On Wed, Dec 3, 2014 at 5:49 AM, g geleem@bellsouth.net wrote:
i have been noticing a short connection burst in system monitor every time i connect to internet.
i got curious and decided to run wireshark to see what was happening.
seems that i am connecting to 96.195.141.178 with destination of "PartedMagic".
this seemed strange because i do not have PartedMagic installed, so i ran a 'whois' check.
this is what it showed:
IP Location United States United States Pittsburgh Comcast Cable Communications Llc ASN United States AS7922 COMCAST-7922 - Comcast Cable Communications, Inc.,US (registered Feb 14, 1997) Resolve Host m001dd684d074.pitt1.pa.comcast.net Whois Server whois.arin.net IP Address 96.195.141.178 NetRange: 96.192.0.0 - 96.223.255.255 CIDR: 96.192.0.0/11 NetName: COMCAST-VOIP-4 NetHandle: NET-96-192-0-0-1 Parent: NET96 (NET-96-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Comcast Cable Communications, LLC (CCCS)
is this something for concern?
Maybe. A bit odd since that's assigned as Comcast VOIP and not a static customer block.
if so, what is/are best way/s to track this down?
I'd dump the traffic with tcpdump or wireshark and analyze it. What type of traffic is it? (transport layer protocol, as well as application protocol -- ex: HTTP is TCP port 80)
Are there any DNS queries that happen prior to the spike? Use wireshark to capture them and that might give a clue.
You could also use nethogs to diagnose and determine what program is causing the spike. http://nethogs.sourceforge.net/