Results 1 to 15 of 15

Thread: Calling Home?

  1. #1
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    10,056
    Thanks
    425
    Thanked 1,612 Times in 1,456 Posts

    Calling Home?

    Read an interesting article on How-To-Geek about what outgoing connections your computer is making with out telling you.

    So I thought I'd give it a try and wow how knew? Surely, not me!

    Unfortunately, most of this is way outside my experience or knowledge so can anyone offer assistance in decifering some of this stuff?

    Code:
    Active Connections
    
      Proto  Local Address          Foreign Address        State
      TCP    0.0.0.0:135            DellXPS8920:0          LISTENING
      RpcSs
     [svchost.exe]
      TCP    0.0.0.0:445            DellXPS8920:0          LISTENING
     Can not obtain ownership information
      TCP    0.0.0.0:3648           DellXPS8920:0          LISTENING
     Can not obtain ownership information
      TCP    0.0.0.0:5357           DellXPS8920:0          LISTENING
     Can not obtain ownership information
      TCP    0.0.0.0:5700           DellXPS8920:0          LISTENING
     Can not obtain ownership information
      TCP    0.0.0.0:5985           DellXPS8920:0          LISTENING
     Can not obtain ownership information
      TCP    0.0.0.0:7680           DellXPS8920:0          LISTENING
      DoSvc
    IP Address 0.0.0.0?

    Code:
    Active Connections
    
      Proto  Local Address          Foreign Address        State
    
     [LegacyCsLoaderService.exe]
      TCP    127.0.0.1:5905         DellXPS8920:49669      ESTABLISHED
     [LegacyCsLoaderService.exe]
      TCP    127.0.0.1:5905         DellXPS8920:49670      ESTABLISHED
     [LegacyCsLoaderService.exe]
      TCP    127.0.0.1:5905         DellXPS8920:49671      ESTABLISHED
     [LegacyCsLoaderService.exe]
      TCP    127.0.0.1:5905         DellXPS8920:49734      ESTABLISHED
     [LegacyCsLoaderService.exe]
      TCP    127.0.0.1:5905         DellXPS8920:49735      ESTABLISHED
     [LegacyCsLoaderService.exe]
      TCP    127.0.0.1:5905         DellXPS8920:49736      ESTABLISHED
     [LegacyCsLoaderService.exe]
      TCP    127.0.0.1:5905         DellXPS8920:49737      ESTABLISHED
     [LegacyCsLoaderService.exe]
      TCP    127.0.0.1:5905         DellXPS8920:50754      ESTABLISHED
    Only thing changing is number after "DellXPS8920". According to the net this software can be uninstalled w/o affecting Windows but what does it affect?

    Code:
    Active Connections
    
      Proto  Local Address          Foreign Address        State
    
     [IntelTechnologyAccessService.exe]
      TCP    127.0.0.1:5905         DellXPS8920:50755      ESTABLISHED
    
    ...
     [IntelTechnologyAccessService.exe]
      TCP    127.0.0.1:5905         DellXPS8920:50854      ESTABLISHED
    88 Instances of this one with only the RED highlighted numbers changing. Almost like a port scanner but it does skip some numbers are skipped, for what reason I have no idea. Again like the one above the net says it can be uninstalled w/o affecting Windows.

    Code:
     [IntelTechnologyAccessService.exe]
      TCP    127.0.0.1:50755        DellXPS8920:5905       ESTABLISHED
    ...
     [IntelTechnologyAccessService.exe]
      TCP    127.0.0.1:50866        DellXPS8920:5905       ESTABLISHED
    Even weirder here it goes again but switching the numbers between the port on the IP and the 5905 from the block above?

    I hope someone can shed some light on this for me, and others.

    Can I uninstall this talkative Intel software?
    If I do will it have any real effect on my computer?
    Any references you'd recommend to decipher this information?
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  2. #2
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by RetiredGeek
    IP Address 0.0.0.0?
    This is an 'invalid, unknown or non-applicable' destination IP - used in this context as a loopback address - and can be ignored. It may be LISTENING - on all available network interfaces (including the 'fake' local-only network adapter using 127.0.0.1) - but it's not going anywhere so nothing to worry about.

    Quote Originally Posted by RetiredGeek
    Only thing changing is number after "DellXPS8920". According to the net this software can be uninstalled w/o affecting Windows but what does it affect?
    The ports may be changing but the local address is 127.0.0.1, i.e. the 'loopback' address. This is the same as 'localhost' (which resolves to 127.0.0.1). Again, the connection may show as ESTABLISHED but it's not going anywhere so nothing to worry about.

    Quote Originally Posted by RetiredGeek
    88 Instances of this one with only the RED highlighted numbers changing. Almost like a port scanner but it does skip some numbers are skipped, for what reason I have no idea. Again like the one above the net says it can be uninstalled w/o affecting Windows.
    As above, it's just a connection to a loopback address.

    Quote Originally Posted by RetiredGeek
    Even weirder here it goes again but switching the numbers between the port on the IP and the 5905 from the block above?
    Once again, the ports may be changing but it's the 'loopback' address.

    Quote Originally Posted by RetiredGeek
    Can I uninstall this talkative Intel software?
    If I do will it have any real effect on my computer?
    Any references you'd recommend to decipher this information?
    By all means uninstall it... but for the right reasons. Nothing you've shown indicates any type of external connection. My reasons for uninstalling would be purely on the grounds of 'processes take CPU cycles', i.e. on the grounds of performance, not security.

    Hope this helps...

    (PS - I thought that the HTG article was - unfortunately and unusually - quite poor. It's titled How to See What Web Sites Your Computer Is Secretly Connecting To but only one screenshot actually showed an external IPv4 endpoint. It mentioned 2 GUI alternatives to NETSTAT but omitted to mention that only one of them provides a logging function.)

  3. The Following User Says Thank You to Rick Corbett For This Useful Post:

    Trev (2017-11-10)

  4. #3
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    10,056
    Thanks
    425
    Thanked 1,612 Times in 1,456 Posts
    Rick,

    Thanks! But why is Intel creating connections that go nowhere? Doesn't this seem kind of odd?
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  5. #4
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by RetiredGeek
    But why is Intel creating connections that go nowhere? Doesn't this seem kind of odd?
    Sorry but it seems to be one of the (many) areas that Intel are reticent about documenting online. I'm going to guess that it's just constantly testing the device's network stack as a process connected to Intel's Active Management Technology (AMT), which consumer devices don't use.

  6. #5
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    As for 'calling home', if you really want to see some interesting results, download CurrPorts, configure it to log connections, reboot your device then run nothing manually except CurrPorts (with logging) for 24 hours (or, better, still a week) to see what phones home without you realising.

    On a related note, kudos to Foxit for releasing version 9 of Foxit Reader which now allows you to stop its 2 persistent ESTABLISHED external connections. (See this WSL post.)

  7. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    9,164
    Thanks
    65
    Thanked 1,129 Times in 1,052 Posts
    Proto Local Address Foreign Address State
    TCP 0.0.0.0:135 DellXPS8920:0 LISTENING
    This means the local machine is listening on port 135 to the network device DellXPS8920. The 0 indicates acceptance of data from any port.

    TCP 127.0.0.1:5905 DellXPS8920:49669 ESTABLISHED
    This is a connection between the local machine on port 5905 and the remote machine on port 49669
    Generally, any port below 49152 is the listening port and over this is the outgoing connection, so this example shows the local machine listening for a connection on port 5905 and the remote machine initiated the connection from (random-ish) port 49669.

    The Intel software is connecting to what seems to be a local machine, so it may be some monitoring you have set up.

    cheers, Paul

  8. #7
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,579
    Thanks
    39
    Thanked 217 Times in 193 Posts
    It might be an interesting exercise to run the suggested CurrPorts before and after running ShutUp10 in "turn everything off" mode, to see if it turns off some of the ports you are worried about. It's supposed to shut off Microsodft Telemetry, but might go further, by chance.
    BATcher

    Mission: identify what we do best and find more ways of doing less of it better

  9. #8
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by BATcher
    It might be an interesting exercise to run the suggested CurrPorts before and after running ShutUp10 in "turn everything off" mode, to see if it turns off some of the ports you are worried about. It's supposed to shut off Microsodft Telemetry, but might go further, by chance.
    It's a good idea... but which version to choose? Each iteration adds more services so the chances are the results would be different each time, e.g. comparing 1607 to 1703 to 1709.

  10. #9
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    9,164
    Thanks
    65
    Thanked 1,129 Times in 1,052 Posts
    Ports generally don't matter as they change as and when required. It's the underlying services that you are interested in.

    cheers, Paul

  11. #10
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by BATcher View Post
    It might be an interesting exercise to run the suggested CurrPorts before and after running ShutUp10 in "turn everything off" mode, to see if it turns off some of the ports you are worried about. It's supposed to shut off Microsodft Telemetry, but might go further, by chance.
    OK, I'm going to have a look...

  12. #11
    Bronze Lounger DrWho's Avatar
    Join Date
    Dec 2009
    Location
    Central Florida
    Posts
    1,523
    Thanks
    32
    Thanked 208 Times in 165 Posts
    It was several years ago, that I got involved with and interested in the HOSTS file.

    Anyone wanting to really get into their PC, should read up on the function that the HOSTS file performs.

    I have two programs that add bad URL's to my HOSTS file, so that when any browser would try to go to a BAD site, that connection is routed right back to my PC, and effectively Goes NOWHERE, effectively Blocking that URL from "Phoning Home".

    A neat little program that I used for a long time, mainly in XP, was the "Hosts Manager".
    https://sourceforge.net/projects/hostsmanager/

    Every so often, it would download another group of bad url's and add them to my HOSTS file.
    For some unknown reason, when I upgraded from XP to Win07, the Hosts Manager did not follow.
    It just got lost in the move.

    Two other programs that do a similar thing, are "Spybot Search & Destroy" and "Spyware Blaster".

    Cheers Mates!
    The Doctor
    Experience is truly the best teacher.

    Backup! Backup! Backup! GHOST Rocks!

  13. #12
    Lounger
    Join Date
    Dec 2009
    Location
    Dunkeld, Scotland, UK
    Posts
    30
    Thanks
    4
    Thanked 4 Times in 4 Posts
    [QUOTE=DrWho;1159191]A neat little program that I used for a long time, mainly in XP, was the "Hosts Manager". For some unknown reason, when I upgraded from XP to Win07, the Hosts Manager did not follow. It just got lost in the move.

    There is a similar program called HostsMan which works fine with Win7.

  14. #13
    Bronze Lounger DrWho's Avatar
    Join Date
    Dec 2009
    Location
    Central Florida
    Posts
    1,523
    Thanks
    32
    Thanked 208 Times in 165 Posts
    I found one problem with Hosts manager..... it works with the 'DNS Client' service, which I'm not able to START on my current version of Win-7. I know it was running when I first installed the OS, but I think I shut it off and now cannot restart it. When I try, I get an error message, "cannot find path". What the heck?

    Looks like only a fresh install of Win-7 is going to fix this one. (I'm working on it)

    Experience is truly the best teacher.

    Backup! Backup! Backup! GHOST Rocks!

  15. #14
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,496
    Thanks
    38
    Thanked 370 Times in 323 Posts
    Quote Originally Posted by DrWho View Post
    ...Looks like only a fresh install of Win-7 is going to fix this one...
    Or a repair-install. See: Win7’s no-reformat, nondestructive reinstall (by Fred Langa).
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    Confuscius said: "no use running harder if you're on the wrong road" and "any problem once correctly understood is already half-solved".

  16. #15
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by DrWho View Post
    I found one problem with Hosts manager..... it works with the 'DNS Client' service, which I'm not able to START on my current version of Win-7.

    Looks like only a fresh install of Win-7 is going to fix this one.
    This is a different issue. I suggest you start a new thread.

  17. The Following User Says Thank You to Rick Corbett For This Useful Post:

    satrow (2017-11-18)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •