Re: Unknown service sending UDP traffic to a Microsoft IP address

From: Marc Reynolds [MSFT] (
Date: 02/22/04

Date: Sun, 22 Feb 2004 09:05:02 -0600

Use "netstat - ano" to map the port usage to a PID and then find the PID in
task manager to map to a process.

Marc Reynolds
Microsoft Technical Support
This posting is provided "AS IS" with no warranties, and confers no rights.
"Chris Welch" <> wrote in message
> I was packet sniffing on my network and I found some unusual traffic
> going to a Microsoft IP address. Here's the netstat.
> >
> Name:
> Address:
> The wierd thing is that I don't have messenger running. It's being
> sent to UDP Port 3544, and the service that is calling it is hosted by
> the process:
> svchost.exe -k netsvcs
> Because there were a lot of services on the list that were hosted I
> didn't want to start turning on and off each one, until the traffic
> stopped. Here's the tasklist output:
> svchost.exe                  xxx 6to4, AudioSrv, BITS, Browser,
> CryptSvc,
>                                  Dhcp, dmserver, ERSvc, EventSystem,
>                                  FastUserSwitchingCompatibility,
> helpsvc,
>                                  HidServ, Ip6FwHlp, lanmanserver,
>                                  lanmanworkstation, Messenger, Netman,
> Nla,
>                                  Schedule, seclogon, SENS,
> ShellHWDetection,
>                                  srservice, TermService, Themes,
> TrkWks,
>                                  uploadmgr, W32Time, winmgmt,
> wuauserv, WZCSVC
> If anyone knows what this traffic is, I'd sure appreciate the help.
> I've only seen one other post (written by Monty) about this traffic on
> the net and it was on this board, but wasn't answered. I"m not
> screaming conspiracy, but I sure am curious.
> Thanks in advance,
> Chris