Incidents
System Idle Process making TCP connections Jul 07 2006 08:21PM
John Davison (johndavison compasseng com) (1 replies)
Re: System Idle Process making TCP connections Jul 07 2006 11:47PM
lee e rian census gov (1 replies)
Re: System Idle Process making TCP connections Jul 08 2006 01:58AM
John Davison (johndavison compasseng com)
It turns out I jumped to conclusions here. They have some kind of (apparently
buggy) barcode printing software on this machine. I didn't realize that the
idle proc inherits time wait sockets (makes total sense if the owning proc
dies.)

So it looks like this software was stuck in some kind of a loop that was
spawning procs that were making socket connections then dying very quickly.

Thanks the for responses though.

On Friday 07 July 2006 07:47 pm, lee.e.rian (at) census (dot) gov [email concealed] wrote:
> Does TCPView ever show the System Idle Process with any connections in the
> LISTENING or ESTABLISHED state?
>
> All of the System Idle Process connections listed are in the TIME_WAIT
> state - which most probably means that some other process created the
> connection and closed it. ( I'd guess something trying to talk to
> spoolsv.exe since it's listening on port 6160 )
>
> > Has anyone seen anything like this before?
>
> No, not that many connections in a timed wait state. But whenever a
> connection is closed it moves to the TIME_WAIT state and TCPView says it's
> owned by [System Process]:0 on my windoze machine.
>
> HTH,
> Lee

--
---
John Davison
Compass Engineering Group
email : johndavison (at) compasseng (dot) com [email concealed]

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

mQGiBEShREkRBAC3apDBDVdXXUqWIhOEtqV5ziZ1POKdHJ0pkHNPFTUi+KCWzmVy
qtszWSf0lFit5GyuQk0LhnU+L1nvwu7/sqCnuvK/uHDScgW38FjuPJ2LhLshz2Qw
W89lzhJd55PrP4+baVqUeMxhBJPCGTi9a0vx4VZVXFiP+opG1TgFaRsvbwCgu9iO
IfdpSLsFMc4g7/WOdeid9wcD/2na7++Gu2cWn97FQHTKZ7aV3cRYV3Bz+h0ywbWG
8bO5VIT28+u0cNJ4BJro2NJT7xK1S03eHKi4C44L00hYQ3XA5lDfOeI6RAJyntyP
kpS4UYa2PrwsdXE1tH7FWL1RxI9N/4lf7xVNd37Gnphccoucb/LYQw3g2cgaFM4R
j0+0A/9s2SsLTr+DZmnCTpmbRy84QLTp9LHEwByCyH/olUO2StljS6nT1iKuNVTT
wBBftgOx03qk7CT70mq6R2VPriUpUGVweLTTuNF+wdWisgZqNbEeB6JnfbaciuEZ
JB01vp/srsclsr5XETLN+kSC+dnEBfkgRUWHGU8d2m9BaeKxd7QpSm9obiBEYXZp
c29uIDxqb2huZGF2aXNvbkBjb21wYXNzZW5nLmNvbT6IYAQTEQIAIAUCRKFESQIb
AwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEIe4N0PB1ntvmkwAoJIhqQ+xc9LX
efi1zRngGtvIj/nVAKCLhdSCNUGg0LdAwbelk0G5PhuRF7kCDQREoUSOEAgAoxat
qsUtLv27ePWClRAOJ6ZgphMSFNqsxo39+pWziQCe4jytVOUw2Gs9MeFB3N1OAkXG
Maoxv2Z105GNrtmiYSVgsjeVBvs077CITjGfo0PNP56j+26nV+GWGQUChWdxvqO9
QmhZ2SrXfD3iFVG9BBgS1iaqu62OKUDLwaqE8+r0mToaeHipo7BPP6ew+UcHdGU6
OFlEKHwGQ8vTLsqSLuM4WDd9NZ6fW/z9lHcmrnYTMVpHwq61t93MZO4wcvKac9QA
KiiZkxs16lGSh/i31Qza8qUUtY0hD1YpPuBuwwysq/7JwS4WZJ7hOLHk2ZVvmiKH
B6ivctsJ21kFgvk5mwADBgf/TXdcQfAuN/LzJ0aph2hPeAkQrWaVRZRpd2TbbSaY
c+VuprHAALdZPdbPd/ZYDAANyCVvdEOfRsL/7xzNmEgQx/2EUfErE4acYaWo5kd9
0VOpno6d3OlJL2RlNZ6iufs2kn8ZS6mgXPMfHKN85v2OZJ34Gf9VB7xtN6+F5SQK
0B7Wb47wJdApUotqCTg5WXEJ0juAw1fGXUy9u2WqfSq4si5OtvTay/EMFJPsZ49f
0JfdzgJbvmYYuH0ghLeEvIFnEZcpfbVtKUtNAhHLW6Cze27xY4wx+9uSN22q41kh
RdGr91g64ST7C/mpXiX80rYRo3Vslgnqpq1fJ2XvpSRYgohJBBgRAgAJBQJEoUSO
AhsMAAoJEIe4N0PB1ntvLtUAmwRNrDu1JaYpnfudHCJ6xmO1xhy7AKCq7zA1gmtc
oDiShAq5QiKJP7VQSg==
=usOt
-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBErxEyh7g3Q8HWe28RAtxtAJ4x/43n8i9K78lTWgMtTEGmPV2YPwCdH0bk
gz/JhTKeHH4wsDCwBTikvu0=
=g4sT
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus