Local & Remote Address are the same?

Discussion in 'Port Explorer' started by Cyborg, Mar 9, 2004.

Thread Status:
Not open for further replies.
  1. Cyborg

    Cyborg Registered Member

    Joined:
    Dec 8, 2003
    Posts:
    78
    Hi Guys,

    This may be an obvious one to those of you who know the ins and outs of PE but can anybody tell me why I have the same IP in both Local & Remote Address?

    As an example currently I have Process ID 840 a UDP which is under my local address (IP) , Local Port 520, Remote Address one again my IP, remote Port 520, Listening, Sent 2/48, Received 2/48, United Kingdom, Process svchost.exe

    If I ping/trace/whois PE will crash so I guess it is like me trying to Ping myself. Why do such entries appear?

    If I have "Red Entry" against ccapp.exe can I close it down safely and should I shut down any "Red Entries?"

    It would appear from using PE that both MSN and Hotmail Abuse are constantly having a look at what is going on; they have entries that seem to appear more than any others. I guess that with the amount of people who use Hotmail and MSN/Microsoft this is to be expected.

    Hope somebody will help,

    Thank you,

    Cyborg
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi, port 520 = EFS - Extended File Server, RIP

    Red or hidden entries are the ones to look extra at what theyu can be, not necessarily nasties and in most cases if you can identify them no need to close. Your firewall for instance could appear red and that you would not liked to be closed.
    You can enable spying on such sockets or processes and look into the packets.

    If you have MSN messenger and the kind in autostart yes, then they are looking at you. Reason for me why i only use MSN Messenger when really necessary. Using CS now, so hardly any need for msn messenger anymore.
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Cyborg, Localhost is your own pc.
    Below is a screanie showing svchost llistening on my local network 192.168.2.1 This is normal. This screanie also shows CryptoSuite connected out in Red as I have it's window minimised to the system tray.

    What is ccapp.exe?

    Process File: ccapp or ccapp.exe
    Process Name: Common Client CC App
    Description: Associated with Norton AntiVirus 2003, which runs auto-protect and email checking facilities. Without this service, both facilities cannot function correctly.
    Company: Symantec Corporation


    This is running in the backround so will show in red

    A simple google search will help you find what each programme is & does :)

    Please read PE's extensive help file if there is something missing from it or something you do not understand then please post here with any firther questions:)
     

    Attached Files:

  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    In the HOSTS file i added a name to my localhost, so i know what is connected to what, for instance
    127.0.0.1 www.myowncomputer.com
    0.0.0.0 www.itsmylocalhost.com
    but make sure the domains don't exist first to be able to get to your own system still :)
    So you would see for local host the names you chose and your computer name; it gives that little more insight how it works.
    Resolving these IP's on your system would give you those strange domain names, you will not succeed to connect to them via internet though.
     
Thread Status:
Not open for further replies.