Gmail Suddenly Connects To 30 Ports On My Machine!


One personal machine I have is a 32 bit Windows XP Pro Machine. It still works fine.

With it, I open up Safari. One browser, and one window only. Check gmail. Logout.

Then, I open up a DOS/CMD window and run netstat.

——

netstat -ab

TCP blue:1423 74.125.212.52:http ESTABLISHED 2684
[Safari.exe]

TCP blue:1393 mail.google.com:https TIME_WAIT 0
TCP blue:1394 accounts.l.google.com:https TIME_WAIT 0
TCP blue:1395 yyz06s05-in-f24.1e100.net:http TIME_WAIT 0
TCP blue:1396 accounts-cctld.l.google.com:https TIME_WAIT 0
TCP blue:1397 http://www.l.google.com:http TIME_WAIT 0
TCP blue:1398 http://www.l.google.com:http TIME_WAIT 0
TCP blue:1399 http://www.l.google.com:http TIME_WAIT 0
TCP blue:1400 iad04s01-in-f95.1e100.net:http TIME_WAIT 0
TCP blue:1401 yyz06s05-in-f27.1e100.net:http TIME_WAIT 0
TCP blue:1402 http://www.l.google.com:http TIME_WAIT 0
TCP blue:1403 iad04s01-in-f132.1e100.net:http TIME_WAIT 0
TCP blue:1404 iad04s01-in-f132.1e100.net:http TIME_WAIT 0
TCP blue:1405 iad04s01-in-f132.1e100.net:http TIME_WAIT 0
TCP blue:1406 http://www.l.google.com:http TIME_WAIT 0
TCP blue:1407 yyz06s07-in-f13.1e100.net:http TIME_WAIT 0
TCP blue:1408 yyz06s07-in-f13.1e100.net:http TIME_WAIT 0
TCP blue:1409 ssl.gstatic.com:http TIME_WAIT 0
TCP blue:1410 yyz06s07-in-f31.1e100.net:http TIME_WAIT 0
TCP blue:1411 yyz06s07-in-f31.1e100.net:http TIME_WAIT 0
TCP blue:1413 yyz06s07-in-f27.1e100.net:http TIME_WAIT 0
TCP blue:1414 yyz06s07-in-f27.1e100.net:http TIME_WAIT 0
TCP blue:1416 a205-200-78-78.deploy.akamaitechnologies.com:http TIME_WAIT 0
TCP blue:1417 video-stats.l.google.com:http TIME_WAIT 0
TCP blue:1418 video-stats.l.google.com:http TIME_WAIT 0
TCP blue:1419 yyz06s07-in-f9.1e100.net:http TIME_WAIT 0
TCP blue:1420 yyz06s07-in-f8.1e100.net:http TIME_WAIT 0
TCP blue:1421 www3.l.google.com:http TIME_WAIT 0
TCP blue:1424 yyz06s07-in-f9.1e100.net:http TIME_WAIT 0
TCP blue:1426 yyz06s05-in-f27.1e100.net:http TIME_WAIT 0
TCP blue:2869 .:54497 TIME_WAIT 0
TCP blue:6591 .:http TIME_WAIT 0
TCP blue:17987 .:http TIME_WAIT 0
TCP blue:23244 .:http TIME_WAIT 0
TCP blue:54473 .:http TIME_WAIT 0
TCP blue:echo blue:0 LISTENING 1296
[tcpsvcs.exe]

——

Wow! Look at all the network connections. If you count “HTTP”, google created 30 HTTP connections!

——

1e100.net is google, also known as: Markmonitor.com

$ whois 1e100.net

Whois Server Version 2.0

Domain Name: 1E100.NET
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Status: serverDeleteProhibited
Status: serverTransferProhibited
Status: serverUpdateProhibited
Updated Date: 15-sep-2010
Creation Date: 25-sep-2009
Expiration Date: 25-sep-2019

Registrant:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
dns-admin@google.com +1.6502530000 Fax: +1.6506188571

Domain Name: 1e100.net
Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com

MarkMonitor is the Global Leader in Enterprise Brand Protection.

Domain Management
MarkMonitor Brand Protectionâ,¢
AntiFraud Solutions
Corporate Consulting Services

Visit MarkMonitor at http://www.markmonitor.com
Contact us at 1 800 745 9229
In Europe, at +44 (0) 20 7840 1300

——–

Some of the output with more self explanatory names are:
Mail.
Accounts.
Video.
akamai

But what are all the other servers, with the funny names? Some servers such as iad04s01-in-f132.1e100.net, connects to multiple ports. Here: 1403, 1404, 1405. Why?

——–

It’s not just the Safari browser, it is also tcpsvcs.exe. Which is:
c:\WINDOWS\system32\tcpsvcs.exe
TCP/IP Services Application

——–

Google says that it will change it’s privacy policy on March 1st (?). Saying they will gather even more information from us and link it all together. If it’s this bad already ….

I’d noted in an earlier post about all the CPU activity that Gmail did.

Just what information is Google getting from me? What are they doing with it?

Why do they need 30 HTTP connections to my desktop? And multiple connections to the same server?

Why so much network activity? Why so much of my own machine’s CPU power being used?

Does anyone know? Please leave a comment.

About these ads

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: