Re: Unknown service sending UDP traffic to a Microsoft IP address
From: Marc Reynolds [MSFT] (marcrey_at_online.microsoft.com)
Date: Sun, 22 Feb 2004 09:05:02 -0600
Use "netstat - ano" to map the port usage to a PID and then find the PID in
task manager to map to a process.
-- Thanks, Marc Reynolds Microsoft Technical Support This posting is provided "AS IS" with no warranties, and confers no rights. "Chris Welch" <email@example.com> wrote in message news:firstname.lastname@example.org... > I was packet sniffing on my network and I found some unusual traffic > going to a Microsoft IP address. Here's the netstat. > > > 220.127.116.11 > Name: baym-td1.msgr.hotmail.com > Address: 18.104.22.168 > > The wierd thing is that I don't have messenger running. It's being > sent to UDP Port 3544, and the service that is calling it is hosted by > the process: > > svchost.exe -k netsvcs > > Because there were a lot of services on the list that were hosted I > didn't want to start turning on and off each one, until the traffic > stopped. Here's the tasklist output: > > svchost.exe xxx 6to4, AudioSrv, BITS, Browser, > CryptSvc, > Dhcp, dmserver, ERSvc, EventSystem, > FastUserSwitchingCompatibility, > helpsvc, > HidServ, Ip6FwHlp, lanmanserver, > lanmanworkstation, Messenger, Netman, > Nla, > Schedule, seclogon, SENS, > ShellHWDetection, > srservice, TermService, Themes, > TrkWks, > uploadmgr, W32Time, winmgmt, > wuauserv, WZCSVC > > If anyone knows what this traffic is, I'd sure appreciate the help. > I've only seen one other post (written by Monty) about this traffic on > the net and it was on this board, but wasn't answered. I"m not > screaming conspiracy, but I sure am curious. > > Thanks in advance, > Chris