Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Netstat question.... i'm worried!

G

g's hat

macrumors newbie
Original poster
Sep 25, 2006
6
0
Hello,

I would be really grateful if someone can help. Sorry if it's quite an obvios question, my technical nous is limited! I run a Mac Mini 1.66 with OSX 10.4.11.

My internet connection has been really slow of late so i called my service provider who didn't really know all that much about Macs. He told me to go to the Network Utility - Netstat tab and check the 'Display the state of all current socket connections' button and click the Netstat button. It returned a lot of lines - about 25 active internet connections (starting tcp 4, udp 4, udp 6 and icm 6) and about the same Active LOCAL (UNIX) domain sockets starting, for example, with 1ddbdd0. The guy on the 'phone said this was wrong and as there were so many connections my Mac had probably been hacked! Is this the case? Or is 50 or so lines the norm? I'd be happy to copy and paste the whole report if someone could decode what it means and whether or not things are normal!

Any help greatly, greatly appreciated :confused:
 
g's hat said:
Hello,

I would be really grateful if someone can help. Sorry if it's quite an obvios question, my technical nous is limited! I run a Mac Mini 1.66 with OSX 10.4.11.

My internet connection has been really slow of late so i called my service provider who didn't really know all that much about Macs. He told me to go to the Network Utility - Netstat tab and check the 'Display the state of all current socket connections' button and click the Netstat button. It returned a lot of lines - about 25 active internet connections (starting tcp 4, udp 4, udp 6 and icm 6) and about the same Active LOCAL (UNIX) domain sockets starting, for example, with 1ddbdd0. The guy on the 'phone said this was wrong and as there were so many connections my Mac had probably been hacked! Is this the case? Or is 50 or so lines the norm? I'd be happy to copy and paste the whole report if someone could decode what it means and whether or not things are normal!

Any help greatly, greatly appreciated :confused:
Click to expand...

Go ahead and post your log. It is normal to have that many connections. The guy doesn't know what he's talking about.

Here is an example of mine and I am not hacked:

Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.1.20.51937 wwwbaytest2.micr.http CLOSE_WAIT
tcp4 0 0 192.168.1.20.51592 192.168.1.6.afpovertcp ESTABLISHED
tcp4 0 0 192.168.1.20.51457 nwk-qtsoftware.a.http CLOSE_WAIT
tcp4 0 0 192.168.1.20.51454 www.purestatic.c.http CLOSE_WAIT
tcp4 0 0 *.3998 *.* LISTEN
tcp4 0 0 localhost.9165 localhost.49152 ESTABLISHED
tcp4 0 0 localhost.9165 *.* LISTEN
tcp4 0 0 localhost.49152 localhost.9165 ESTABLISHED
tcp4 0 0 localhost.netlock2 *.* LISTEN
tcp4 0 0 localhost.ipp *.* LISTEN
tcp6 0 0 localhost.ipp *.* LISTEN
udp4 0 0 *.rockwell-csp3 *.*
udp4 0 0 *.* *.*
udp4 0 0 *.49179 *.*
udp4 0 0 10.37.129.4.isakmp *.*
udp4 0 0 10.211.55.6.isakmp *.*
udp4 0 0 *.* *.*
udp4 0 0 10.211.55.6.ntp *.*
udp6 0 0 Macintosh.ntp *.*
udp4 0 0 10.37.129.4.ntp *.*
udp6 0 0 Macintosh.ntp *.*
udp4 0 0 192.168.1.20.isakmp *.*
udp4 0 0 *.netlock5 *.*
udp4 0 0 192.168.1.20.ntp *.*
udp6 0 0 Macintosh.ntp *.*
udp6 0 0 localhost.ntp *.*
udp4 0 0 localhost.ntp *.*
udp6 0 0 localhost.ntp *.*
udp6 0 0 *.ntp *.*
udp4 0 0 *.ntp *.*
udp6 0 0 *.mdns *.*
udp4 0 0 *.mdns *.*
udp4 0 0 *.* *.*
icm6 0 0 *.* *.*
icm6 0 0 *.* *.*
icm6 0 0 *.* *.*
Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
6b4f4c8 stream 0 0 0 6b4f000 0 0 /var/tmp/launchd/sock
6b4f000 stream 0 0 0 6b4f4c8 0 0
6b4f770 stream 0 0 0 7d39d48 0 0
7d39d48 stream 0 0 0 6b4f770 0 0
6b4f330 stream 0 0 0 7d39f68 0 0
7d39f68 stream 0 0 0 6b4f330 0 0
6b4faa0 stream 0 0 0 66373b8 0 0 /var/run/mDNSResponder
66373b8 stream 0 0 0 6b4faa0 0 0
6b4f908 stream 0 0 0 6b4f198 0 0
6b4f198 stream 0 0 0 6b4f908 0 0
5af1dd0 stream 0 0 0 56d1220 0 0
56d1220 stream 0 0 0 5af1dd0 0 0
6b4f2a8 stream 0 0 0 6b4f5d8 0 0 /var/tmp/SCDynamicStoreNotifyFileDescriptor-34587
6b4f5d8 stream 0 0 0 6b4f2a8 0 0
6b4f660 stream 0 0 0 6b4f550 0 0 /var/run/asl_input
6b4f550 stream 0 0 0 6b4f660 0 0
6b4f6e8 stream 0 0 0 6b4f440 0 0
6b4f440 stream 0 0 0 6b4f6e8 0 0
5b07bb0 stream 0 0 6db2c20 0 0 0 /tmp/clamd
6637550 stream 0 0 0 6b4fcc0 0 0 /var/run/mDNSResponder
6b4fcc0 stream 0 0 0 6637550 0 0
66377f8 stream 0 0 0 6b4fc38 0 0 /var/run/mDNSResponder
6b4fc38 stream 0 0 0 66377f8 0 0
6637d48 stream 0 0 0 56d14c8 0 0 /var/run/pppconfd
56d14c8 stream 0 0 0 6637d48 0 0
6637f68 stream 0 0 0 5af1f68 0 0 /var/run/pppconfd
5af1f68 stream 0 0 0 6637f68 0 0
6b4fee0 stream 0 0 0 6b4ff68 0 0 /var/tmp/com.netopia.timbuktu.pro.skype.501/socket
6b4ff68 stream 0 0 0 6b4fee0 0 0
6637110 stream 0 0 6b03f30 0 0 0 /var/tmp/com.netopia.timbuktu.pro.skype.501/socket
6637330 stream 0 0 0 66372a8 0 0
66372a8 stream 0 0 0 6637330 0 0
66376e8 stream 0 0 0 6637908 0 0 /var/run/mDNSResponder
6637908 stream 0 0 0 66376e8 0 0
6637770 stream 0 0 0 6637880 0 0 /tmp/com.softraid.softraidd/driverevents
6637880 stream 0 0 0 6637770 0 0
6637a18 stream 0 0 0 6637aa0 0 0 /var/run/mDNSResponder
6637aa0 stream 0 0 0 6637a18 0 0
5b07a18 stream 0 0 0 6637b28 0 0 /var/run/mDNSResponder
6637b28 stream 0 0 0 5b07a18 0 0
56d1b28 stream 0 0 0 56d1bb0 0 0 /var/run/mDNSResponder
56d1bb0 stream 0 0 0 56d1b28 0 0
6637bb0 stream 0 0 67355f0 0 0 0 /tmp/com.softraid.softraidd/driverevents
56d1198 stream 0 0 0 5af1ee0 0 0 /var/run/mDNSResponder
5af1ee0 stream 0 0 0 56d1198 0 0
6637cc0 stream 0 0 6701170 0 0 0 /tmp/TimbuktuHostEventSocket
6637ee0 stream 0 0 0 56d15d8 0 0
56d15d8 stream 0 0 0 6637ee0 0 0
56d1660 stream 0 0 0 5af16e8 0 0 /var/tmp/SCDynamicStoreNotifyFileDescriptor-13571
5af16e8 stream 0 0 0 56d1660 0 0
56d13b8 stream 0 0 0 5af1e58 0 0
5af1e58 stream 0 0 0 56d13b8 0 0
5af1b28 stream 0 0 661d290 0 0 0 /tmp/launch-ZtzAIq/:0
5af1908 stream 0 0 661d3b0 0 0 0 /tmp/launch-Llv5m3/Listeners
5af17f8 stream 0 0 661d4d0 0 0 0 /tmp/launch-DwsEtn/Render
5af1198 stream 0 0 661d710 0 0 0 /private/tmp/com.hp.launchport
5b07550 stream 0 0 0 5b075d8 0 0
5b075d8 stream 0 0 0 5b07550 0 0
5b07e58 stream 0 0 0 5b07440 0 0
5b07440 stream 0 0 0 5b07e58 0 0
5b07c38 stream 0 0 0 5af13b8 0 0
5af13b8 stream 0 0 0 5b07c38 0 0
5b073b8 stream 0 0 5f2c630 0 0 0 /tmp/launchd-83.4KfIR0/sock
5b07088 stream 0 0 5efc400 0 0 0 /tmp/launchd-78.VgENEa/sock
5b074c8 stream 0 0 0 5b07198 0 0
5b07198 stream 0 0 0 5b074c8 0 0
56d1440 stream 0 0 0 5af1880 0 0
5af1880 stream 0 0 0 56d1440 0 0
5b07330 stream 0 0 5ddfe10 0 0 0 /var/run/pppconfd
5af1cc0 stream 0 0 0 5af1770 0 0
5af1770 stream 0 0 0 5af1cc0 0 0
5b07000 stream 0 0 0 5b07dd0 0 0
5b07dd0 stream 0 0 0 5b07000 0 0
56d16e8 stream 0 0 0 56d1330 0 0
56d1330 stream 0 0 0 56d16e8 0 0
5b07770 stream 0 0 0 5b077f8 0 0
5b077f8 stream 0 0 0 5b07770 0 0
5b07aa0 stream 0 0 0 5b07b28 0 0
5b07b28 stream 0 0 0 5b07aa0 0 0
5b07cc0 stream 0 0 0 5b07d48 0 0
5b07d48 stream 0 0 0 5b07cc0 0 0
5af1220 stream 0 0 0 5af12a8 0 0
5af12a8 stream 0 0 0 5af1220 0 0
5af1440 stream 0 0 0 5af14c8 0 0
5af14c8 stream 0 0 0 5af1440 0 0
5af1990 stream 0 0 0 5af1a18 0 0
5af1a18 stream 0 0 0 5af1990 0 0
5af1bb0 stream 0 0 0 5af1c38 0 0
5af1c38 stream 0 0 0 5af1bb0 0 0
56d1000 stream 0 0 0 56d1088 0 0
56d1088 stream 0 0 0 56d1000 0 0
56d17f8 stream 0 0 0 56d1770 0 0
56d1770 stream 0 0 0 56d17f8 0 0
56d1880 stream 0 0 0 56d1990 0 0
56d1990 stream 0 0 0 56d1880 0 0
56d1a18 stream 0 0 0 56d1aa0 0 0
56d1aa0 stream 0 0 0 56d1a18 0 0
56d1c38 stream 0 0 57e80a0 0 0 0 /var/tmp/launchd/sock
56d1cc0 stream 0 0 57e81c0 0 0 0 /private/var/run/cupsd
56d1d48 stream 0 0 57e82e0 0 0 0 /var/run/usbmuxd
56d1e58 stream 0 0 57e8400 0 0 0 /var/run/asl_input
56d1f68 stream 0 0 57e8490 0 0 0 /var/run/portmap.socket
56d1ee0 stream 0 0 57e8520 0 0 0 /var/run/mDNSResponder
6b4f880 dgram 0 0 0 7d39e58 7d39e58 0
7d39e58 dgram 0 0 0 6b4f880 6b4f880 0
5af1550 dgram 0 0 0 6b4f110 6b4f110 0
6b4f110 dgram 0 0 0 5af1550 5af1550 0
5b07880 dgram 0 0 0 6b4fbb0 6b4fbb0 0
6b4fbb0 dgram 0 0 0 5b07880 5b07880 0
6b4f088 dgram 0 0 0 56d1dd0 0 6b4fd48
6b4fd48 dgram 0 0 0 56d1dd0 0 6b4f3b8
6b4f7f8 dgram 0 0 0 6b4f220 6b4f220 0
6b4f220 dgram 0 0 0 6b4f7f8 6b4f7f8 0
6b4f3b8 dgram 0 0 0 56d1dd0 0 6637c38
5b076e8 dgram 0 0 0 6b4fa18 6b4fa18 0
6b4fa18 dgram 0 0 0 5b076e8 5b076e8 0
6b4f990 dgram 0 0 0 6b4fb28 6b4fb28 0
6b4fb28 dgram 0 0 0 6b4f990 6b4f990 0
66374c8 dgram 0 0 0 5b072a8 5b072a8 0
5b072a8 dgram 0 0 0 66374c8 66374c8 0
6637990 dgram 0 0 0 6637440 6637440 0
6637440 dgram 0 0 0 6637990 6637990 0
5af1aa0 dgram 0 0 0 5b07ee0 5b07ee0 0
5b07ee0 dgram 0 0 0 5af1aa0 5af1aa0 0
6b4fdd0 dgram 0 0 0 6b4fe58 6b4fe58 0
6b4fe58 dgram 0 0 0 6b4fdd0 6b4fdd0 0
6637000 dgram 0 0 0 6637088 6637088 0
6637088 dgram 0 0 0 6637000 6637000 0
6637198 dgram 0 0 0 6637220 6637220 0
6637220 dgram 0 0 0 6637198 6637198 0
66375d8 dgram 0 0 0 6637660 6637660 0
6637660 dgram 0 0 0 66375d8 66375d8 0
5b07908 dgram 0 0 0 5af15d8 5af15d8 0
5af15d8 dgram 0 0 0 5b07908 5b07908 0
6637c38 dgram 0 0 0 56d1dd0 0 6637dd0
56d12a8 dgram 0 0 0 6637e58 6637e58 0
6637e58 dgram 0 0 0 56d12a8 56d12a8 0
6637dd0 dgram 0 0 0 56d1dd0 0 5af1d48
5af1d48 dgram 0 0 0 56d1dd0 0 5af1088
5af1088 dgram 0 0 0 56d1dd0 0 5b07f68
5b07f68 dgram 0 0 0 56d1dd0 0 56d1110
5b07110 dgram 0 0 0 5af1330 5af1330 0
5af1330 dgram 0 0 0 5b07110 5b07110 0
56d1110 dgram 0 0 0 56d1dd0 0 5af1110
56d1550 dgram 0 0 0 5b07220 5b07220 0
5b07220 dgram 0 0 0 56d1550 56d1550 0
5af1000 dgram 0 0 0 5af1660 5af1660 0
5af1660 dgram 0 0 0 5af1000 5af1000 0
5af1110 dgram 0 0 0 56d1dd0 0 5b07990
5b07990 dgram 0 0 0 56d1dd0 0 5b07660
5b07660 dgram 0 0 0 56d1dd0 0 56d1908
56d1908 dgram 0 0 0 56d1dd0 0 0
56d1dd0 dgram 0 0 57e8370 0 6b4f088 0 /var/run/syslog
 
I probably get about 50 lines or more (not going to count them :) ) The sort of things you have described in your post appear normal.
 
Thanks for replying so quickly.... i certainly feel more at ease. Anyway, here's what Netstat came back with:

Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 localhost.netinfo-loca localhost.1017 ESTABLISHED
tcp4 0 0 localhost.1017 localhost.netinfo-loca ESTABLISHED
tcp4 0 0 localhost.netinfo-loca localhost.1021 ESTABLISHED
tcp4 0 0 localhost.1021 localhost.netinfo-loca ESTABLISHED
tcp4 0 0 localhost.netinfo-loca *.* LISTEN
udp4 0 0 *.mdns *.*
udp4 0 0 localhost.49158 localhost.1022
udp4 0 0 localhost.49157 localhost.1022
udp4 0 0 localhost.1022 *.*
udp4 0 0 localhost.49155 localhost.1023
udp4 0 0 localhost.1023 *.*
udp4 0 0 192.168.0.2.ntp *.*
udp6 0 0 fe80:5::217:f2ff.123 *.*
udp6 0 0 fe80:1::1.123 *.*
udp6 0 0 localhost.123 *.*
udp4 0 0 localhost.ntp *.*
udp6 0 0 *.123 *.*
udp4 0 0 *.ntp *.*
udp6 0 0 *.5353 *.*
udp4 0 0 *.mdns *.*
udp4 0 0 localhost.netinfo-loca *.*
udp4 0 0 *.* *.*
icm6 0 0 *.* *.*
Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
23e7f68 stream 0 0 0 1e00000 0 0
1e00000 stream 0 0 0 23e7f68 0 0
1e00088 stream 0 0 0 1e00110 0 0 /var/run/usbmuxd
1e00110 stream 0 0 0 1e00088 0 0
1e00330 stream 0 0 0 1e003b8 0 0 /var/run/mDNSResponder
1e003b8 stream 0 0 0 1e00330 0 0
1e004c8 stream 0 0 2285a50 0 0 0 /var/run/pppconfd
1e00880 stream 0 0 0 1e00990 0 0 /var/run/asl_input
1e00990 stream 0 0 0 1e00880 0 0
1e00cc0 stream 0 0 21d8ce4 0 0 0 /var/run/mDNSResponder
1e00d48 stream 0 0 21af948 0 0 0 /var/run/asl_input
1e00e58 stream 0 0 21976b4 0 0 0 /var/run/usbmuxd
1e00ee0 stream 0 0 2197738 0 0 0 /var/run/portmap.socket
1e00f68 stream 0 0 1df4294 0 0 0 /var/launchd/0/sock
23e7aa0 dgram 0 0 0 23e7b28 23e7b28 0
23e7b28 dgram 0 0 0 23e7aa0 23e7aa0 0
23e7bb0 dgram 0 0 0 1e00908 0 23e7c38
23e7c38 dgram 0 0 0 1e00908 0 23e7cc0
23e7cc0 dgram 0 0 0 1e00908 0 1e00440
1e00440 dgram 0 0 0 1e00908 0 1e00198
23e7d48 dgram 0 0 0 23e7dd0 23e7dd0 0
23e7dd0 dgram 0 0 0 23e7d48 23e7d48 0
23e7e58 dgram 0 0 0 23e7ee0 23e7ee0 0
23e7ee0 dgram 0 0 0 23e7e58 23e7e58 0
1e00198 dgram 0 0 0 1e00908 0 1e00dd0
1e00220 dgram 0 0 0 1e002a8 1e002a8 0
1e002a8 dgram 0 0 0 1e00220 1e00220 0
1e00dd0 dgram 0 0 0 1e00908 0 1e00660
1e00550 dgram 0 0 0 1e005d8 1e005d8 0
1e005d8 dgram 0 0 0 1e00550 1e00550 0
1e00660 dgram 0 0 0 1e00908 0 1e006e8
1e006e8 dgram 0 0 0 1e00908 0 1e00770
1e00770 dgram 0 0 0 1e00908 0 1e00c38
1e00c38 dgram 0 0 0 1e00908 0 1e00a18
1e00a18 dgram 0 0 0 1e00908 0 1e00b28
1e00b28 dgram 0 0 0 1e00908 0 1e007f8
1e007f8 dgram 0 0 0 1e00908 0 0
1e00aa0 dgram 0 0 0 1e00bb0 1e00bb0 0
1e00bb0 dgram 0 0 0 1e00aa0 1e00aa0 0
1e00908 dgram 0 0 21af738 0 23e7bb0 0 /var/run/syslog


I've got a feeling the guy just wanted me off the line :mad:.
 
Nothing seems out of place on that netstat dump :)

You're in the clear. Most of that stuff is UNIXy stuff that doesn't really matter.
 
Many thanks for your help guys; much appreciated :) Definitely changing my provider....!
 
if you dont want to change providers, it may be worth another call.

you need to convince them to hand you off to Level 2 helpdesk.

First, run a speedtest and see what your connection speed is.
I'm a big fan of this site, their results are very consistent:
http://www.speakeasy.net/speedtest/

My "max" rate is 3 mb/s. I get about 2.5 to 2.7 mb/s anytime I check.

when you're on the pone with tech support, explain to them that you used to get X and now you get Y and that you are supposed to get(according to your plan) Z.

When you get to level2, they can actually check the speed on the port that you are connected to. I've had my internet slow down significantly twice in the last 8 years for no apparent reason.

One time was because squirrel poop had eaten through the old cloth sheathing running to my house and it was holding moisture and degrading the signal.

The second time it was because someone had accidentally reset my port to 1.5 mb/s. The level1 guy had no way of knowing this. The level 2 guy saw it instantly and fixed me up.

Don
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back