regularly when I connect to the internet, cmdagent connects through destination port 80 to
- Comodo, that’s quite normal
- my isp
- SCN-5 ( Service Central Network Chicago) (184.108.40.206)
Does anyone know why cmdagent needs to do the last 2 connections?
You’ve not provided much information here, but my guess is that the ISP connection is for either the DNS resolve or an invisible proxy run by your ISP for local cached file redirects. The 220.127.116.11 IP is one that Comodo use for their distributed network infrastructure… it redirects users to geographically local servers (it’s a mirror).
Thank you kail for your prompt reply.
My DNS resolve is done through outbound to destination port 53 by svchost. So the invisible proxy used by my isp must be the explanation. As it is cmdagent which makes the outbound connection to my isp through destination port 80, if I understand well then my isp plays also some sort of redirect for Comodo. OK then no worry, my isp is not trying to sniff the communications.
It’s probably just your ISP trying to save you download times and to lighten their own network load (which is what the local cache is for). Lots of ISP do this. It’s probably nothing untoward either, way too easy for the ISP to get caught. But, the only to be sure would be to use something like Wireshark (a packet sniffer) to see what it was actually doing.
Thanks again for the time you gave me Kail.
I’ll follow your suggestion and check with Wireshark.