Netstat question.... i'm worried!

Discussion in 'Mac Basics and Help' started by g's hat, Apr 22, 2008.

  1. g's hat macrumors newbie

    Joined:
    Sep 25, 2006
    #1
    Hello,

    I would be really grateful if someone can help. Sorry if it's quite an obvios question, my technical nous is limited! I run a Mac Mini 1.66 with OSX 10.4.11.

    My internet connection has been really slow of late so i called my service provider who didn't really know all that much about Macs. He told me to go to the Network Utility - Netstat tab and check the 'Display the state of all current socket connections' button and click the Netstat button. It returned a lot of lines - about 25 active internet connections (starting tcp 4, udp 4, udp 6 and icm 6) and about the same Active LOCAL (UNIX) domain sockets starting, for example, with 1ddbdd0. The guy on the 'phone said this was wrong and as there were so many connections my Mac had probably been hacked! Is this the case? Or is 50 or so lines the norm? I'd be happy to copy and paste the whole report if someone could decode what it means and whether or not things are normal!

    Any help greatly, greatly appreciated :confused:
     
  2. merl1n macrumors 65816

    merl1n

    Joined:
    Mar 30, 2008
    Location:
    New Jersey, USA
    #2
    Go ahead and post your log. It is normal to have that many connections. The guy doesn't know what he's talking about.

    Here is an example of mine and I am not hacked:

    Active Internet connections (including servers)
    Proto Recv-Q Send-Q Local Address Foreign Address (state)
    tcp4 0 0 192.168.1.20.51937 wwwbaytest2.micr.http CLOSE_WAIT
    tcp4 0 0 192.168.1.20.51592 192.168.1.6.afpovertcp ESTABLISHED
    tcp4 0 0 192.168.1.20.51457 nwk-qtsoftware.a.http CLOSE_WAIT
    tcp4 0 0 192.168.1.20.51454 www.purestatic.c.http CLOSE_WAIT
    tcp4 0 0 *.3998 *.* LISTEN
    tcp4 0 0 localhost.9165 localhost.49152 ESTABLISHED
    tcp4 0 0 localhost.9165 *.* LISTEN
    tcp4 0 0 localhost.49152 localhost.9165 ESTABLISHED
    tcp4 0 0 localhost.netlock2 *.* LISTEN
    tcp4 0 0 localhost.ipp *.* LISTEN
    tcp6 0 0 localhost.ipp *.* LISTEN
    udp4 0 0 *.rockwell-csp3 *.*
    udp4 0 0 *.* *.*
    udp4 0 0 *.49179 *.*
    udp4 0 0 10.37.129.4.isakmp *.*
    udp4 0 0 10.211.55.6.isakmp *.*
    udp4 0 0 *.* *.*
    udp4 0 0 10.211.55.6.ntp *.*
    udp6 0 0 Macintosh.ntp *.*
    udp4 0 0 10.37.129.4.ntp *.*
    udp6 0 0 Macintosh.ntp *.*
    udp4 0 0 192.168.1.20.isakmp *.*
    udp4 0 0 *.netlock5 *.*
    udp4 0 0 192.168.1.20.ntp *.*
    udp6 0 0 Macintosh.ntp *.*
    udp6 0 0 localhost.ntp *.*
    udp4 0 0 localhost.ntp *.*
    udp6 0 0 localhost.ntp *.*
    udp6 0 0 *.ntp *.*
    udp4 0 0 *.ntp *.*
    udp6 0 0 *.mdns *.*
    udp4 0 0 *.mdns *.*
    udp4 0 0 *.* *.*
    icm6 0 0 *.* *.*
    icm6 0 0 *.* *.*
    icm6 0 0 *.* *.*
    Active LOCAL (UNIX) domain sockets
    Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
    6b4f4c8 stream 0 0 0 6b4f000 0 0 /var/tmp/launchd/sock
    6b4f000 stream 0 0 0 6b4f4c8 0 0
    6b4f770 stream 0 0 0 7d39d48 0 0
    7d39d48 stream 0 0 0 6b4f770 0 0
    6b4f330 stream 0 0 0 7d39f68 0 0
    7d39f68 stream 0 0 0 6b4f330 0 0
    6b4faa0 stream 0 0 0 66373b8 0 0 /var/run/mDNSResponder
    66373b8 stream 0 0 0 6b4faa0 0 0
    6b4f908 stream 0 0 0 6b4f198 0 0
    6b4f198 stream 0 0 0 6b4f908 0 0
    5af1dd0 stream 0 0 0 56d1220 0 0
    56d1220 stream 0 0 0 5af1dd0 0 0
    6b4f2a8 stream 0 0 0 6b4f5d8 0 0 /var/tmp/SCDynamicStoreNotifyFileDescriptor-34587
    6b4f5d8 stream 0 0 0 6b4f2a8 0 0
    6b4f660 stream 0 0 0 6b4f550 0 0 /var/run/asl_input
    6b4f550 stream 0 0 0 6b4f660 0 0
    6b4f6e8 stream 0 0 0 6b4f440 0 0
    6b4f440 stream 0 0 0 6b4f6e8 0 0
    5b07bb0 stream 0 0 6db2c20 0 0 0 /tmp/clamd
    6637550 stream 0 0 0 6b4fcc0 0 0 /var/run/mDNSResponder
    6b4fcc0 stream 0 0 0 6637550 0 0
    66377f8 stream 0 0 0 6b4fc38 0 0 /var/run/mDNSResponder
    6b4fc38 stream 0 0 0 66377f8 0 0
    6637d48 stream 0 0 0 56d14c8 0 0 /var/run/pppconfd
    56d14c8 stream 0 0 0 6637d48 0 0
    6637f68 stream 0 0 0 5af1f68 0 0 /var/run/pppconfd
    5af1f68 stream 0 0 0 6637f68 0 0
    6b4fee0 stream 0 0 0 6b4ff68 0 0 /var/tmp/com.netopia.timbuktu.pro.skype.501/socket
    6b4ff68 stream 0 0 0 6b4fee0 0 0
    6637110 stream 0 0 6b03f30 0 0 0 /var/tmp/com.netopia.timbuktu.pro.skype.501/socket
    6637330 stream 0 0 0 66372a8 0 0
    66372a8 stream 0 0 0 6637330 0 0
    66376e8 stream 0 0 0 6637908 0 0 /var/run/mDNSResponder
    6637908 stream 0 0 0 66376e8 0 0
    6637770 stream 0 0 0 6637880 0 0 /tmp/com.softraid.softraidd/driverevents
    6637880 stream 0 0 0 6637770 0 0
    6637a18 stream 0 0 0 6637aa0 0 0 /var/run/mDNSResponder
    6637aa0 stream 0 0 0 6637a18 0 0
    5b07a18 stream 0 0 0 6637b28 0 0 /var/run/mDNSResponder
    6637b28 stream 0 0 0 5b07a18 0 0
    56d1b28 stream 0 0 0 56d1bb0 0 0 /var/run/mDNSResponder
    56d1bb0 stream 0 0 0 56d1b28 0 0
    6637bb0 stream 0 0 67355f0 0 0 0 /tmp/com.softraid.softraidd/driverevents
    56d1198 stream 0 0 0 5af1ee0 0 0 /var/run/mDNSResponder
    5af1ee0 stream 0 0 0 56d1198 0 0
    6637cc0 stream 0 0 6701170 0 0 0 /tmp/TimbuktuHostEventSocket
    6637ee0 stream 0 0 0 56d15d8 0 0
    56d15d8 stream 0 0 0 6637ee0 0 0
    56d1660 stream 0 0 0 5af16e8 0 0 /var/tmp/SCDynamicStoreNotifyFileDescriptor-13571
    5af16e8 stream 0 0 0 56d1660 0 0
    56d13b8 stream 0 0 0 5af1e58 0 0
    5af1e58 stream 0 0 0 56d13b8 0 0
    5af1b28 stream 0 0 661d290 0 0 0 /tmp/launch-ZtzAIq/:0
    5af1908 stream 0 0 661d3b0 0 0 0 /tmp/launch-Llv5m3/Listeners
    5af17f8 stream 0 0 661d4d0 0 0 0 /tmp/launch-DwsEtn/Render
    5af1198 stream 0 0 661d710 0 0 0 /private/tmp/com.hp.launchport
    5b07550 stream 0 0 0 5b075d8 0 0
    5b075d8 stream 0 0 0 5b07550 0 0
    5b07e58 stream 0 0 0 5b07440 0 0
    5b07440 stream 0 0 0 5b07e58 0 0
    5b07c38 stream 0 0 0 5af13b8 0 0
    5af13b8 stream 0 0 0 5b07c38 0 0
    5b073b8 stream 0 0 5f2c630 0 0 0 /tmp/launchd-83.4KfIR0/sock
    5b07088 stream 0 0 5efc400 0 0 0 /tmp/launchd-78.VgENEa/sock
    5b074c8 stream 0 0 0 5b07198 0 0
    5b07198 stream 0 0 0 5b074c8 0 0
    56d1440 stream 0 0 0 5af1880 0 0
    5af1880 stream 0 0 0 56d1440 0 0
    5b07330 stream 0 0 5ddfe10 0 0 0 /var/run/pppconfd
    5af1cc0 stream 0 0 0 5af1770 0 0
    5af1770 stream 0 0 0 5af1cc0 0 0
    5b07000 stream 0 0 0 5b07dd0 0 0
    5b07dd0 stream 0 0 0 5b07000 0 0
    56d16e8 stream 0 0 0 56d1330 0 0
    56d1330 stream 0 0 0 56d16e8 0 0
    5b07770 stream 0 0 0 5b077f8 0 0
    5b077f8 stream 0 0 0 5b07770 0 0
    5b07aa0 stream 0 0 0 5b07b28 0 0
    5b07b28 stream 0 0 0 5b07aa0 0 0
    5b07cc0 stream 0 0 0 5b07d48 0 0
    5b07d48 stream 0 0 0 5b07cc0 0 0
    5af1220 stream 0 0 0 5af12a8 0 0
    5af12a8 stream 0 0 0 5af1220 0 0
    5af1440 stream 0 0 0 5af14c8 0 0
    5af14c8 stream 0 0 0 5af1440 0 0
    5af1990 stream 0 0 0 5af1a18 0 0
    5af1a18 stream 0 0 0 5af1990 0 0
    5af1bb0 stream 0 0 0 5af1c38 0 0
    5af1c38 stream 0 0 0 5af1bb0 0 0
    56d1000 stream 0 0 0 56d1088 0 0
    56d1088 stream 0 0 0 56d1000 0 0
    56d17f8 stream 0 0 0 56d1770 0 0
    56d1770 stream 0 0 0 56d17f8 0 0
    56d1880 stream 0 0 0 56d1990 0 0
    56d1990 stream 0 0 0 56d1880 0 0
    56d1a18 stream 0 0 0 56d1aa0 0 0
    56d1aa0 stream 0 0 0 56d1a18 0 0
    56d1c38 stream 0 0 57e80a0 0 0 0 /var/tmp/launchd/sock
    56d1cc0 stream 0 0 57e81c0 0 0 0 /private/var/run/cupsd
    56d1d48 stream 0 0 57e82e0 0 0 0 /var/run/usbmuxd
    56d1e58 stream 0 0 57e8400 0 0 0 /var/run/asl_input
    56d1f68 stream 0 0 57e8490 0 0 0 /var/run/portmap.socket
    56d1ee0 stream 0 0 57e8520 0 0 0 /var/run/mDNSResponder
    6b4f880 dgram 0 0 0 7d39e58 7d39e58 0
    7d39e58 dgram 0 0 0 6b4f880 6b4f880 0
    5af1550 dgram 0 0 0 6b4f110 6b4f110 0
    6b4f110 dgram 0 0 0 5af1550 5af1550 0
    5b07880 dgram 0 0 0 6b4fbb0 6b4fbb0 0
    6b4fbb0 dgram 0 0 0 5b07880 5b07880 0
    6b4f088 dgram 0 0 0 56d1dd0 0 6b4fd48
    6b4fd48 dgram 0 0 0 56d1dd0 0 6b4f3b8
    6b4f7f8 dgram 0 0 0 6b4f220 6b4f220 0
    6b4f220 dgram 0 0 0 6b4f7f8 6b4f7f8 0
    6b4f3b8 dgram 0 0 0 56d1dd0 0 6637c38
    5b076e8 dgram 0 0 0 6b4fa18 6b4fa18 0
    6b4fa18 dgram 0 0 0 5b076e8 5b076e8 0
    6b4f990 dgram 0 0 0 6b4fb28 6b4fb28 0
    6b4fb28 dgram 0 0 0 6b4f990 6b4f990 0
    66374c8 dgram 0 0 0 5b072a8 5b072a8 0
    5b072a8 dgram 0 0 0 66374c8 66374c8 0
    6637990 dgram 0 0 0 6637440 6637440 0
    6637440 dgram 0 0 0 6637990 6637990 0
    5af1aa0 dgram 0 0 0 5b07ee0 5b07ee0 0
    5b07ee0 dgram 0 0 0 5af1aa0 5af1aa0 0
    6b4fdd0 dgram 0 0 0 6b4fe58 6b4fe58 0
    6b4fe58 dgram 0 0 0 6b4fdd0 6b4fdd0 0
    6637000 dgram 0 0 0 6637088 6637088 0
    6637088 dgram 0 0 0 6637000 6637000 0
    6637198 dgram 0 0 0 6637220 6637220 0
    6637220 dgram 0 0 0 6637198 6637198 0
    66375d8 dgram 0 0 0 6637660 6637660 0
    6637660 dgram 0 0 0 66375d8 66375d8 0
    5b07908 dgram 0 0 0 5af15d8 5af15d8 0
    5af15d8 dgram 0 0 0 5b07908 5b07908 0
    6637c38 dgram 0 0 0 56d1dd0 0 6637dd0
    56d12a8 dgram 0 0 0 6637e58 6637e58 0
    6637e58 dgram 0 0 0 56d12a8 56d12a8 0
    6637dd0 dgram 0 0 0 56d1dd0 0 5af1d48
    5af1d48 dgram 0 0 0 56d1dd0 0 5af1088
    5af1088 dgram 0 0 0 56d1dd0 0 5b07f68
    5b07f68 dgram 0 0 0 56d1dd0 0 56d1110
    5b07110 dgram 0 0 0 5af1330 5af1330 0
    5af1330 dgram 0 0 0 5b07110 5b07110 0
    56d1110 dgram 0 0 0 56d1dd0 0 5af1110
    56d1550 dgram 0 0 0 5b07220 5b07220 0
    5b07220 dgram 0 0 0 56d1550 56d1550 0
    5af1000 dgram 0 0 0 5af1660 5af1660 0
    5af1660 dgram 0 0 0 5af1000 5af1000 0
    5af1110 dgram 0 0 0 56d1dd0 0 5b07990
    5b07990 dgram 0 0 0 56d1dd0 0 5b07660
    5b07660 dgram 0 0 0 56d1dd0 0 56d1908
    56d1908 dgram 0 0 0 56d1dd0 0 0
    56d1dd0 dgram 0 0 57e8370 0 6b4f088 0 /var/run/syslog
     
  3. steveza macrumors 68000

    steveza

    Joined:
    Feb 20, 2008
    Location:
    UK
    #3
    I probably get about 50 lines or more (not going to count them :) ) The sort of things you have described in your post appear normal.
     
  4. g's hat thread starter macrumors newbie

    Joined:
    Sep 25, 2006
    #4
    Thanks for replying so quickly.... i certainly feel more at ease. Anyway, here's what Netstat came back with:

    Active Internet connections (including servers)
    Proto Recv-Q Send-Q Local Address Foreign Address (state)
    tcp4 0 0 localhost.netinfo-loca localhost.1017 ESTABLISHED
    tcp4 0 0 localhost.1017 localhost.netinfo-loca ESTABLISHED
    tcp4 0 0 localhost.netinfo-loca localhost.1021 ESTABLISHED
    tcp4 0 0 localhost.1021 localhost.netinfo-loca ESTABLISHED
    tcp4 0 0 localhost.netinfo-loca *.* LISTEN
    udp4 0 0 *.mdns *.*
    udp4 0 0 localhost.49158 localhost.1022
    udp4 0 0 localhost.49157 localhost.1022
    udp4 0 0 localhost.1022 *.*
    udp4 0 0 localhost.49155 localhost.1023
    udp4 0 0 localhost.1023 *.*
    udp4 0 0 192.168.0.2.ntp *.*
    udp6 0 0 fe80:5::217:f2ff.123 *.*
    udp6 0 0 fe80:1::1.123 *.*
    udp6 0 0 localhost.123 *.*
    udp4 0 0 localhost.ntp *.*
    udp6 0 0 *.123 *.*
    udp4 0 0 *.ntp *.*
    udp6 0 0 *.5353 *.*
    udp4 0 0 *.mdns *.*
    udp4 0 0 localhost.netinfo-loca *.*
    udp4 0 0 *.* *.*
    icm6 0 0 *.* *.*
    Active LOCAL (UNIX) domain sockets
    Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
    23e7f68 stream 0 0 0 1e00000 0 0
    1e00000 stream 0 0 0 23e7f68 0 0
    1e00088 stream 0 0 0 1e00110 0 0 /var/run/usbmuxd
    1e00110 stream 0 0 0 1e00088 0 0
    1e00330 stream 0 0 0 1e003b8 0 0 /var/run/mDNSResponder
    1e003b8 stream 0 0 0 1e00330 0 0
    1e004c8 stream 0 0 2285a50 0 0 0 /var/run/pppconfd
    1e00880 stream 0 0 0 1e00990 0 0 /var/run/asl_input
    1e00990 stream 0 0 0 1e00880 0 0
    1e00cc0 stream 0 0 21d8ce4 0 0 0 /var/run/mDNSResponder
    1e00d48 stream 0 0 21af948 0 0 0 /var/run/asl_input
    1e00e58 stream 0 0 21976b4 0 0 0 /var/run/usbmuxd
    1e00ee0 stream 0 0 2197738 0 0 0 /var/run/portmap.socket
    1e00f68 stream 0 0 1df4294 0 0 0 /var/launchd/0/sock
    23e7aa0 dgram 0 0 0 23e7b28 23e7b28 0
    23e7b28 dgram 0 0 0 23e7aa0 23e7aa0 0
    23e7bb0 dgram 0 0 0 1e00908 0 23e7c38
    23e7c38 dgram 0 0 0 1e00908 0 23e7cc0
    23e7cc0 dgram 0 0 0 1e00908 0 1e00440
    1e00440 dgram 0 0 0 1e00908 0 1e00198
    23e7d48 dgram 0 0 0 23e7dd0 23e7dd0 0
    23e7dd0 dgram 0 0 0 23e7d48 23e7d48 0
    23e7e58 dgram 0 0 0 23e7ee0 23e7ee0 0
    23e7ee0 dgram 0 0 0 23e7e58 23e7e58 0
    1e00198 dgram 0 0 0 1e00908 0 1e00dd0
    1e00220 dgram 0 0 0 1e002a8 1e002a8 0
    1e002a8 dgram 0 0 0 1e00220 1e00220 0
    1e00dd0 dgram 0 0 0 1e00908 0 1e00660
    1e00550 dgram 0 0 0 1e005d8 1e005d8 0
    1e005d8 dgram 0 0 0 1e00550 1e00550 0
    1e00660 dgram 0 0 0 1e00908 0 1e006e8
    1e006e8 dgram 0 0 0 1e00908 0 1e00770
    1e00770 dgram 0 0 0 1e00908 0 1e00c38
    1e00c38 dgram 0 0 0 1e00908 0 1e00a18
    1e00a18 dgram 0 0 0 1e00908 0 1e00b28
    1e00b28 dgram 0 0 0 1e00908 0 1e007f8
    1e007f8 dgram 0 0 0 1e00908 0 0
    1e00aa0 dgram 0 0 0 1e00bb0 1e00bb0 0
    1e00bb0 dgram 0 0 0 1e00aa0 1e00aa0 0
    1e00908 dgram 0 0 21af738 0 23e7bb0 0 /var/run/syslog


    I've got a feeling the guy just wanted me off the line :mad:.
     
  5. neoserver macrumors 6502

    Joined:
    Apr 24, 2003
    #5
    Nothing seems out of place on that netstat dump :)

    You're in the clear. Most of that stuff is UNIXy stuff that doesn't really matter.
     
  6. g's hat thread starter macrumors newbie

    Joined:
    Sep 25, 2006
    #7
    Many thanks for your help guys; much appreciated :) Definitely changing my provider....!
     
  7. donmei macrumors regular

    Joined:
    Mar 8, 2007
    #8
    if you dont want to change providers, it may be worth another call.

    you need to convince them to hand you off to Level 2 helpdesk.

    First, run a speedtest and see what your connection speed is.
    I'm a big fan of this site, their results are very consistent:
    http://www.speakeasy.net/speedtest/

    My "max" rate is 3 mb/s. I get about 2.5 to 2.7 mb/s anytime I check.

    when you're on the pone with tech support, explain to them that you used to get X and now you get Y and that you are supposed to get(according to your plan) Z.

    When you get to level2, they can actually check the speed on the port that you are connected to. I've had my internet slow down significantly twice in the last 8 years for no apparent reason.

    One time was because squirrel poop had eaten through the old cloth sheathing running to my house and it was holding moisture and degrading the signal.

    The second time it was because someone had accidentally reset my port to 1.5 mb/s. The level1 guy had no way of knowing this. The level 2 guy saw it instantly and fixed me up.

    Don
     

Share This Page