wred process - what is it?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

anon imous

New Around Here
I've found some interesting connections on my router in the output of netstat:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 80.x.x.x:46751 91.x.x.x:80 ESTABLISHED 17888/wred
tcp 0 0 80.x.x.x:52799 91.x.x.x:80 ESTABLISHED 17888/wred
tcp 1 0 80.x.x.x:46883 91.x.x.x:80 CLOSE_WAIT 17888/wred
tcp 0 0 80.x.x.x:41592 91.x.x.x:80 ESTABLISHED 17888/wred

The foreign addresses are the same two or three IPs, they are belonging to my ISP.
Could you tell me, what is it?
Why wred connects to an unkown server on the port 80?
(as far as I know, wred=weighted random early detection, but I'm not sure if it is and if it is, then what does it do on the internet)
 

ColinTaylor

Part of the Furniture
wred is a component of the TrendMicro DPI. Do a reverse lookup on the external IP address, my guess is that it will belong to TrendMicro.
 

anon imous

New Around Here
wred is a component of the TrendMicro DPI. Do a reverse lookup on the external IP address, my guess is that it will belong to TrendMicro.
Thanks, the reverse lookup looks if they were private clients of my ISP (but my ISP's naming conventions... no comment... it could be anything...)
 
Last edited:

RMerlin

Asuswrt-Merlin dev
wred is related to the malicious website detection system from AiProtection (Website Reputation).
 

dave14305

Part of the Furniture
Lookup the hostname ntd-asus-2014b-en.fbs20.trendmicro.com and see if it resolves to the same IP in your netstat output. A reverse lookup by IP will probably only tell you it's amazonaws.com.
 

anon imous

New Around Here
Lookup the hostname ntd-asus-2014b-en.fbs20.trendmicro.com and see if it resolves to the same IP in your netstat output. A reverse lookup by IP will probably only tell you it's amazonaws.com.
I've tried it:
Non-authoritative answer:
ntd-asus-2014b-en.fbs20.trendmicro.com canonical name = gslb6.fbs.trendmicro.com.akadns.net.
gslb6.fbs.trendmicro.com.akadns.net canonical name = aws-prod.fbs25.trendmicro.com.
aws-prod.fbs25.trendmicro.com canonical name = fbs.prod.spn.a1q7.net.
Name: fbs.prod.spn.a1q7.net
Address: 44.233.140.104
Name: fbs.prod.spn.a1q7.net
Address: 44.233.111.149
Name: fbs.prod.spn.a1q7.net
Address: 2600:1f14:9ae:ce01:bbc0:b480:5075:accd
Name: fbs.prod.spn.a1q7.net
Address: 2600:1f14:9ae:ce03:1f7:61cc:2a3b:1b41


But... Fortunately I keep the logs of my local DNS, and I've found those IPs in there: a771.dscq.akamai.net
It's IPs are changing with the ISP. I've tested it with some VPNs asking DNS 8.8.8.8 and I got different results.
 
Similar threads
Thread starter Title Forum Replies Date
D Find WAN network traffic per port/protocol/process Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top