:2209 localhost:10024 TIME_WAIT
TCP your-7750a80450:2212 localhost:10024 TIME_WAIT
TCP your-7750a80450:2214 localhost:10024 TIME_WAIT
TCP your-7750a80450:2216 localhost:10024 TIME_WAIT
TCP your-7750a80450:2218 localhost:10024 ESTABLISHED
TCP your-7750a80450:2220 localhost:10024 ESTABLISHED
TCP your-7750a80450:2222 localhost:10024 ESTABLISHED
TCP your-7750a80450:2224 localhost:10024 CLOSE_WAIT
TCP your-7750a80450:2226 localhost:10024 CLOSE_WAIT
TCP your-7750a80450:2227 localhost:10024 CLOSE_WAIT
TCP your-7750a80450:2228 localhost:10024 CLOSE_WAIT
TCP your-7750a80450:2232 localhost:10024 CLOSE_WAIT
TCP your-7750a80450:2234 localhost:10024 CLOSE_WAIT
TCP your-7750a80450:2236 localhost:10024 CLOSE_WAIT
TCP your-7750a80450:2241 localhost:10024 CLOSE_WAIT
TCP your-7750a80450:2243 localhost:2244 ESTABLISHED
TCP your-7750a80450:2244 localhost:2243 ESTABLISHED
TCP your-7750a80450:2245 localhost:2246 ESTABLISHED
TCP your-7750a80450:2246 localhost:2245 ESTABLISHED
TCP your-7750a80450:2247 localhost:10024 ESTABLISHED
TCP your-7750a80450:2250 localhost:10024 ESTABLISHED
TCP your-7750a80450:2252 localhost:10024 ESTABLISHED
TCP your-7750a80450:2254 localhost:10024 ESTABLISHED
TCP your-7750a80450:2255 localhost:10024 ESTABLISHED
TCP your-7750a80450:2258 localhost:10024 ESTABLISHED
TCP your-7750a80450:2260 localhost:10024 ESTABLISHED
TCP your-7750a80450:5354 localhost:1677 ESTABLISHED
TCP your-7750a80450:5354 localhost:1678 ESTABLISHED
TCP your-7750a80450:5354 localhost:1680 ESTABLISHED
TCP your-7750a80450:5354 localhost:1681 ESTABLISHED
TCP your-7750a80450:5354 localhost:1682 ESTABLISHED
TCP your-7750a80450:5354 localhost:1683 ESTABLISHED
TCP your-7750a80450:10024 localhost:2218 ESTABLISHED
TCP your-7750a80450:10024 localhost:2220 ESTABLISHED
TCP your-7750a80450:10024 localhost:2222 ESTABLISHED
TCP your-7750a80450:10024 localhost:2224 FIN_WAIT_2
TCP your-7750a80450:10024 localhost:2226 FIN_WAIT_2
TCP your-7750a80450:10024 localhost:2227 FIN_WAIT_2
TCP your-7750a80450:10024 localhost:2228 FIN_WAIT_2
TCP your-7750a80450:10024 localhost:2232 FIN_WAIT_2
TCP your-7750a80450:10024 localhost:2234 FIN_WAIT_2
TCP your-7750a80450:10024 localhost:2236 FIN_WAIT_2
TCP your-7750a80450:10024 localhost:2241 FIN_WAIT_2
TCP your-7750a80450:10024 localhost:2247 ESTABLISHED
TCP your-7750a80450:10024 localhost:2250 ESTABLISHED
TCP your-7750a80450:10024 localhost:2252 ESTABLISHED
TCP your-7750a80450:10024 localhost:2254 ESTABLISHED
TCP your-7750a80450:10024 localhost:2255 ESTABLISHED
TCP your-7750a80450:10024 localhost:2258 ESTABLISHED
TCP your-7750a80450:10024 localhost:2260 ESTABLISHED
TCP your-7750a80450:27015 localhost:1034 ESTABLISHED
TCP your-7750a80450:27015 localhost:1676 ESTABLISHED
TCP your-7750a80450:1112 by1msg3245802.phx.gbl:1863 ESTABLISHED
TCP your-7750a80450:1530 79-77-112-108.dynamic.dsl.as9105.com:4317 ESTAB
LISHED
TCP your-7750a80450:1600 cpc1-farn2-0-0-cust940.glfd.cable.ntl.com:2513
ESTABLISHED
TCP your-7750a80450:1859 *********xln.managedbroadband.co.uk:1166
ESTABLISHED
TCP your-7750a80450:1867 5acc942a.bb.sky.com:27077 ESTABLISHED
TCP your-7750a80450:1894 *******.cable.ubr07.****.blueyonder.co.uk:
1068 ESTABLISHED
TCP your-7750a80450:1911 77-96-109-4.cable.ubr10.croy.blueyonder.co.uk:49
671 ESTABLISHED
TCP your-7750a80450:1946 80-195-178-237.cable.ubr02.croy.blueyonder.co.uk
:1140 ESTABLISHED
TCP your-7750a80450:1964 91.84.214.247:38874 ESTABLISHED
TCP your-7750a80450:1976 by2msg1161919.phx.gbl:1863 ESTABLISHED
TCP your-7750a80450:2056 64.18.84.21:http TIME_WAIT
TCP your-7750a80450:2196 65.55.197.247:http TIME_WAIT
TCP your-7750a80450:2200 CPE120321dc1111-CM001bd7aa5e42.cpe.net.cable.rog
ers.com:3070 ESTABLISHED
TCP your-7750a80450:2204 nf-in-f83.google.com:http LAST_ACK
TCP your-7750a80450:2210 usaicp.com:http TIME_WAIT
TCP your-7750a80450:2211 63.243.146.21:http ESTABLISHED
TCP your-7750a80450:2213 usaicp.com:http TIME_WAIT
TCP your-7750a80450:2215 usaicp.com:http TIME_WAIT
TCP your-7750a80450:2217 211.152.50.11:http TIME_WAIT
TCP your-7750a80450:2219 ey-in-f167.google.com:http ESTABLISHED
TCP your-7750a80450:2221 ey-in-f167.google.com:http ESTABLISHED
TCP your-7750a80450:2223 ew-in-f127.google.com:http ESTABLISHED
TCP your-7750a80450:2248 usaicp.com:http ESTABLISHED
TCP your-7750a80450:2249 ey-in-f103.google.com:https ESTABLISHED
TCP your-7750a80450:2251 usaicp.com:http ESTABLISHED
TCP your-7750a80450:2253 usaicp.com:http ESTABLISHED
TCP your-7750a80450:2256 usaicp.com:http ESTABLISHED
TCP your-7750a80450:2257 usaicp.com:http ESTABLISHED
TCP your-7750a80450:2259 usaicp.com:http ESTABLISHED
TCP your-7750a80450:2261 211.152.50.11:http ESTABLISHED

whydoIneedatech
11-09-2008, 19:31
44 Established and 10 listening

I am running XP Pro
What do you get when you go to the DOS screen immediately after a reboot.

---------- Post added at 18:31 ---------- Previous post was at 18:27 ----------

Download procexp and you can check each link out separately, link below.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Graham M
11-09-2008, 19:32
Very few of those belong to anything recognisable looking at the port numbers

chrisdudeperson
11-09-2008, 19:34
Only thing that had started was gmail notifier:

TCP your-7750a80450:1034 localhost:27015 ESTABLISHED
TCP your-7750a80450:27015 localhost:1034 ESTABLISHED
TCP your-7750a80450:1032 ik-in-f103.google.com:https TIME_WAIT
TCP your-7750a80450:1035 nf-in-f19.google.com:http ESTABLISHED
TCP your-7750a80450:1036 64.18.84.40:http TIME_WAIT
TCP your-7750a80450:1717 192.168.1.1:http TIME_WAIT
TCP your-7750a80450:5317 192.168.1.1:http TIME_WAIT
TCP your-7750a80450:7225 192.168.1.1:http TIME_WAIT
TCP your-7750a80450:9037 192.168.1.1:http TIME_WAIT
TCP your-7750a80450:12666 192.168.1.1:http TIME_WAIT
TCP your-7750a80450:23013 192.168.1.1:http TIME_WAIT
TCP your-7750a80450:28306 192.168.1.1:http TIME_WAIT
TCP your-7750a80450:63549 192.168.1.1:http TIME_WAIT

When PCGuard had loaded and google chrome was open:

TCP your-7750a80450:1034 localhost:27015 ESTABLISHED
TCP your-7750a80450:1067 localhost:10824 ESTABLISHED
TCP your-7750a80450:1070 localhost:10824 ESTABLISHED
TCP your-7750a80450:1072 localhost:10824 ESTABLISHED
TCP your-7750a80450:1076 localhost:10824 ESTABLISHED
TCP your-7750a80450:1092 localhost:10824 ESTABLISHED
TCP your-7750a80450:10824 localhost:1067 ESTABLISHED
TCP your-7750a80450:10824 localhost:1070 ESTABLISHED
TCP your-7750a80450:10824 localhost:1072 ESTABLISHED
TCP your-7750a80450:10824 localhost:1076 ESTABLISHED
TCP your-7750a80450:10824 localhost:1092 ESTABLISHED
TCP your-7750a80450:27015 localhost:1034 ESTABLISHED
TCP your-7750a80450:1039 CPE120321dc1111-CM001bd7aa5e42.cpe.net.cable.r
ers.com:3070 ESTABLISHED
TCP your-7750a80450:1040 63.243.146.36:http ESTABLISHED
TCP your-7750a80450:1041 64.18.84.92:https ESTABLISHED
TCP your-7750a80450:1043 64.18.84.40:http TIME_WAIT
TCP your-7750a80450:1044 64.18.84.39:http ESTABLISHED
TCP your-7750a80450:1051 ik-in-f104.google.com:http TIME_WAIT
TCP your-7750a80450:1054 63.243.146.21:http ESTABLISHED
TCP your-7750a80450:1068 ew-in-f164.google.com:http ESTABLISHED
TCP your-7750a80450:1071 ew-in-f164.google.com:http ESTABLISHED
TCP your-7750a80450:1074 ew-in-f164.google.com:http ESTABLISHED
TCP your-7750a80450:1077 ey-in-f127.google.com:http ESTABLISHED
TCP your-7750a80450:1091 ey-in-f147.google.com:https ESTABLISHED
TCP your-7750a80450:1093 nf-in-f19.google.com:http ESTABLISHED

Raistlin
11-09-2008, 20:08
Very few of those belong to anything recognisable looking at the port numbers

Those will mainly be local port numbers, local port assignments don't follow much of a pattern it's only the ports on the remote machines that correspond to known values (usually).

chrisdudeperson
11-09-2008, 20:12
So what does this mean for my dodgy internet?

Because i phone up virgin and the guy said that i had way too many establishd connected. He also pinged the modem with my pc plugged in and without it plugged in. The ping was very slow with mine plugged in and normal when it wasn't

So somethings up

whydoIneedatech
11-09-2008, 20:14
Have you tried running some Antispy software like AVG8 and Adaware 2008 .

Raistlin
11-09-2008, 20:15
When did you first start getting problems?

Do you happen to have Have Life installed by any chance?

chrisdudeperson
11-09-2008, 20:22
Ermm, not too sure probably when i reinstalled xp.

Nope. Used to use P2P software but stopped about 6 months ago

Horace
11-09-2008, 20:41
Hey guys,

My internet keeps on overloading and i did a netstat and i found out that programs like google chrome or firefox are using like 20 established connections!!!

How do i stop them from doing this because it is killing my internet!

Thanks
Chris

That can happen with some routers, basically the router runs out of memory and starts to fail until a reboot.
Netstat -b or currports ( http://www.nirsoft.net/utils/cports.html ) will tell you what's actually on the end of those open connections.

whydoIneedatech
11-09-2008, 20:55
That can happen with some routers, basically the router runs out of memory and starts to fail until a reboot.
Netstat -b or currports ( http://www.nirsoft.net/utils/cports.html ) will tell you what's actually on the end of those open connections.
Quite similar to Procexp that I mentioned above.

CrowmanUK
11-09-2008, 21:23
try running netstat -a -o it'll give you the process ID of whatever is using that connection and you can track it down in the processes tab of windows task manager, if it doesnt show you the process id (PID) go to view at the top, select columns and put a tick in the PID box, tech support told me I'd got way too many processes running once and said I must be using p2p software or be infected with virus/spyware, turned out once I checked it was a program I use called Xfire, a games messaging program that does use p2p technology to download patches for games.

Paul
11-09-2008, 21:37
netstat -bn

is best - you will see all the ips and port numbers (no lookups) and the process exe.

chrisdudeperson
11-09-2008, 22:48
Ok, well RPS which is PCGuard is taking up a lot, how do i stop this?

Surely it doesn't need 10 connections??
Surely Chrome didn't need 20!

Thanks
Chris

Andrewcrawford23
12-09-2008, 10:16
So what does this mean for my dodgy internet?

Because i phone up virgin and the guy said that i had way too many establishd connected. He also pinged the modem with my pc plugged in and without it plugged in. The ping was very slow with mine plugged in and normal when it wasn't

So somethings up

The guy is talking mince, XP by defaults has 30-40 connection that are local, they got a shock when they tried that on me and i said bit hard when it brand new isntalled machine

---------- Post added at 09:16 ---------- Previous post was at 09:15 ----------

Ok, well RPS which is PCGuard is taking up a lot, how do i stop this?

Surely it doesn't need 10 connections??
Surely Chrome didn't need 20!

Thanks
Chris

It needs to take them up!!!! it your firewal how else do they expect your connection to be safe

chrisdudeperson
12-09-2008, 21:02
So what could be the cause of my dodgy internet?

I have updated and reset my router.

...

Thanks
Chris

Andrewcrawford23
13-09-2008, 23:50
in command prompt do ping www.bbc.co.uk and tracert www.bbc.co.uk, post netstat -bo and i will see if i can see what causing the problem the local loopbacks wont slow your internet no matter what virgin techincal support say there a bit daft or just dnt liek admiting fault