3

I am starting to look at my network activity to determine if there's anything on my system communicating with the outside world that shouldn't. How do I determine what is valid and needed?

For example, I had no network activity for a minute, but I still had the following communicating at over 1 KB/sec: svchost.exe (LocalService and NoImpersonation), Address: 239.x.x.x

Others I know are needed, with my router IP.

Edit: For the example I gave, the destination is 239.255.255.250:1900 Location http:// 192.168.1.2 :2869/upnphost/udhisapi.dll?content=uuid:090dfd23-5421-4924-97ab-8968907a1da0 I'm guessing it's Windows Media Player based on what I've seen, though I never ran the 'startup'/installation for it, so it shouldn't have permission to spread information (unless Windows OS license agreement is somehow tied to that).

Improve this question

1 Answer 1

Reset to default
1

One idea is to find out who it is talking to. Goto a whois IP lookup site such as Whois Lookup and enter the 239.x.x.x address, you should then have an idea who the service is communicating to.

Improve this answer
2
  • That didn't really help because 239.255.255.250 is a multicast address. Is there a way to see what addresses the multicast is directed at? or if svchost.exe is supposed to multicast?
    – BLaZuRE
    Commented Dec 27, 2012 at 7:35
  • Do you have Windows Live Messenger installed? I found some old pages that refer to Messenger Traffic to the IP and Port you reference, but they are XP Specific. windowsnetworking.com/kbase/WindowsTips/WindowsXP/RegistryTips/…
    – BillN
    Commented Dec 27, 2012 at 18:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .