Is This Normal

Discussion in 'Port Explorer' started by Airking, Oct 29, 2005.

Thread Status:
Not open for further replies.
  1. Airking

    Airking Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    1,083
    PE shows the following, is this normal? As it looks like services is bypassing the firewall.
     

    Attached Files:

  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Code:
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    |    Process    |     Creation     | ProcessID | Protocol |  Local Address  | Local Port |     Remote Address      | Remote Port |  Status   |          Sent           |        Received         |  Country  |
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    |  SYSTEM       |        ---       |     0     |    TCP   | roy-dcd65bb8e1b |    1374    | sh56.surpasshosting.com |     80      | TIME_WAIT |           ---           |           ---           |           |
    TIME_WAIT is the last state in a TCP connection before it closes.
    The TCP connection states are: LISTEN, SYN-SENT, SYN-RECEIVED, ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT and then it closes.

    Once a connection starts to close it will no longer show as being associated to an application, but to SYSTEM. So what you noted/posted is quite normal. That is a connection you had made that is in the final process of closing.

    Regards,

    CrazyM
     
  3. Airking

    Airking Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    1,083
    Thanks for the reply, was wondering why System was communicating out, that's interesting. Learn something every day!

    Regards
     
Thread Status:
Not open for further replies.