[arch-security] strange netstat connections after having opened Firefox
Remi Gacogne
rgacogne at archlinux.org
Fri Dec 4 17:02:02 UTC 2015
Hi Elmar,
> tcp 0 0 192.168.100.101:50056 5.196.185.225:80 TIME_WAIT -
> tcp 0 0 192.168.100.101:35860 92.92.207.51:80 TIME_WAIT -
> tcp 0 0 192.168.100.101:40912 195.154.59.140:80 TIME_WAIT -
> tcp 0 0 192.168.100.101:58746 178.63.62.19:80 TIME_WAIT -
> tcp 0 0 192.168.100.101:40482 52.32.86.111:443 TIME_WAIT -
> tcp 0 0 192.168.100.101:43256 46.4.37.89:80 TIME_WAIT -
These connections are in TIME_WAIT, indicating that the connection has
been closed by your host but are kept alive by the kernel for the
duration of the TIME_WAIT interval to be properly handle any TCP still
in-flight somewhere, see [1] for more details. The fact that the
connections have no associated program is because the TIME_WAIT state is
handled by the kernel, and from the application point of view, they do
not exist anymore.
You can see that the connections were to TCP/80 and TCP/443, so very
likely caused by Firefox connecting to HTTP/HTTPS servers before you
closed it.
You'll be fine.
[1]:
https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Protocol_operation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20151204/18cd7e06/attachment.asc>
More information about the arch-security
mailing list