Hi,
Just upgraded my system from 32 to 64 bit.
Quite simple actually, I tested the program EtherApe and saw
some strange connections.

Anyone know what they are ?
Should I block them ?
Seems to be connecting on port 443

I don't want to have network traffic on my system I haven't triggered myself.

Hopefully there is a very simple solution to this.
/Krister.alm

========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://etherape.sourceforge.net/"
linktext was:"http://etherape.sourceforge.net/"
====================================


No. I don't run it. Just posting info for other members since you did not.

read
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://ubuntuforums.org/showthread.php?t=1522773"
linktext was:"http://ubuntuforums.org/showthread.php?t=1522773"
====================================

and understand that you can use netstat, along with ps, to discover which application (process) is responsible for the connections.

FWIW, I've never noticed any such amazonws connections.

I know what you mean by the mysterious amazonaws connections.
I added a few (5) tcp portmon lines to my conky and noticed these connections sometimes.
Just for grins I added a few filters to my uBlock origin just to see what would happen.
These are the most common ones I noticed.
ec2-52-88-155-162.us-west-2.compute.amazonaws.com
ec2-52-35-236-216.us-west-2.compute.amazonaws.com
ec2-52-25-244-212.us-west-2.compute.amazonaws.com
ec2-50-112-173-244.us-west-2.compute.amazonaws.com
s3-1.amazonaws.com
So far I haven't had any problems with any websites , but time will tell.
I already use a giant hosts file and have enabled all the antiX ad blocker stuff , but I still get one now and again.
I also track my total connections while browsing and have found some sites that want 45 TCP connections to look at the site.
I don't think it's anything nasty , but I like to really restrict my active connections for the most speed and least overhead.
I can post my conky if you want to try it sometime just for grins.
Colin

Yes,
That would be handy,
Do you know what those addresses are for?
Some kind of fishing ?

It looks like amazon free cloud service and storage infrastructure.

========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://aws.amazon.com/free/"
linktext was:"https://aws.amazon.com/free/"
====================================

Probably not nefarious or nasty , just convenient for web hosting services.
Here's the pertinent part of my conky.
The whole top half only pertained to my machine , so here's the network stuff at the bottom.

${color dark grey}$hr
${color white}$alignc Networking : ${color lightgrey}IP address : ${color light green}${addr eth0}
${color white}$alignc Host / Router : ${color light green}${nameserver}${color white} Dlink DIR-632
${color white}$alignc Speed / Upload: ${upspeedf eth0} kb/s Download:$color ${downspeedf eth0} kb/s
${color white}$alignc TCP Active Connections : ${font xfonts-terminus:size=12x24}${color cyan}${tcp_portmon 1 65535 count}
${color dark grey}$hr
${color white}${font xfonts-terminus:size=10x20}$alignc Top Processes
${color white}$alignc Name PID CPU% MEM%
${color lightgrey}$alignc${top name 1} ${top pid 1} ${top cpu 1} ${top mem 1}
${color lightgrey}$alignc${top name 2} ${top pid 2} ${top cpu 2} ${top mem 2}
${color lightgrey}$alignc${top name 3} ${top pid 3} ${top cpu 3} ${top mem 3}
${color lightgrey}$alignc${top name 4} ${top pid 4} ${top cpu 4} ${top mem 4}
${color lightgrey}$alignc${top name 5} ${top pid 5} ${top cpu 5} ${top mem 5}
${color lightgrey}$alignc${top name 6} ${top pid 6} ${top cpu 6} ${top mem 6}
${color dark grey}$hr
${color #ddaa00}Outbound Connection ${alignr} Remote Service/Port$color
${tcp_portmon 32768 61000 rhost 0} ${alignr} ${tcp_portmon 32768 61000 rservice 0}
${tcp_portmon 32768 61000 rhost 1} ${alignr} ${tcp_portmon 32768 61000 rservice 1}
${tcp_portmon 32768 61000 rhost 2} ${alignr} ${tcp_portmon 32768 61000 rservice 2}
${tcp_portmon 32768 61000 rhost 3} ${alignr} ${tcp_portmon 32768 61000 rservice 3}
${tcp_portmon 32768 61000 rhost 4} ${alignr} ${tcp_portmon 32768 61000 rservice 4}
${tcp_portmon 32768 61000 rhost 5} ${alignr} ${tcp_portmon 32768 61000 rservice 5}
${tcp_portmon 32768 61000 rhost 6} ${alignr} ${tcp_portmon 32768 61000 rservice 6}
${tcp_portmon 32768 61000 rhost 7} ${alignr} ${tcp_portmon 32768 61000 rservice 7}
${color #ddaa00}Inbound Connection ${alignr} Local Service/Port$color
${tcp_portmon 1 32767 rhost 0} ${alignr} ${tcp_portmon 1 32767 lservice 0}
${tcp_portmon 1 32767 rhost 1} ${alignr} ${tcp_portmon 1 32767 lservice 1}
${tcp_portmon 1 32767 rhost 2} ${alignr} ${tcp_portmon 1 32767 lservice 2}
${tcp_portmon 1 32767 rhost 3} ${alignr} ${tcp_portmon 1 32767 lservice 3}
${tcp_portmon 1 32767 rhost 4} ${alignr} ${tcp_portmon 1 32767 lservice 4}
${tcp_portmon 1 32767 rhost 5} ${alignr} ${tcp_portmon 1 32767 lservice 5}

You can knock off the dlink mention and change the font if you don't run terminus , I like it because it reads fast for me.
This is a wired connection ,so modify it for wireless, my DNS calls are supplied by the router by choice , I like OpenDNS for that task.
The tcp active connections gives a total count of connections at a glance.
The others are specific to the connection.
Have fun.
Colin

You're both seeing those connections. Do you have a dropbox client running, or some other"web service-y" client?

I don't have any web type services running really ever.
But.
My wife and I have purchased from Amazon before and my ISP keeps my IP address the same for long periods of time.
I don't have a static IP , but I wonder if Amazon is tracking me for future offers or something like that.
It seems that Amazon wants vendors to use their service"aws" for free to push ad campaigns on previous buyers.
I never keep cookies , so maybe this is a way to query new browsing habits from known IP connections.
My wife never uses my machine , but she buys stuff from a windows 7 machine often.(same IP at the house)
Colin