PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange Traffic

From: Craig Freyman <craigfreyman () gmail com>
Date: Wed, 25 Aug 2010 21:28:03 -0600
Now I'm not seeing the traffic at home. Hmm - I will keep looking tomorrow.

On Wed, Aug 25, 2010 at 4:48 PM, Michael Miller
<mike.mikemiller () gmail com>wrote:


I have a fresh Windows VM that I use for testing.  I'm not seeing any
traffic on UPD 500 going to google.  Do you have any tool bars
installed on your browser?  Do you have any google applications that
don't live in side the browser installed?

-mmiller

On Wed, Aug 25, 2010 at 2:34 PM, Craig Freyman <craigfreyman () gmail com>
wrote:

Thanks BZ.
I'm not sure what it is yet. All I know is the weird
traffic immediately stops when the Gmail page is closed. Looking at the
packet captures doesn't reveal anything to me.

On Wed, Aug 25, 2010 at 2:53 PM, Bacon Zombie <baconzombie () gmail com>

wrote:


Craig,

You can either use Process Explorer or tasklist {via PSExec if on a

Remote

System} :

C:\>tasklist /svc /fi "imagename eq svchost.exe"

BaconZombie

….all text in this mail is double-rot13 encrypted. ...

On 25 August 2010 20:27, Craig Freyman <craigfreyman () gmail com> wrote:


A lot. Is there a utility like process explorer that can tell me the
subprocesses of svchost and the port they're using?

On Wed, Aug 25, 2010 at 12:09 PM, Bugbear <gbugbear () gmail com> wrote:


Also what is running under SVCHOST?

On Wed, Aug 25, 2010 at 2:05 PM, Vincent Lape <vlape () me com> wrote:

Can you give a tcpdump of the traffic?



On Aug 25, 2010, at 10:54 AM, Craig Freyman <craigfreyman () gmail com



wrote:

I'm trying to understand why a number of client computers are

sending

UDP
500 traffic to strange places. For example, from one machine it is
sending
traffic to 209.85.225.166 which is owned by Google. Netstat tells me
that
the traffic is originating from SVCHOST.
I thought UDP 500 was used for IKE but is it also used for some sort
of keep
alive? I'm confused!
Thanks,
C


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: