Unknown service sending UDP traffic to a Microsoft IP address

  • Thread starter Thread starter Chris Welch
  • Start date Start date
C

Chris Welch

I was packet sniffing on my network and I found some unusual traffic
going to a Microsoft IP address. Here's the netstat.
64.4.25.80
Click to expand...
Name: baym-td1.msgr.hotmail.com
Address: 64.4.25.80

The wierd thing is that I don't have messenger running. It's being
sent to UDP Port 3544, and the service that is calling it is hosted by
the process:

svchost.exe -k netsvcs

Because there were a lot of services on the list that were hosted I
didn't want to start turning on and off each one, until the traffic
stopped. Here's the tasklist output:

svchost.exe xxx 6to4, AudioSrv, BITS, Browser,
CryptSvc,
Dhcp, dmserver, ERSvc, EventSystem,
FastUserSwitchingCompatibility,
helpsvc,
HidServ, Ip6FwHlp, lanmanserver,
lanmanworkstation, Messenger, Netman,
Nla,
Schedule, seclogon, SENS,
ShellHWDetection,
srservice, TermService, Themes,
TrkWks,
uploadmgr, W32Time, winmgmt,
wuauserv, WZCSVC

If anyone knows what this traffic is, I'd sure appreciate the help.
I've only seen one other post (written by Monty) about this traffic on
the net and it was on this board, but wasn't answered. I"m not
screaming conspiracy, but I sure am curious.

Thanks in advance,
Chris
 
Use "netstat - ano" to map the port usage to a PID and then find the PID in
task manager to map to a process.

--

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
I did, that's how I found out it was svchost that was running it. But
there are many services managed by that svchost process. Which one is
sending the UDP traffic?

~ Chris
 
Back
Top