Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Strange Traffic
From: Craig Freyman <craigfreyman () gmail com>
Date: Wed, 25 Aug 2010 15:34:40 -0600

Thanks BZ.

I'm not sure what it is yet. All I know is the weird
traffic immediately stops when the Gmail page is closed. Looking at the
packet captures doesn't reveal anything to me.

On Wed, Aug 25, 2010 at 2:53 PM, Bacon Zombie <baconzombie () gmail com> wrote:

 *Craig,

You can either use Process Explorer or tasklist {via PSExec if on a Remote
System} :

C:\>tasklist /svc /fi "imagename eq svchost.exe"

*

*BaconZombie*

*
*

*….all text in this mail is double-rot13 encrypted. ...***


On 25 August 2010 20:27, Craig Freyman <craigfreyman () gmail com> wrote:

A lot. Is there a utility like process explorer that can tell me the
subprocesses of svchost and the port they're using?


On Wed, Aug 25, 2010 at 12:09 PM, Bugbear <gbugbear () gmail com> wrote:

Also what is running under SVCHOST?

On Wed, Aug 25, 2010 at 2:05 PM, Vincent Lape <vlape () me com> wrote:
Can you give a tcpdump of the traffic?



On Aug 25, 2010, at 10:54 AM, Craig Freyman <craigfreyman () gmail com>
wrote:

I'm trying to understand why a number of client computers are sending
UDP
500 traffic to strange places. For example, from one machine it is
sending
traffic to 209.85.225.166 which is owned by Google. Netstat tells me
that
the traffic is originating from SVCHOST.
I thought UDP 500 was used for IKE but is it also used for some sort of
keep
alive? I'm confused!
Thanks,
C


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]