Thread replies: 19
Thread images: 3
Thread images: 3
File: Capture.png (89KB, 1251x570px) Image search:
[Google]
89KB, 1251x570px
hey /g/ i'm currently looking through wireshark
Despite that i'm not using any software that uses network connection...Why is my machine connecting to external IPs?
what causes this?
>>
>>61700159
Looks like your ISP to me.
>>
File: 1498518965998.jpg (73KB, 946x596px) Image search:
[Google]
73KB, 946x596px
>>61700159
If your on Windows, its software checking for updates and MS making sure you're being a good goy
>>
>>61700159
Just do a whois on the IPs
>>
>>61700246
They all seem to be from the sources ripe and arin, and they're mainly from US and UK
this is shady, is GCHQ and NSA targeting me or what?
>>
>>61700159
$ curl ipinfo.io/52.164.251.44 && printf '\n'
{
"ip": "52.164.251.44",
"city": "Dublin",
"region": "Leinster",
"country": "IE",
"loc": "53.3389,-6.2595",
"org": "AS8075 Microsoft Corporation"
}
$ curl ipinfo.io/185.60.147.77 && printf '\n'
{
"ip": "185.60.147.77",
"hostname": "jord.deepdns.cryptostorm.net",
"city": "",
"region": "",
"country": "CH",
"loc": "47.1449,8.1551",
"org": "AS51395 SOFTplus Entwicklungen GmbH"
}
$ curl ipinfo.io/185.60.147.77 && printf '\n'
{
"ip": "185.60.147.77",
"hostname": "jord.deepdns.cryptostorm.net",
"city": "",
"region": "",
"country": "CH",
"loc": "47.1449,8.1551",
"org": "AS51395 SOFTplus Entwicklungen GmbH"
}
$ curl ipinfo.io/23.10.249.18 && printf '\n'
{
"ip": "23.10.249.18",
"hostname": "a23-10-249-18.deploy.static.akamaitechnologies.com",
"city": "Amsterdam",
"region": "North Holland",
"country": "NL",
"loc": "52.3500,4.9167",
"org": "AS20940 Akamai International B.V.",
"postal": "1091"
}
Akamai is a CDN, so you probably have something running on your computer that is actively fetching content.
That "deepdns" domain is related to some wierd privacy stuff that you appear to use, googling for it brings up a github repository.
Microsoft is probably Windows updates
>>
>>61700316
>ipinfo.io
that's fucking sexy, will be using, thanks
>>
>>61700342
Pair it with jq for great oneliners
> $ function asnfromip {
> > curl ipinfo.io/"$1" 2>/dev/null | jq '.["org"]'
> > }
> $ asnfromip 8.8.8.8
> "AS15169 Google Inc."
>>
>>61700316
>>61700165
>>61700246
Is it possible for wireshark to show the processes that are using those IPs?
>>
>>61700316
If OP has any Adobe software on his machine Adobe uses Akami for their updater.
>>
>>61700479
you can use curl -s to get rid of stderr output
>>
File: 1474675085038.jpg (95KB, 613x545px) Image search:
[Google]
95KB, 613x545px
>>61700479
Holy fuck how did I not know about jq.
It's like I didn't even lift.
Here have some ass.
>>
>>61700497
netstat -lpan shows active sockets on linux, not sure on windows / wireshark.
>>
>>61700497
Wireshark doesn't really do that. If there are active connections you can do:
Windows: netstat -ano
Linux: netstat -Woplan
macOS: sudo lsof +c 15 -i -n -P
As for what OP is seeing - that's the state of the world now. Constant fucking telemetry and updates.
>>
>>61700647
jq is an awesome tool, and it's extremely powerful if you learn it in-depth. https://shapeshed.com/jq-json/
>>
>>61701055
I bet it is. I could have saved myself a week or two had I known about this.
>at least it was billable :^)
>>
>>61701080
... jq would have saved you an entire two weeks? Sounds like there's a story there?
>>
>>61700696
>. Constant fucking telemetry and updates.
fuck this gay shit i'm switching to tails OS
>>
>>61701275
Not really, just needed to do dozens of varied little ETL tasks for customers over the past few years, hacked together my own tools to do a lot of it. curl | jq selector | curl -XPOST would have made the jobs so much easier than handwritten JavaScript.
Thread posts: 19
Thread images: 3
Thread images: 3