Re: Unknown service sending UDP traffic to a Microsoft IP address

From: Marc Reynolds [MSFT] (marcrey_at_online.microsoft.com)
Date: 02/22/04


Date: Sun, 22 Feb 2004 09:05:02 -0600

Use "netstat - ano" to map the port usage to a PID and then find the PID in
task manager to map to a process.

-- 
Thanks,
Marc Reynolds
Microsoft Technical Support
This posting is provided "AS IS" with no warranties, and confers no rights.
"Chris Welch" <macspert@webnautica.net> wrote in message
news:675406f5.0402212043.5fd0550f@posting.google.com...
> I was packet sniffing on my network and I found some unusual traffic
> going to a Microsoft IP address. Here's the netstat.
>
> > 64.4.25.80
> Name:    baym-td1.msgr.hotmail.com
> Address:  64.4.25.80
>
> The wierd thing is that I don't have messenger running. It's being
> sent to UDP Port 3544, and the service that is calling it is hosted by
> the process:
>
> svchost.exe -k netsvcs
>
> Because there were a lot of services on the list that were hosted I
> didn't want to start turning on and off each one, until the traffic
> stopped. Here's the tasklist output:
>
> svchost.exe                  xxx 6to4, AudioSrv, BITS, Browser,
> CryptSvc,
>                                  Dhcp, dmserver, ERSvc, EventSystem,
>                                  FastUserSwitchingCompatibility,
> helpsvc,
>                                  HidServ, Ip6FwHlp, lanmanserver,
>                                  lanmanworkstation, Messenger, Netman,
> Nla,
>                                  Schedule, seclogon, SENS,
> ShellHWDetection,
>                                  srservice, TermService, Themes,
> TrkWks,
>                                  uploadmgr, W32Time, winmgmt,
> wuauserv, WZCSVC
>
> If anyone knows what this traffic is, I'd sure appreciate the help.
> I've only seen one other post (written by Monty) about this traffic on
> the net and it was on this board, but wasn't answered. I"m not
> screaming conspiracy, but I sure am curious.
>
> Thanks in advance,
> Chris