 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Networking and Web / February 2008How does one track down services that generate traffic?
Process Monitor only shows the top process id which is svchost. I guess Svchost represents any number of services, any of which can be generating ip traffic. The question is how does one zero in on the culprit service? >Process Monitor only shows the top process id which is svchost. I guess >Svchost represents any number of services, any of which can be generating ip >traffic. > >The question is how does one zero in on the culprit service? I start with Process Explorer from Microsoft (SysInternals). <http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#Proce ssExplorer> http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#Proce ssExplorer There, you find the Svchost instance in question, look under Services, and find a list of what services are involved. And under TCP/IP, make a note of the connections and their details. Pass the details here.  SignatureCheers, Chuck, MS-MVP 2005-2007 [Windows - Networking] http://nitecruzr.blogspot.com/ Paranoia is not a problem, when it's a normal response from experience. My email is AT DOT actual address pchuck mvps org. Of course the tcp values are constantly changing as the port number increases, usually by one. Port 1457 below is chosen at random. The port numbers seem to cycle between 1000 and 4000 apprx. Thanks for looking at it. Prtcl---Local ---Remote ---State TCP---hpw01.mshome:1457---192.168.0.1:5678---ESTABLISHED TCP---hpw01.mshome:1458---192.168.0.1:5678---ESTABLISHED UDP---hpw01:9909---*.* UDP---hpw01:1042---*.* UDP---hpw01:ntp---*.* UDP---hpw01:mshome:ntp---*.* > >Process Monitor only shows the top process id which is svchost. I guess > >Svchost represents any number of services, any of which can be generating ip [quoted text clipped - 9 lines] > a list of what services are involved. And under TCP/IP, make a note of the > connections and their details. Pass the details here. >> >Process Monitor only shows the top process id which is svchost. I guess >> >Svchost represents any number of services, any of which can be generating ip [quoted text clipped - 9 lines] >> a list of what services are involved. And under TCP/IP, make a note of the >> connections and their details. Pass the details here. >Of course the tcp values are constantly changing as the port number >increases, usually by one. Port 1457 below is chosen at random. The port [quoted text clipped - 7 lines] >UDP---hpw01:ntp---*.* >UDP---hpw01:mshome:ntp---*.* What about the Svchost instance? What services are listed? Here's RRAC - Port 5678: <http://www.google.com/search?hl=en&q=rrac+port+5678&btnG=Google+Search> http://www.google.com/search?hl=en&q=rrac+port+5678&btnG=Google+Search <http://www.auditmypc.com/port/udp-port-5678.asp> http://www.auditmypc.com/port/udp-port-5678.asp What is "192.168.0.1" - a router, or a computer running ICS? SignatureCheers, Chuck, MS-MVP 2005-2007 [Windows - Networking] http://nitecruzr.blogspot.com/ Paranoia is not a problem, when it's a normal response from experience. My email is AT DOT actual address pchuck mvps org. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.