Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Strange Traffic
From: Vincent Lape <vlape () me com>
Date: Wed, 25 Aug 2010 11:05:44 -0700

Can you give a tcpdump of the traffic?



On Aug 25, 2010, at 10:54 AM, Craig Freyman <craigfreyman () gmail com> wrote:

I'm trying to understand why a number of client computers are sending UDP 500 traffic to strange places. For example, 
from one machine it is sending traffic to 209.85.225.166 which is owned by Google. Netstat tells me that the traffic 
is originating from SVCHOST.

I thought UDP 500 was used for IKE but is it also used for some sort of keep alive? I'm confused!

Thanks,
C


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]