Results 1 to 3 of 3

Thread: Curious Traffic?

  1. #1
    Member
    Join Date
    Jan 2002
    Posts
    61

    Curious Traffic?

    I am trying to understand this traffic that I see reported on our FW log reports. A bunch of internal hosts on our network are trying to send packets out through the FW to 1.10.8.9. This is all port 139 Netbios traffic and its gets denied, but its just makes me wonder what is going on.

    I tried doing some google searches on it, but I couldn't come up with anything in particular. Do you guys have ideas what this could be?

  2. #2
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    I suggest going to one of the offending machines and running "netstat -ao" on them and see what process is attempting to connect to these addresses. You can cross reference the PID from this in task manager by adding the PID to the column list. After you know what process it is, it might lead you somewhere.

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    The ip 1.10.8.9 is weird actually this ip address space is reserved by the IANA

    http://www.iana.org/assignments/ipv4-address-space

    Seems like some kind of program or worm is running on your machines. Try to get information
    regarding who is sending what for process specific traffic sniffing try out Ultra Sniffer

    http://www.gjpsoft.com/ultranetsniffer/

    Also you can use tcpview from sysinternals - http://www.sysinternals.com/Utilities/TcpView.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •