Despite UDP being "connectionless" it is possible to call connect() (see Can you bind() and connect() both ends of a UDP connection) on a UDP socket and associate that socket (at least at a local OS-level) with a remote IP + Port. All of the major OS's support showing this info via netstat, including windows.
However, on windows 11, when I run 'netstat -a -p udp', it returns some weird IP addresses:
C:\Windows\System32>netstat -a -p udp
Active Connections
Proto Local Address Foreign Address State
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:5050 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:27036 *:*
UDP 0.0.0.0:50127 0.0.0.94:443
UDP 0.0.0.0:50949 *:*
UDP 0.0.0.0:51213 *:*
UDP 0.0.0.0:53689 0.0.0.95:443
UDP 0.0.0.0:54675 *:*
UDP 0.0.0.0:55262 *:*
UDP 0.0.0.0:56871 0.0.32.3:443
UDP 0.0.0.0:57128 0.0.0.95:443
UDP 0.0.0.0:57659 0.0.0.2:443
UDP 0.0.0.0:58755 0.0.0.103:443
UDP 0.0.0.0:59343 0.0.0.100:443 <--- wtf is this!?
UDP 0.0.0.0:59534 *:*
UDP 0.0.0.0:62222 *:*
UDP 0.0.0.0:63202 0.0.0.95:443
[snip]
So I'm trying to figure out what these mean. (1) Running wireshark confirms they are not real addresses that my machine is talking to and (2) the underlying system call to walk the UDP table (https://learn.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-getextendedudptable) doesn't seem to have anyway to return a remote IP + port pair for a UDP socket.
Can anyone explain to me (1) what this data really means, (2) where it's coming from, and I guess implicitly (3) is it a bug?
Thanks in advance!
