Now I'm not seeing the traffic at home. Hmm - I will keep looking tomorrow.

On Wed, Aug 25, 2010 at 4:48 PM, Michael Miller
<[email protected]>wrote:

> I have a fresh Windows VM that I use for testing.  I'm not seeing any
> traffic on UPD 500 going to google.  Do you have any tool bars
> installed on your browser?  Do you have any google applications that
> don't live in side the browser installed?
>
> -mmiller
>
> On Wed, Aug 25, 2010 at 2:34 PM, Craig Freyman <[email protected]>
> wrote:
> > Thanks BZ.
> > I'm not sure what it is yet. All I know is the weird
> > traffic immediately stops when the Gmail page is closed. Looking at the
> > packet captures doesn't reveal anything to me.
> >
> > On Wed, Aug 25, 2010 at 2:53 PM, Bacon Zombie <[email protected]>
> wrote:
> >>
> >> Craig,
> >>
> >> You can either use Process Explorer or tasklist {via PSExec if on a
> Remote
> >> System} :
> >>
> >> C:\>tasklist /svc /fi "imagename eq svchost.exe"
> >>
> >> BaconZombie
> >>
> >> ….all text in this mail is double-rot13 encrypted. ...
> >>
> >> On 25 August 2010 20:27, Craig Freyman <[email protected]> wrote:
> >>>
> >>> A lot. Is there a utility like process explorer that can tell me the
> >>> subprocesses of svchost and the port they're using?
> >>>
> >>> On Wed, Aug 25, 2010 at 12:09 PM, Bugbear <[email protected]> wrote:
> >>>>
> >>>> Also what is running under SVCHOST?
> >>>>
> >>>> On Wed, Aug 25, 2010 at 2:05 PM, Vincent Lape <[email protected]> wrote:
> >>>> > Can you give a tcpdump of the traffic?
> >>>> >
> >>>> >
> >>>> >
> >>>> > On Aug 25, 2010, at 10:54 AM, Craig Freyman <[email protected]
> >
> >>>> > wrote:
> >>>> >
> >>>> > I'm trying to understand why a number of client computers are
> sending
> >>>> > UDP
> >>>> > 500 traffic to strange places. For example, from one machine it is
> >>>> > sending
> >>>> > traffic to 209.85.225.166 which is owned by Google. Netstat tells me
> >>>> > that
> >>>> > the traffic is originating from SVCHOST.
> >>>> > I thought UDP 500 was used for IKE but is it also used for some sort
> >>>> > of keep
> >>>> > alive? I'm confused!
> >>>> > Thanks,
> >>>> > C
> >>>> >
> >>>> >
> >>>> > _______________________________________________
> >>>> > Pauldotcom mailing list
> >>>> > [email protected]
> >>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >>>> > Main Web Site: http://pauldotcom.com
> >>>> >
> >>>> > _______________________________________________
> >>>> > Pauldotcom mailing list
> >>>> > [email protected]
> >>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >>>> > Main Web Site: http://pauldotcom.com
> >>>> >
> >>>> _______________________________________________
> >>>> Pauldotcom mailing list
> >>>> [email protected]
> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >>>> Main Web Site: http://pauldotcom.com
> >>>
> >>>
> >>> _______________________________________________
> >>> Pauldotcom mailing list
> >>> [email protected]
> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >>> Main Web Site: http://pauldotcom.com
> >>
> >>
> >> _______________________________________________
> >> Pauldotcom mailing list
> >> [email protected]
> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >> Main Web Site: http://pauldotcom.com
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > [email protected]
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Reply via email to