Weird Procceses

Question

Can someone tell me if netstat -a -n -o is throwing something out of normal? I Have nothing running except for the Windows Explorer in 4584

  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       988
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:2869           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49664          0.0.0.0:0              LISTENING       652
  TCP    0.0.0.0:49665          0.0.0.0:0              LISTENING       1128
  TCP    0.0.0.0:49666          0.0.0.0:0              LISTENING       1488
  TCP    0.0.0.0:49667          0.0.0.0:0              LISTENING       1076
  TCP    0.0.0.0:49668          0.0.0.0:0              LISTENING       792
  TCP    0.0.0.0:49669          0.0.0.0:0              LISTENING       800
  TCP    127.0.0.1:5939         0.0.0.0:0              LISTENING       2424
  TCP    192.168.1.102:139      0.0.0.0:0              LISTENING       4
  TCP    192.168.1.102:29510    0.0.0.0:0              LISTENING       10080
  TCP    192.168.1.102:49427    23.197.208.171:80      TIME_WAIT       0
  TCP    192.168.1.102:49428    131.253.34.253:443     ESTABLISHED     4584
  TCP    192.168.1.102:59711    23.197.227.42:80       TIME_WAIT       0
  TCP    192.168.1.102:59716    104.18.56.159:80       CLOSE_WAIT      8888
  TCP    192.168.56.1:139       0.0.0.0:0              LISTENING       4
  TCP    [::]:135               [::]:0                 LISTENING       988
  TCP    [::]:445               [::]:0                 LISTENING       4
  TCP    [::]:2869              [::]:0                 LISTENING       4
  TCP    [::]:5357              [::]:0                 LISTENING       4
  TCP    [::]:49664             [::]:0                 LISTENING       652
  TCP    [::]:49665             [::]:0                 LISTENING       1128
  TCP    [::]:49666             [::]:0                 LISTENING       1488
  TCP    [::]:49667             [::]:0                 LISTENING       1076
  TCP    [::]:49668             [::]:0                 LISTENING       792
  TCP    [::]:49669             [::]:0                 LISTENING       800
  UDP    0.0.0.0:500            *:*                                    1128
  UDP    0.0.0.0:3702           *:*                                    3216
  UDP    0.0.0.0:3702           *:*                                    2700
  UDP    0.0.0.0:3702           *:*                                    3216
  UDP    0.0.0.0:3702           *:*                                    1584
  UDP    0.0.0.0:3702           *:*                                    1584
  UDP    0.0.0.0:3702           *:*                                    2700
  UDP    0.0.0.0:4500           *:*                                    1128
  UDP    0.0.0.0:5050           *:*                                    1584
  UDP    0.0.0.0:5353           *:*                                    1788
  UDP    0.0.0.0:5355           *:*                                    1788
  UDP    0.0.0.0:49204          *:*                                    2700
  UDP    0.0.0.0:54634          *:*                                    2424
  UDP    0.0.0.0:59153          *:*                                    1584
  UDP    0.0.0.0:59155          *:*                                    2700
  UDP    0.0.0.0:61337          *:*                                    1584
  UDP    0.0.0.0:62071          *:*                                    3216
  UDP    127.0.0.1:1900         *:*                                    3216
  UDP    127.0.0.1:49203        *:*                                    3216
  UDP    192.168.1.100:5353     *:*                                    2424
  UDP    192.168.1.102:137      *:*                                    4
  UDP    192.168.1.102:138      *:*                                    4
  UDP    192.168.1.102:1900     *:*                                    3216
  UDP    192.168.1.102:2177     *:*                                    3216
  UDP    192.168.1.102:29510    *:*                                    10080
  UDP    192.168.1.102:49202    *:*                                    3216
  UDP    192.168.56.1:137       *:*                                    4
  UDP    192.168.56.1:138       *:*                                    4
  UDP    192.168.56.1:1900      *:*                                    3216
  UDP    192.168.56.1:2177      *:*                                    3216
  UDP    192.168.56.1:5353      *:*                                    2424
  UDP    192.168.56.1:49201     *:*                                    3216
  UDP    [::]:500               *:*                                    1128
  UDP    [::]:3702              *:*                                    1584
  UDP    [::]:3702              *:*                                    3216
  UDP    [::]:3702              *:*                                    2700
  UDP    [::]:3702              *:*                                    2700
  UDP    [::]:3702              *:*                                    1584
  UDP    [::]:3702              *:*                                    3216
  UDP    [::]:4500              *:*                                    1128
  UDP    [::]:5353              *:*                                    1788
  UDP    [::]:5355              *:*                                    1788
  UDP    [::]:49205             *:*                                    2700
  UDP    [::]:54635             *:*                                    2424
  UDP    [::]:59154             *:*                                    1584
  UDP    [::]:59156             *:*                                    2700
  UDP    [::]:61338             *:*                                    1584
  UDP    [::]:62072             *:*                                    3216
  UDP    [::1]:1900             *:*                                    3216
  UDP    [::1]:5353             *:*                                    2424
  UDP    [::1]:49200            *:*                                    3216
  UDP    [fe80::594a:d765:b239:acf9%10]:1900  *:*                                    3216
  UDP    [fe80::594a:d765:b239:acf9%10]:2177  *:*                                    3216
  UDP    [fe80::594a:d765:b239:acf9%10]:49198  *:*                                    3216
  UDP    [fe80::6463:584f:41ed:918c%23]:1900  *:*                                    3216
  UDP    [fe80::6463:584f:41ed:918c%23]:2177  *:*                                    3216
  UDP    [fe80::6463:584f:41ed:918c%23]:49199  *:*                                    3216

I believe it is highly unlikely that netstat is causing any problems. To answer this I would want more information such as 1) did this appear suddenly, 2) what did it look like before you noticed it? Etc. — SDsolar, Mar 11 '17 at 04:28
Lot of data there, but it's pretty normal to have that much. Port 49427 suggests you're running a Mac... if so, you can see more with `lsof` (see [this article](https://superuser.com/questions/380800/mac-equivalent-of-netstat-b-n)). On a PC just use the `-b` switch with netstat. — John Wu, Mar 11 '17 at 04:42
We are not tech support. And you have not supplied enough data to really investigate. You always have ***far*** more than "just" explorer running.... — schroeder, Mar 11 '17 at 08:10
It looks like you have many processes running, I don't exactly understand your question, if you mean malicious by out of normal, you should compare the pid of running applications with your netstat output, if you see any duplicates or unknown programs you should install a trusted anti-virus. If you think your netstat could be suggesting a broken system, you need to post much more information about your system... Good luck! — Lukas, Mar 11 '17 at 03:04
Yes. You are right. I meant that the only Established connection is explorer.exe and must be the Push Notification Service. — 91ni, Mar 11 '17 at 15:00

score 0 · Answer 1 · answered Mar 11 '17 at 05:39

This is the Windows Push Notification Services (WNS).

It is used by Microsoft's 'cloud' based apps.

Check your host for apps like OneDrive and Skype, or any other Windows applications that connect to one of Microsoft online services.

It is not uncommon, especially in the case of OneDrive, for explorer.exe to have an established connection to a WNS server.

Windows Push Notification Service

Weird Procceses

1 Answers1