Unknown service sending UDP traffic to a Microsoft IP address

[Chris Welch]

I was packet sniffing on my network and I found some unusual traffic
going to a Microsoft IP address. Here's the netstat.

64.4.25.80

Name: baym-td1.msgr.hotmail.com
Address: 64.4.25.80

The wierd thing is that I don't have messenger running. It's being
sent to UDP Port 3544, and the service that is calling it is hosted by
the process:

svchost.exe -k netsvcs

Because there were a lot of services on the list that were hosted I
didn't want to start turning on and off each one, until the traffic
stopped. Here's the tasklist output:

svchost.exe xxx 6to4, AudioSrv, BITS, Browser,
CryptSvc,
Dhcp, dmserver, ERSvc, EventSystem,
FastUserSwitchingCompatibility,
helpsvc,
HidServ, Ip6FwHlp, lanmanserver,
lanmanworkstation, Messenger, Netman,
Nla,
Schedule, seclogon, SENS,
ShellHWDetection,
srservice, TermService, Themes,
TrkWks,
uploadmgr, W32Time, winmgmt,
wuauserv, WZCSVC

If anyone knows what this traffic is, I'd sure appreciate the help.
I've only seen one other post (written by Monty) about this traffic on
the net and it was on this board, but wasn't answered. I"m not
screaming conspiracy, but I sure am curious.

Thanks in advance,
Chris

 

[Marc Reynolds [MSFT]]

Use "netstat - ano" to map the port usage to a PID and then find the PID in
task manager to map to a process.

--

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Chris Welch]

I did, that's how I found out it was svchost that was running it. But
there are many services managed by that svchost process. Which one is
sending the UDP traffic?

~ Chris