localhost:half-life

  • Thread starter Thread starter JNB
  • Start date Start date
J

JNB

A program that shows connections on my computer show's

Remote address ______ Local address

localhost:half-life_______ 127.0.0.1:1051
localhost:1051_________ 127.0.0.1:half-life
*.*___________________ 127.0.0.1:half-life

I never play the game half-life so I'm wondering if this might
be a Trojan, key logger or something I need to worry about?

Thanks
JNB
 
From: "JNB" <[email protected]>

| A program that shows connections on my computer show's
|
| Remote address ______ Local address
|
| localhost:half-life_______ 127.0.0.1:1051
| localhost:1051_________ 127.0.0.1:half-life
| *.*___________________ 127.0.0.1:half-life
|
| I never play the game half-life so I'm wondering if this might
| be a Trojan, key logger or something I need to worry about?
|
| Thanks
| JNB

The question is what is the actuialt TCP port the alias "half-life" represents.

This will be found in the etc/services table.
 
A program that shows connections on my computer show's
localhost:half-life_______ 127.0.0.1:1051
localhost:1051_________ 127.0.0.1:half-life
*.*___________________ 127.0.0.1:half-life
I never play the game half-life so I'm wondering if this might
be a Trojan, key logger or something I need to worry about?
Click to expand...

The first two lines show one program on your computer talking
to another program on your computer (127.0.0.1 is localhost).

The third shows a program is listening for packets on the
port, that has the name half-life. As David Lipman pointed out,
this will be in the file /etc/services.

I gather you're running mac os x, which I'm not familiar with,
but can you try running the command

netstat -utap

If it works, that will list all udp and tcp ports, and the name of
the program that's using it.

I expect when you look in /etc/services, you will find half-life
assigned as the name for port 26000, which is used by many of
the quake based games, such as Quakeworld, QuakeIII.

If you are running one of the quake based games, you may need to
alter your firewall settings to allow incoming packets on that port.

If you haven't opened up that port in your firewall, then having
the program listening for packets, won't hurt, as it won't see them.

Regards, Dave Hodgins
 
The question is what is the actuialt TCP port the alias "half-life" represents.

This will be found in the etc/services table.
Click to expand...
I don't understand what you mean by etc/services table.
JNB
 
The first two lines show one program on your computer talking
to another program on your computer (127.0.0.1 is localhost).

The third shows a program is listening for packets on the
port, that has the name half-life. As David Lipman pointed out,
this will be in the file /etc/services.
Click to expand...

I don't know what file you mean, "etc/services".
I gather you're running mac os x, which I'm not familiar with,
but can you try running the command
Click to expand...

Windows XP SP2
netstat -utap
Click to expand...

I ran netstat. The arguments didn't work. It didn't show much
If it works, that will list all udp and tcp ports, and the name of
the program that's using it.

I expect when you look in /etc/services, you will find half-life
assigned as the name for port 26000, which is used by many of
the quake based games, such as Quakeworld, QuakeIII.

If you are running one of the quake based games, you may need to
alter your firewall settings to allow incoming packets on that port.
Click to expand...

I don't play games at all.

If you haven't opened up that port in your firewall, then having
the program listening for packets, won't hurt, as it won't see them.
Click to expand...

Using the program Netmon 1.57 I can kill the process
but it pops back up instantly.
Regards, Dave Hodgins
Click to expand...
Have a safe & happy weekend
JNB
 
JNB said:
I don't understand what you mean by etc/services table.
JNB
Click to expand...
It is the file C:/Windows/System32/Drivers/Etc/Services (On a PC) Note that
it has no extension.
Jim
 
It is the file C:/Windows/System32/Drivers/Etc/Services (On a PC) Note that
it has no extension.
Jim
Click to expand...
That's an interesting file but I can't find Half-life listed or the
port.
There is a listing for doom port 666 but I never play games.
Today the port listed for Half-life is 1034 using netmon. It was
port 1051 the other day.

I suppose if it were a virus or something Avast would have found
it so I'm about ready to stop worrying about it.

I appreciate all the help.
Live long and prosper.
JNB
####################################################
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This file contains port numbers for well-known services defined by
IANA
#
# Format:
#
# <service name> <port number>/<protocol> [aliases...]
[#<comment>]
#

echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users #Active users
systat 11/tcp users #Active users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote #Quote of the day
qotd 17/udp quote #Quote of the day
chargen 19/tcp ttytst source #Character
generator
chargen 19/udp ttytst source #Character
generator
ftp-data 20/tcp #FTP, data
ftp 21/tcp #FTP. control
telnet 23/tcp
smtp 25/tcp mail #Simple Mail
Transfer Protocol
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource #Resource Location
Protocol
nameserver 42/tcp name #Host Name Server
nameserver 42/udp name #Host Name Server
nicname 43/tcp whois
domain 53/tcp #Domain Name
Server
domain 53/udp #Domain Name
Server
bootps 67/udp dhcps #Bootstrap
Protocol Server
bootpc 68/udp dhcpc #Bootstrap
Protocol Client
tftp 69/udp #Trivial File
Transfer
gopher 70/tcp
finger 79/tcp
http 80/tcp www www-http #World Wide Web
kerberos 88/tcp krb5 kerberos-sec #Kerberos
kerberos 88/udp krb5 kerberos-sec #Kerberos
hostname 101/tcp hostnames #NIC Host Name
Server
iso-tsap 102/tcp #ISO-TSAP Class 0
rtelnet 107/tcp #Remote Telnet
Service
pop2 109/tcp postoffice #Post Office
Protocol - Version 2
pop3 110/tcp #Post Office
Protocol - Version 3
sunrpc 111/tcp rpcbind portmap #SUN Remote
Procedure Call
sunrpc 111/udp rpcbind portmap #SUN Remote
Procedure Call
auth 113/tcp ident tap #Identification
Protocol
uucp-path 117/tcp
nntp 119/tcp usenet #Network News
Transfer Protocol
ntp 123/udp #Network Time
Protocol
epmap 135/tcp loc-srv #DCE endpoint
resolution
epmap 135/udp loc-srv #DCE endpoint
resolution
netbios-ns 137/tcp nbname #NETBIOS Name
Service
netbios-ns 137/udp nbname #NETBIOS Name
Service
netbios-dgm 138/udp nbdatagram #NETBIOS Datagram
Service
netbios-ssn 139/tcp nbsession #NETBIOS Session
Service
imap 143/tcp imap4 #Internet Message
Access Protocol
pcmail-srv 158/tcp #PCMail Server
snmp 161/udp #SNMP
snmptrap 162/udp snmp-trap #SNMP trap
print-srv 170/tcp #Network
PostScript
bgp 179/tcp #Border Gateway
Protocol
irc 194/tcp #Internet Relay
Chat Protocol
ipx 213/udp #IPX over IP
ldap 389/tcp #Lightweight
Directory Access Protocol
https 443/tcp MCom
https 443/udp MCom
microsoft-ds 445/tcp
microsoft-ds 445/udp
kpasswd 464/tcp # Kerberos (v5)
kpasswd 464/udp # Kerberos (v5)
isakmp 500/udp ike #Internet Key
Exchange
exec 512/tcp #Remote Process
Execution
biff 512/udp comsat
login 513/tcp #Remote Login
who 513/udp whod
cmd 514/tcp shell
syslog 514/udp
printer 515/tcp spooler
talk 517/udp
ntalk 518/udp
efs 520/tcp #Extended File
Name Server
router 520/udp route routed
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp #For emergency
broadcasts
uucp 540/tcp uucpd
klogin 543/tcp #Kerberos login
kshell 544/tcp krcmd #Kerberos remote
shell
new-rwho 550/udp new-who
remotefs 556/tcp rfs rfs_server
rmonitor 560/udp rmonitord
monitor 561/udp
ldaps 636/tcp sldap #LDAP over TLS/SSL
doom 666/tcp #Doom Id Software
doom 666/udp #Doom Id Software
kerberos-adm 749/tcp #Kerberos
administration
kerberos-adm 749/udp #Kerberos
administration
kerberos-iv 750/udp #Kerberos version
IV
kpop 1109/tcp #Kerberos POP
phone 1167/udp #Conference
calling
ms-sql-s 1433/tcp #Microsoft-SQL-
Server
ms-sql-s 1433/udp #Microsoft-SQL-
Server
ms-sql-m 1434/tcp #Microsoft-SQL-
Monitor
ms-sql-m 1434/udp #Microsoft-SQL-
Monitor
wins 1512/tcp #Microsoft Windows
Internet Name Service
wins 1512/udp #Microsoft Windows
Internet Name Service
ingreslock 1524/tcp ingres
l2tp 1701/udp #Layer Two
Tunneling Protocol
pptp 1723/tcp #Point-to-point
tunnelling protocol
radius 1812/udp #RADIUS
authentication protocol
radacct 1813/udp #RADIUS accounting
protocol
nfsd 2049/udp nfs #NFS server
knetd 2053/tcp #Kerberos de-
multiplexor
man 9535/tcp #Remote Man Server
#########################################################################
 
Here is a better list of connectons. All the other connections
were edited out.
######################
C:\Program Files\Netmon\process_list.txt
Timestamp: 10:18:30 PM Aug 03 07
Generated by: Netmon 1.57

Remote address : localhost:half-life
Local address : 127.0.0.1:1034
Protocol : TCP
Status : Established
######################
Remote address : *:*
Local address : 127.0.0.1:half-life
Protocol : TCP
Status : Listening
######################

Remote address : localhost:1034
Local address : 127.0.0.1:half-life
Protocol : TCP
Status : Established
######################
 
Back
Top