Anybody know what this traffic is? It's a Microsoft address, and it's running on Windows XP:
$ windump -n -l -p -i2 -x -X udp port 3544
c:\WINDOWS\windump.exe: listening on \Device\NPF_{26CB763D-9C91-4E4B-8C63-CFE50414E704}
04:13:00.847573 IP 192.168.3.106.4969 > 65.54.227.124.3544: UDP, length 77 0x0000: 4500 0069 4cf7 0000 8011 04c8 c0a8 036a E..iL..........j 0x0010: 4136 e37c 1369 0dd8 0055 6706 0001 0000 A6.|.i...Ug..... 0x0020: 378b cf4f 90a2 311e 0060 0000 0000 183a 7..O..1..`.....: 0x0030: fffe 8000 0000 0000 0000 00ff ffff ffff ................ 0x0040: fdff 0200 0000 0000 0000 0000 0000 0000 ................ 0x0050: 0285 .. 04:13:00.947424 IP 65.54.227.124.3544 > 192.168.3.106.4969: UDP, length 109 0x0000: 4500 0089 4f83 0000 7011 121c 4136 e37c E...O...p...A6.| 0x0010: c0a8 036a 0dd8 1369 0075 c8cf 0001 0000 ...j...i.u...... 0x0020: 378b cf4f 90a2 311e 0000 00ec 9631 56d8 7..O..1......1V. 0x0030: b060 0000 0000 303a fffe 8000 0000 0000 .`....0:........ 0x0040: 0080 00f2 27be c91c 83fe 8000 0000 0000 ....'........... 0x0050: 0000 ..
And from a CMD box running as an administrator:
C:\WINDOWS\system32>netstat -anvbActive Connections
Proto Local Address Foreign Address State PID
[snip]
UDP 192.168.3.106:4969 *:* 1828 c:\windows\system32\WS2_32.dll c:\windows\system32\6to4svc.dll ntdll.dll C:\WINDOWS\system32\kernel32.dll [svchost.exe]
[snip]
Probably innocuous enough, but that port is supposedly ccss-qmm (CCSS QMessageMonitor) and I'm not aware of that software being part of the XP kernel; those are all kernel components in the netstat output. And I just don't like the idea of my machine talking to Microsoft without my express permission. Sure, I could firewall the port, but it could be the automatic Windows update stuff, which I do want. I just wish I could find some real info on it -- so far my Google searches haven't been very productive.
I happened to notice only because I was testing an idea of sending UDP as part of a peer-to-peer video messaging system, a sort of virtual pub. One of many back-burner projects.
last updated 2013-01-10 20:54:30. served from tektonic.jcomeau.com