*Craig,

You can either use Process Explorer or tasklist {via PSExec if on a Remote
System} :

C:\>tasklist /svc /fi "imagename eq svchost.exe"

*

*BaconZombie*

*
*

*….all text in this mail is double-rot13 encrypted. ...***


On 25 August 2010 20:27, Craig Freyman <[email protected]> wrote:

> A lot. Is there a utility like process explorer that can tell me the
> subprocesses of svchost and the port they're using?
>
>
> On Wed, Aug 25, 2010 at 12:09 PM, Bugbear <[email protected]> wrote:
>
>> Also what is running under SVCHOST?
>>
>> On Wed, Aug 25, 2010 at 2:05 PM, Vincent Lape <[email protected]> wrote:
>> > Can you give a tcpdump of the traffic?
>> >
>> >
>> >
>> > On Aug 25, 2010, at 10:54 AM, Craig Freyman <[email protected]>
>> wrote:
>> >
>> > I'm trying to understand why a number of client computers are sending
>> UDP
>> > 500 traffic to strange places. For example, from one machine it is
>> sending
>> > traffic to 209.85.225.166 which is owned by Google. Netstat tells me
>> that
>> > the traffic is originating from SVCHOST.
>> > I thought UDP 500 was used for IKE but is it also used for some sort of
>> keep
>> > alive? I'm confused!
>> > Thanks,
>> > C
>> >
>> >
>> > _______________________________________________
>> > Pauldotcom mailing list
>> > [email protected]
>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> > Main Web Site: http://pauldotcom.com
>> >
>> > _______________________________________________
>> > Pauldotcom mailing list
>> > [email protected]
>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> > Main Web Site: http://pauldotcom.com
>> >
>> _______________________________________________
>> Pauldotcom mailing list
>> [email protected]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Reply via email to