Thanks BZ. I'm not sure what it is yet. All I know is the weird traffic immediately stops when the Gmail page is closed. Looking at the packet captures doesn't reveal anything to me.
On Wed, Aug 25, 2010 at 2:53 PM, Bacon Zombie <[email protected]> wrote: > *Craig, > > You can either use Process Explorer or tasklist {via PSExec if on a Remote > System} : > > C:\>tasklist /svc /fi "imagename eq svchost.exe" > > * > > *BaconZombie* > > * > * > > *….all text in this mail is double-rot13 encrypted. ...*** > > > On 25 August 2010 20:27, Craig Freyman <[email protected]> wrote: > >> A lot. Is there a utility like process explorer that can tell me the >> subprocesses of svchost and the port they're using? >> >> >> On Wed, Aug 25, 2010 at 12:09 PM, Bugbear <[email protected]> wrote: >> >>> Also what is running under SVCHOST? >>> >>> On Wed, Aug 25, 2010 at 2:05 PM, Vincent Lape <[email protected]> wrote: >>> > Can you give a tcpdump of the traffic? >>> > >>> > >>> > >>> > On Aug 25, 2010, at 10:54 AM, Craig Freyman <[email protected]> >>> wrote: >>> > >>> > I'm trying to understand why a number of client computers are sending >>> UDP >>> > 500 traffic to strange places. For example, from one machine it is >>> sending >>> > traffic to 209.85.225.166 which is owned by Google. Netstat tells me >>> that >>> > the traffic is originating from SVCHOST. >>> > I thought UDP 500 was used for IKE but is it also used for some sort of >>> keep >>> > alive? I'm confused! >>> > Thanks, >>> > C >>> > >>> > >>> > _______________________________________________ >>> > Pauldotcom mailing list >>> > [email protected] >>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> > Main Web Site: http://pauldotcom.com >>> > >>> > _______________________________________________ >>> > Pauldotcom mailing list >>> > [email protected] >>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> > Main Web Site: http://pauldotcom.com >>> > >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
