where is windows connecting to???

Hello,

I run comodo ISP and I noticed in my active connections log that System[4] has several open connections to two IP addresses,

192.168.10.255:137
192.168.56.255:138

The log lists a small amount of data under bytes out. These IP addresses appear to be on my local net, but I have no devices at these addresses.

I am looking for information about what is at the other end of this connection. I am not especially worried about it, but I think that it is important to understand the normal functioning of your computer so you can recognize when something is out of the ordinary.

LMHmedchem

 

It's nothing to worry about. Here's some info on it:

-http://technet.microsoft.com/en-us/library/cc940063.aspx

 

I totally agree with you. More you know about your system, sooner you will spot something unordinary. As wat0114 said, you should not worry about this connections. If you don't need/want this functionality, you can disable the protocol as described in article.

Regards, hqsec

 

.255 is to broadcast your existence using Netbios.
Two subnets is atypical at home, though possible, I guess. Do you see this at work or someplace with multiple subnets? Have two routers at home?

 

This is at home. My router is a z100g. It has both LAN and WLAN, would this be the reason for two sub nets?

I thought I had NetBIOS Over TCP/IP disabled but I didn't. I have disabled it and the connections no longer appear. At the moment, system is listening at ports 139 and 445, with svchost listening on 135.

LMHmedchem

 

I'm no expert. I hope somebody can explain it better.
139 and 445 are for SMB - replacement for or addition to NetBios.
http://en.wikipedia.org/wiki/Server_Message_Block
http://support.microsoft.com/kb/204279
135 described here for instance. Is endpoint mapper.
http://www.dslreports.com/forum/r7652730-Port-135-is-not-netbios.
NetBIOS restricted to your own trusted LAN devices is not a security issue.

192.168.x.x is local, private, stuff
http://en.wikipedia.org/wiki/Private_network
http://en.wikipedia.org/wiki/Subnetwork

Most routers have ethernet, LAN connection - that's the wired part, and WLAN which is the WiFi or radio part.
Both will be on the same subnet and do all their broadcasting on the last number which is .255.

What is your IP? use "ipconfig /all" in command window. You'll see all the adapters there. And what is the IP of the router? They have to be on the same subnet as far as I know.
But maybe that router you have works differently, though I doubt it.

Is it possible you're seeing or connecting to a neighbor if you use WiFi?