2007-06-10-1013Z


MrCreditRepair.biz will fix your credit rating!

Anybody know what this traffic is? It's a Microsoft address, and it's running on Windows XP:

$ windump -n -l -p -i2 -x -X udp port 3544
c:\WINDOWS\windump.exe: listening on \Device\NPF_{26CB763D-9C91-4E4B-8C63-CFE50414E704}

04:13:00.847573 IP 192.168.3.106.4969 > 65.54.227.124.3544: UDP, length 77
        0x0000:  4500 0069 4cf7 0000 8011 04c8 c0a8 036a  E..iL..........j
        0x0010:  4136 e37c 1369 0dd8 0055 6706 0001 0000  A6.|.i...Ug.....
        0x0020:  378b cf4f 90a2 311e 0060 0000 0000 183a  7..O..1..`.....:
        0x0030:  fffe 8000 0000 0000 0000 00ff ffff ffff  ................
        0x0040:  fdff 0200 0000 0000 0000 0000 0000 0000  ................
        0x0050:  0285                                     ..
04:13:00.947424 IP 65.54.227.124.3544 > 192.168.3.106.4969: UDP, length 109
        0x0000:  4500 0089 4f83 0000 7011 121c 4136 e37c  E...O...p...A6.|
        0x0010:  c0a8 036a 0dd8 1369 0075 c8cf 0001 0000  ...j...i.u......
        0x0020:  378b cf4f 90a2 311e 0000 00ec 9631 56d8  7..O..1......1V.
        0x0030:  b060 0000 0000 303a fffe 8000 0000 0000  .`....0:........
        0x0040:  0080 00f2 27be c91c 83fe 8000 0000 0000  ....'...........
        0x0050:  0000                                     ..

And from a CMD box running as an administrator:

C:\WINDOWS\system32>netstat -anvb

Active Connections

Proto Local Address Foreign Address State PID

[snip]

UDP 192.168.3.106:4969 *:* 1828 c:\windows\system32\WS2_32.dll c:\windows\system32\6to4svc.dll ntdll.dll C:\WINDOWS\system32\kernel32.dll [svchost.exe]

[snip]

Probably innocuous enough, but that port is supposedly ccss-qmm (CCSS QMessageMonitor) and I'm not aware of that software being part of the XP kernel; those are all kernel components in the netstat output. And I just don't like the idea of my machine talking to Microsoft without my express permission. Sure, I could firewall the port, but it could be the automatic Windows update stuff, which I do want. I just wish I could find some real info on it -- so far my Google searches haven't been very productive.

I happened to notice only because I was testing an idea of sending UDP as part of a peer-to-peer video messaging system, a sort of virtual pub. One of many back-burner projects.

Back to blog or home page

last updated 2013-01-10 20:54:30. served from tektonic