When I run netstat -a on Windows 8.1 I am seeing a number of connections from 127.0.0.1: ports around 50000 connecting to My PC name (DadsPC) on port 1111. A portion are listed below. Is this normal? I've run anti-virus scans and am running Kaspersky AV but nothing was reported.
Proto Local Address Foreign Address State TCP 127.0.0.1:50846 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50847 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50848 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50849 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50850 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50851 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50852 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50853 DadsPC:nfsd-status TIME_WAIT TCP 127.0.0.1:50854 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50860 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50864 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50871 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50872 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50879 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50880 DadsPC:nfsd-status TIME_WAIT TCP 127.0.0.1:50883 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50884 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50885 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50886 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50887 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50888 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50892 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50893 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50897 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50899 DadsPC:nfsd-status TIME_WAIT TCP 127.0.0.1:50901 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50904 DadsPC:nfsd-status TIME_WAIT TCP 127.0.0.1:50906 DadsPC:nfsd-status TIME_WAIT TCP 127.0.0.1:50909 DadsPC:nfsd-status ESTABLISHED TCP 127.0.0.1:50911 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50912 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50913 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50914 DadsPC:nfsd-status TIME_WAIT TCP 127.0.0.1:50915 DadsPC:nfsd-status TIME_WAIT TCP 127.0.0.1:50918 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50919 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50920 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50921 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50922 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50923 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50924 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50925 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50926 DadsPC:1111 TIME_WAIT TCP 127.0.0.1:50928 DadsPC:1111 TIME_WAITThanks in advance.
2 Answers
Port 1111 can be used by quite a number of things. Apparently IANA has assigned it to lmsocialserver, it is also used by Adobe Flash Media Administration server.
According to speedgude.net there are also a number of trojans that use this port as well. Your best option is to use netstat -a -b. The -b option should show you the executable that is actually listening on the port.
There is no threat in your netstat results, since source and destination addresses are same and Kaspersky hasn't detect a problem. So, you're not victim of a major virus .
If you suspect being watched by someone, simply you should only allow trusted applications in firewall .
P.S. : Firewall looks at inbound and outbound network traffic on your windows and only allows safe traffic in. Outbound traffic is usually allowed, so badwared could send data freely. Responded data is assumed to be safe by Firewall so badware gets response easily. But, if you restrict outband traffic to only some trusted applications, you are good to go ;)
3
