Need help interpreting a netstat
Here is the background: I have a paid subscription to http://di.fm, which is an online streaming service for electronic dance music. I'm also using the Windows 10 beta. A few weeks back, DI.FM notified me that I was connecting excessively to their service and asked if I was using more than one device to connect. I replied back to customer service that I was not, that I was only using one desktop computer and using W10 beta. Since then, I've been using the free di.fm service. Yes, I can uninstall W10 and reinstall W8.1 if I really need to.
I did notify Microsoft of the exact problem, so hopefully they will fix it.
Ok, here's my current netstat while connecting to my http://di.fm paid account:
I am only connected to di.fm and DU. Microsoft might also have a connection, since I'm using W10 beta.
Thanks for your help!
Steve
P.S. I pay for the paid version for no commercials.
ETA: Reverse DNS results so far
104.16.18.80 = CloudFlare, Inc. per http://www.dnsstuff.com/tools#whois%7Ctype=ipv4&&value=104.16.18.80
74.121.139.108 = MediaMath Inc per http://www.dnsstuff.com/tools#whois%7Ctype=ipv4&&value=74.121.139.108
Make7
(8,543 posts)You can ignore all the 127.0.0.1 connections - that's the loopback address to your own computer. If you check your computer name, you'll probably discover it is WIN-297AT2QPODG.
Not sure how one determines the actual foreign address from that netstat info. Try netstat -f or netstat -n (or netstat /? to see all the options).
I usually use Wireshark to sniff out network traffic - it lets you view each packet on a selected network adapter. You can see what IP address the packets are coming from/going to - then use those addresses to do reverse IP lookups and (hopefully) find out who is on the other end.
BTW - For those links to dnsstuff.com, you can replace the | with %7C to make the full link work. Like this:
http://www.dnsstuff.com/tools#whois%7Ctype=ipv4&&value=104.16.18.80
steve2470
(37,457 posts)That one is done with all browsers closed. Yes, the WIN-297AT2QPODG is my computer.
http://www.dnsstuff.com/tools#whois%7Ctype=ipv4&&value=24.143.206.192 = Time Warner Cable LLC
http://www.dnsstuff.com/tools#whois%7Ctype=ipv4&&value=134.170.189.4 = Microsoft
http://www.dnsstuff.com/tools#whois%7Ctype=ipv4&&value=111.221.29.11 = Microsoft
windows.com = Microsoft
eta: I'm probably concerned over nothing. I've been running the premium service for a few hours now and DI.FM has not contacted me via email, as they did last time. I'm thinking Microsoft fixed the problem.
ChromeFoundry
(3,270 posts)That should give you all the connections, the numerical foreign host address, the process Id and the owning application.
steve2470
(37,457 posts)I didn't see anything I was concerned about. Thanks for your help!