Today I’ve started getting attempts to contact my machine from the internet first thru TCP and now thru UDP on various ports at initial boot. I’ve traced the IP address to San Jose, Ca. but what I want to know is if there is a way I can find out just what program on my PC is alerting whoever/whatever to start this connection attempt.
The log files only point to svchost & Windows operating system. I do not allow windows to update on its own so I guess I can rule that out. Any help or web pointers would be appreciated.
Can you provide a little more information about the connections please. The svchost PID and the associated services running under that PID would be useful. You can obtain that information in a number of ways, probably the easiest is to open a command prompt and type:
netstat -ano
Look down the list until you find the IP address involved in the connection, then look across to the right to find the PID. Whilst you’re looking at the netstat results, check to see if any of the IP addresses are in a TIME_WAIT state with a PID of 0 (zero). Next type:
tasklist /svc
Find svchost with the correct PID and list the services associated with it. Post the details here.
Are you using a p2p client? If so, is the inbound port in the connections the same. Finally, which OS are you using?
Thanks for the response. No P2P on this machine and Vista Home Premium is my OS. Unfortunately the information needed doesn’t seem to be available anymore. Leastwise next time it happens I’ll be better prepared I reckon, thanks.
Just wondering what would a TIME_WAIT state indicate?
TIME_WAIT is a state related to the TCP protocol. Basically, TCP tries to guarantee delivery of the data between any two points, so when a socket is closed, each party goes into a TIME_WAIT state to allow for any stray packets to be delivered. The time period is configurable.