On Wed, 2020-12-02 at 16:09 +0000, home user wrote:
--------------- begin text file --------------- Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 coyote:domain 0.0.0.0:* LISTEN root 31188 1084/dnsmasq tcp 0 0 0.0.0.0:ipp 0.0.0.0:* LISTEN root 22447 947/cupsd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN root 39031 1680/sendmail: acce tcp6 0 0 [::]:ipp [::]:* LISTEN root 22448 947/cupsd udp 0 0 0.0.0.0:mdns 0.0.0.0:* avahi 22058 748/avahi-daemon: r udp 0 0 coyote:domain 0.0.0.0:* root 31187 1084/dnsmasq udp 0 0 0.0.0.0:bootps 0.0.0.0:* root 31184 1084/dnsmasq udp 0 0 c-98-245-12-4.hs:bootpc denv01dhcp-ho-02:bootps ESTABLISHED root 29795 862/NetworkManager udp 0 0 localhost:323 0.0.0.0:* root 25199 763/chronyd udp 0 0 0.0.0.0:58501 0.0.0.0:* avahi 22060 748/avahi-daemon: r udp6 0 0 [::]:mdns [::]:* avahi 22059 748/avahi-daemon: r udp6 0 0 localhost:323 [::]:* root 25200 763/chronyd udp6 0 0 coyote:dhcpv6-client [::]:* root 30632 862/NetworkManager udp6 0 0 [::]:33746 [::]:* avahi 22061 748/avahi-daemon: r
If you look at the last column, you can see what's involved with those things: DNSmasq (your local DNS server), CUPSD (your local printer server), sendmail (your local mail server), AVAHI-DAEMON (part of your local networking, finding out your IP address, finding other things in your network), NETWORK MANAGER (handling your network), CHRONYD (your local time server managing your clock).
All normal stuff, although they're listening to any address, rather than only listening to local addresses. That could be tightened up for some things, at least. I see no reason for CUPS to listen outside of your LAN, for instance.
LANs are chatty, especially when you throw CUPS and mDNS into the mix. CUPS advertises itself, and looks for printers. AVAHI, etc., are always on the lookout for other things on your LAN. It's next to impossible to stop the LEDs blinking on your network port in a LAN.
And there's always going to be loads of DNS lookups while things are being used by you. When you browse a webpage, the page is made up of content dragged in from all over the place, text, graphics, scripts, etc., the browser has to find them. You can get the same kind of thing with HTML mail, too.
Regarding the other set of data with all the comcast addresses, I can't comment, as I have no idea what the data is in the adjacent columns. I hate programs which spew out data without titling what it is.
If, however, it is like Stan said (people scanning for exploitable ports within comcast), then my opinion is that you report that to comcast, and suggest that they either deal with their customers who are nefariously scanning their network, or fix their firewall to stop outsiders scanning their network. Either way, that's *their* job.
But first, confirm it is exploit scanning. I can't tell from the data you provided.
Looking at some of the domain names, I would have thought you'd logged this while you're using your web browser.