On Wed, Dec 3, 2014 at 5:49 AM, g <geleem at bellsouth.net> wrote: > i have been noticing a short connection burst in system monitor every > time i connect to internet. > > i got curious and decided to run wireshark to see what was happening. > > seems that i am connecting to 96.195.141.178 with destination of > "PartedMagic". > > this seemed strange because i do not have PartedMagic installed, so > i ran a 'whois' check. > this is what it showed: > > IP Location United States United States Pittsburgh > Comcast Cable Communications Llc > ASN United States AS7922 COMCAST-7922 > - Comcast Cable Communications, Inc.,US > (registered Feb 14, 1997) > Resolve Host m001dd684d074.pitt1.pa.comcast.net > Whois Server whois.arin.net > IP Address 96.195.141.178 > NetRange: 96.192.0.0 - 96.223.255.255 > CIDR: 96.192.0.0/11 > NetName: COMCAST-VOIP-4 > NetHandle: NET-96-192-0-0-1 > Parent: NET96 (NET-96-0-0-0-0) > NetType: Direct Allocation > OriginAS: > Organization: Comcast Cable Communications, LLC (CCCS) > > is this something for concern? > Maybe. A bit odd since that's assigned as Comcast VOIP and not a static customer block. > > if so, what is/are best way/s to track this down? > I'd dump the traffic with tcpdump or wireshark and analyze it. What type of traffic is it? (transport layer protocol, as well as application protocol -- ex: HTTP is TCP port 80) Are there any DNS queries that happen prior to the spike? Use wireshark to capture them and that might give a clue. You could also use nethogs to diagnose and determine what program is causing the spike. http://nethogs.sourceforge.net/ -- ---~~.~~--- Mike // SilverTip257 //