Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Service Is Sending Out Ip Traffic?


  • Please log in to reply
1 reply to this topic

#1 godfrm2

godfrm2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 13 November 2007 - 09:14 AM

Hello,
My Vista machine is generation SNMP traffic on port 161 to the following addresses: 49.23.27.50, 49.23.27.69, 49.27.42.25 - how can I identify what service is generating this traffic? I've run both Windows Defender and Spybot on the disk and have CA's eTrust, (all current) running.

Here's the Network Trace through Network Monitor 3.1

49.23.27.50 4 0.062400 192.168.1.101 49.23.27.50 SNMP SNMP: Version1, Community = public, Get request, RequestID = 16532, Length = 78
49.23.27.69 5 0.062400 192.168.1.101 49.23.27.69 SNMP SNMP: Version1, Community = public, Get request, RequestID = 16533, Length = 78
49.23.27.69 6 0.062400 192.168.1.101 49.23.27.69 SNMP SNMP: Version1, Community = public, Get request, RequestID = 16534, Length = 78
49.27.42.25 7 0.062400 192.168.1.101 49.27.42.25 SNMP SNMP: Version1, Community = public, Get request, RequestID = 16535, Length = 78


Thanks
Mark G.

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:29 AM

Posted 13 November 2007 - 04:49 PM

This address is reserved by Iana.org - so it's not a "regular" IP address.
Being reserved gives several possibilities:
1) the IP is being "spoofed"
2) there is someone using this reserved address - either for legitimate or illegitimate purposes.
3) there is a legitimate need to communicate with this Iana IP address

I'd suggest using a Vista compatible firewall such as Zone Alarm or Webroot Desktop Firewall (just started testing this one) to see if it'll let you know what's doing this. Block all traffic and have it prompt you for each access.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users