Prev: Mis-using DNS for solving WWW browser problems.
Next: Outside dns not changin
From: Slarty on 28 Mar 2010 12:11
On Sun, 28 Mar 2010 12:08:45 +0000 (UTC), Kat Rabun wrote:

> Is it normal for Firefox to listen on two random TCP ports every time?
>
> Here's what happens ...
>
> Bringing Firefox 3.6.2 freeware up (set by default to a blank page for this
> test) on WinXP SP3 with Comodo Internet Security 3.14 firewall freeware
> reporting Firefox begins "listening" on TCP port 1570 and 1572.
>

You have not mentioned the remote address at the other end of those
established connections.

Try using Prcess Hacker and opening the network tab to get better
information on the processes. A Whois may give you a better idea, plus you
can then close the process down at the same time. Make a note of he remote
IP address for future reference/investigation.

A most useful little application available at Sourceforge and elsewhere.

I'm rather prejudiced against 'software fire walls' such as you are using,
so my bet is on Commodo. Other prime candidates Google, built into Firefox
of course, and Micrsoft. Thus all the usual suspects. You realise that
Google behaves in some rather sneaky ways once you start tracking it.

Cheers,

Roy
From: Poutnik on 28 Mar 2010 14:23
In article <honldi$atm$1(a)tioat.net>, katspianostudioXXX(a)Use-Author-
Supplied-Address.invalid says...
>
>
> Active Connections
>
> Proto Local Address Foreign Address State PID
> TCP Kat:1386 localhost:1387 ESTABLISHED 3120
> TCP Kat:1387 localhost:1386 ESTABLISHED 3120
> TCP Kat:1388 localhost:1389 ESTABLISHED 3120
> TCP Kat:1389 localhost:1388 ESTABLISHED 3120
>
> Likewise, Comodo reported Firefox opened TCP ports 1386 and 1388 for
> listening in this test.
>
> Why is Firefox 3.6.2 always opening two ports for listening every time it
> opens up?

Important is what interface is used for connections and listening.
All connections above are local. Firefox uses
TCP local inter modele communication as many other programs.
I also guess it is listening on loopback localhost interface 127.0.0.1

--
Poutnik
The best depends on how the best is defined.
From: Kat Rabun on 29 Mar 2010 02:10
On Sun, 28 Mar 2010 17:11:19 +0100, Slarty wrote:

>> Is it normal for Firefox to listen on two random TCP ports every time?
> You have not mentioned the remote address at the other end of those
> established connections.
>
> Try using Prcess Hacker and opening the network tab

I installed Process Hacker 1.11 freeware from:
http://sourceforge.net/projects/processhacker/files/processhacker/

It's scary that Process Hacker modifies the antivirus freeware (I sure hope
it's not malware in disguise) before it can start working.

Once it starts, the Process Hacker "Processes" tab looks similar to that of
Process Explorer v11.21 freeware; but there are two other tabs in Process
Hacker (Services, & Network).

In the Network tab of Process Hacker, the only thing I have before I start
Firefox (with anti-virus turned off) is:

Process: LocalAddress: LocalPort: RemoteAddress: RemotePort: Protocol:
State:
System (4) 0.0.0.0 445 0.0.0.0 24708 TCP Listening
System (4) Kat (192.168.1.200) 139 0.0.0.0 24708 TCP Listening
System (4) Kat (192.168.1.200) 137 - - UDP -
System (4) 0.0.0.0 445 - - UDP -
System (4) 0.0.0.0 138 - - UDP -

When I start Firefox to a blank page, 4 more entries arise:
firefox.exe(3868) Kat(127.0.0.1) 2522 Kat(127.0.0.1) 2521 TCP Established
firefox.exe(3868) Kat(127.0.0.1) 2523 Kat(127.0.0.1) 2524 TCP Established
firefox.exe(3868) Kat(127.0.0.1) 2521 Kat(127.0.0.1) 2522 TCP Established
firefox.exe(3868) Kat(127.0.0.1) 2524 Kat(127.0.0.1) 2523 TCP Established

At the same time, Comodo tells me only about ports 2523 & 2521:
TCP Listening:2523
TCP Listening:2521

Does this help to figure out what is going on with those two ports opened
up by Firefox?
From: VanguardLH on 29 Mar 2010 06:18
Kat Rabun wrote:

> ...
> Does this help to figure out what is going on with those two ports opened
> up by Firefox?

Since this all focuses on Firefox, wouldn't asking in a newsgroup with a
community focused on that product produce better responses? If your NNTP
server doesn't carry the mozilla.* newsgroups, you can connect your NNTP
client to news.mozilla.org. There are Firefox groups there. If the users
there don't know, someone might know how to contact the Mozilla development
group to inquire about these ghost connects.
From: Poutnik on 29 Mar 2010 07:56
In article <hopg9a$ptt$1(a)tioat.net>, katspianostudioXXX(a)Use-Author-
Supplied-Address.invalid says...
>
>
> When I start Firefox to a blank page, 4 more entries arise:
> firefox.exe(3868) Kat(127.0.0.1) 2522 Kat(127.0.0.1) 2521 TCP Established
> firefox.exe(3868) Kat(127.0.0.1) 2523 Kat(127.0.0.1) 2524 TCP Established
> firefox.exe(3868) Kat(127.0.0.1) 2521 Kat(127.0.0.1) 2522 TCP Established
> firefox.exe(3868) Kat(127.0.0.1) 2524 Kat(127.0.0.1) 2523 TCP Established
>
> At the same time, Comodo tells me only about ports 2523 & 2521:
> TCP Listening:2523
> TCP Listening:2521
>
> Does this help to figure out what is going on with those two ports opened
> up by Firefox?

did not I explain it before ?

FF created loopback TCP connection No 1
from port 2522 to port 2521 of listening FF.
FF created loopback TCP connection No 2
from port 2524 to port 2523 of listening FF.
FF is still loopback listening on portes 2521, 2523.

Said by other words, FF is connecting to itself.

--
Poutnik
The best depends on how the best is defined.
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: Mis-using DNS for solving WWW browser problems.
Next: Outside dns not changin