Netstat Tricks

A tail of three sites and spy verses spy

Using a Web Browser to surf the web is sort of like a Vulcan Mind Probe. At the same time information is flowing to you through various ports, you are sharing information with the host. On the basic level, there is nothing terribly sinister about this because two way communication is necessary for web browsing.

So at the simplest level, you connect with a site ( but before connecting you do a traceroute to see its relatively safe. The request goes to 8 IP’s in the Washington area before heading to Atlanta Ga and then the final destination in Scottsdale Arizona. None of the IP’s along the route belong to a known honeypot or are on a honeypot list and the path is very logical so it looks safe.

Now to see what’s happening to my machine, I use a blank homepage and no browser search bar which might be connected to the web. I check the “netstat -a” command to see my starting point and leave the Dos Window open. After typing in the URL and pressing enter, I as quickly as possible reopen the Dos Window and run the “netstat -a” command again. I repeat this command several times until the page is fully loaded. In the case of, two ports (1042 &1044) are opened and connected to Http at the host.

This is just about as vanilla as Web Browsing can be. In the case of, the only entity probing my machine is the one I expected.

As discussed at the Fatsavage Blog, WordPress is hidden in the walled garden of cyberspace where it’s a little difficult to find out who is doing what to whom and where that person is getting screwed. WordPress Blogs are now being served by the Akamai Technology System which is about six hops away from any computer in the world and all traces end with their system and the server can be anywhere.

However, when some entity wants to probe your machine they have to connect through a port and it’s the function of netstat to tell you who’s doing what to you. When I checked There were logical and not so logical connections.

Obviously, is connected.
Not obvious but logically Snap ( and Google analytics are connected or they couldn’t provide the services they provide.
Unexpected, which was the original WordPress host is still connected and I guess it’s necessary for posting blogs etc.

Now after that it gets a little messy.

I had a connection from a security firm,, at port 1809. Now this pisses me off a little, I can’t recall in anyway inviting them to do the mind probe thing and I can’t recall WordPress ever telling me that they would be providing some new wonderful service. At least with Google analytic and Snap there were warnings.

And last but not least was a reemergence of my old friend Carnivore. It seems that clandestine operations must be hosted by your ISP because of some archaic law and my ISP was connected to me on port 1802. They don’t necessary need a search warrant as long as their is a search warrant for one person on the whole system which is of course almost guaranteed so that means they can spy on everyone.

On a positive note, it would seem that “netstat -a” provides a peephole to see who’s playing with themselves behind the walled garden of Akamai.

The third site is my own at and will be discussed separately.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: