Thanks BZ.

I'm not sure what it is yet. All I know is the weird
traffic immediately stops when the Gmail page is closed. Looking at the
packet captures doesn't reveal anything to me.

On Wed, Aug 25, 2010 at 2:53 PM, Bacon Zombie <[email protected]> wrote:

>  *Craig,
>
> You can either use Process Explorer or tasklist {via PSExec if on a Remote
> System} :
>
> C:\>tasklist /svc /fi "imagename eq svchost.exe"
>
> *
>
> *BaconZombie*
>
> *
> *
>
> *….all text in this mail is double-rot13 encrypted. ...***
>
>
> On 25 August 2010 20:27, Craig Freyman <[email protected]> wrote:
>
>> A lot. Is there a utility like process explorer that can tell me the
>> subprocesses of svchost and the port they're using?
>>
>>
>> On Wed, Aug 25, 2010 at 12:09 PM, Bugbear <[email protected]> wrote:
>>
>>> Also what is running under SVCHOST?
>>>
>>> On Wed, Aug 25, 2010 at 2:05 PM, Vincent Lape <[email protected]> wrote:
>>> > Can you give a tcpdump of the traffic?
>>> >
>>> >
>>> >
>>> > On Aug 25, 2010, at 10:54 AM, Craig Freyman <[email protected]>
>>> wrote:
>>> >
>>> > I'm trying to understand why a number of client computers are sending
>>> UDP
>>> > 500 traffic to strange places. For example, from one machine it is
>>> sending
>>> > traffic to 209.85.225.166 which is owned by Google. Netstat tells me
>>> that
>>> > the traffic is originating from SVCHOST.
>>> > I thought UDP 500 was used for IKE but is it also used for some sort of
>>> keep
>>> > alive? I'm confused!
>>> > Thanks,
>>> > C
>>> >
>>> >
>>> > _______________________________________________
>>> > Pauldotcom mailing list
>>> > [email protected]
>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> > Main Web Site: http://pauldotcom.com
>>> >
>>> > _______________________________________________
>>> > Pauldotcom mailing list
>>> > [email protected]
>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> > Main Web Site: http://pauldotcom.com
>>> >
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> [email protected]
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com
>>>
>>
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> [email protected]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Reply via email to