Guest Aaron Posted January 29, 2008 Posted January 29, 2008 I'll start at this forum as I'm not sure which one might be better. We have a server that, every few days or so, starts sending out huge amounts of UDP traffic to various IP's. We haven't been able to track down exactly what's causing all of this traffic, and the contents of the UDP packets don't provide any clues. It looks like a binary file being transferred or some such as the packet data is a solid block of seemingly random characters. I'd like to pinpoint the process that is sending this traffic. Is there a tool or command I can use to get this information? I've tried various permutations of Netstat but that only seems to display TCP connections and UDP listening ports. Makes sense because UDP is a connectionless protocol. But the process would have to open a local port in order to send that traffic and seems I should be able to see that...
Guest Thee Chicago Wolf Posted January 29, 2008 Posted January 29, 2008 Re: Find Process sending UDP Traffic >I'll start at this forum as I'm not sure which one might be better. >We have a server that, every few days or so, starts sending out huge >amounts of UDP traffic to various IP's. We haven't been able to >track down exactly what's causing all of this traffic, and the >contents of the UDP packets don't provide any clues. It looks like a >binary file being transferred or some such as the packet data is a >solid block of seemingly random characters. I'd like to pinpoint the >process that is sending this traffic. Is there a tool or command I >can use to get this information? I've tried various permutations of >Netstat but that only seems to display TCP connections and UDP >listening ports. Makes sense because UDP is a connectionless >protocol. But the process would have to open a local port in order to >send that traffic and seems I should be able to see that... Give CurrPorts 1.32 a try. It'll tell you what process is running and whether its TCP or UDP and it's free free free. - Thee Chicago Wolf
Guest Aaron Posted January 29, 2008 Posted January 29, 2008 Re: Find Process sending UDP Traffic On Jan 29, 10:33 am, Thee Chicago Wolf <.@.> wrote: > >I'll start at this forum as I'm not sure which one might be better. > >We have a server that, every few days or so, starts sending out huge > >amounts of UDP traffic to various IP's. We haven't been able to > >track down exactly what's causing all of this traffic, and the > >contents of the UDP packets don't provide any clues. It looks like a > >binary file being transferred or some such as the packet data is a > >solid block of seemingly random characters. I'd like to pinpoint the > >process that is sending this traffic. Is there a tool or command I > >can use to get this information? I've tried various permutations of > >Netstat but that only seems to display TCP connections and UDP > >listening ports. Makes sense because UDP is a connectionless > >protocol. But the process would have to open a local port in order to > >send that traffic and seems I should be able to see that... > > Give CurrPorts 1.32 a try. It'll tell you what process is running and > whether its TCP or UDP and it's free free free. > > - Thee Chicago Wolf THis looks quite promising...thank you. And it has a logging feature which will help with the random nature of these events.
Guest Thee Chicago Wolf Posted January 29, 2008 Posted January 29, 2008 Re: Find Process sending UDP Traffic On Tue, 29 Jan 2008 09:40:01 -0800 (PST), Aaron <Aaron.Smith@kzoo.edu> wrote: >On Jan 29, 10:33 am, Thee Chicago Wolf <.@.> wrote: >> >I'll start at this forum as I'm not sure which one might be better. >> >We have a server that, every few days or so, starts sending out huge >> >amounts of UDP traffic to various IP's. We haven't been able to >> >track down exactly what's causing all of this traffic, and the >> >contents of the UDP packets don't provide any clues. It looks like a >> >binary file being transferred or some such as the packet data is a >> >solid block of seemingly random characters. I'd like to pinpoint the >> >process that is sending this traffic. Is there a tool or command I >> >can use to get this information? I've tried various permutations of >> >Netstat but that only seems to display TCP connections and UDP >> >listening ports. Makes sense because UDP is a connectionless >> >protocol. But the process would have to open a local port in order to >> >send that traffic and seems I should be able to see that... >> >> Give CurrPorts 1.32 a try. It'll tell you what process is running and >> whether its TCP or UDP and it's free free free. >> >> - Thee Chicago Wolf > >THis looks quite promising...thank you. And it has a logging feature >which will help with the random nature of these events. Glad to help. Good luck. - Thee Chicago Wolf
Recommended Posts