1. Home
  2. Networking Firewalls
  3. Question about svchost

Question about svchost

I was wondering if someone could help me figure something out.

When running TCPView, I'll see svchost establishing connections to places that I don't recognize. And I was wondering if there is a way I could find out ~why~ it's connecting to these places.

For instance today.. I logged on and my firewall alerted me that svchost wanted to connect to download.windowsupdate.com. Okay, fine.. I accepted. It connected and there were no updates. But while watching TCPView.. svchost connected (without alerting me) to a different IP (195.10.34.87 :80). I couldn't find any info on that IP so I checked my Process Explorer and saw that svchost was connected to " rsvd- akamaiint-87.34.10.195.in-addr.arpa:http ".

I sat there and watched as over 10 megs of data was being received by my computer and about 800k was being sent out. I didn't see an automatic update icon appear as it normally does when downloading updates.. so I wasn't sure what kind of data was being exchanged.

So I logged off and reconnected. Now svchost has connected again (without any alert from my firewall) to 72.247.127.51:80.. which is AKAMAITECHNOLOGIES.COM and has begun sending and receiving data once again with no auto-update icon showing.

Is there ~any~ possible way to find out what kind of data is being sent or received by my computer when this happens?

Please help?

Reply to
thx1138xxix
Loading thread data ...

Is that a joke? Use a network sniffer!

Microsoft uses Akamai's Load Balancing service for Windows Update.

Reply to
Sebastian Gottschalk

You use a packet sniffer like Ethereal (free) or other ones that are free.

Also, as you can see, the personal FW or personal packet sniffer can be circumvented and defeated with ease under the right conditions.

That's why you use the tools in the link and look around from time to time with the tools in the link.

Svchost.exe is just the messenger, which does the bidding for the O/S programs and other programs that want to connect on a network, such as the Internet.

You use Process Explorer, which allows you to look inside and program and see what other programs/processes are being hosted by a given program/process, and the other tools such as TCPview.

Reply to
Mr. Arnold

Also, as you can see, the personal FW or *personal packet sniffer* can be circumvented and defeated with ease under the right conditions.

Also, as you can see, the personal FW or *personal packet filter* can be circumvented and defeated with ease under the right conditions.

Reply to
Mr. Arnold

ARIN can be your friend:

formatting link
?queryinput=195.10.34.87 (Of course you can go further to see who RIPE is providing the IP to based on ARINs info ....
formatting link
looky it's AKAMAI-TECHNOLOGIES again).

Further google is your friend, if you didn't know a quick search would reveal that MS is a significant customer of Akamai.

Reply to
kingthorin

Is it just me, or does anyone else wonder why _MS_ needs someone else to help them with their computer networking? You would think that they would have the hardware and knowledge 'in house' as it were. Just a random wondering, we now return you to your regularly scheduled insanity.

Reply to
ArtDent

It's often cheaper to outsource then to build your own infrastructure.

Reply to
DevilsPGD

'in house' is exactly the reason why they're utilizing Akamai's service. Akamai's Load Balancing works so well becasue it's widely spread and well-balanced all over the world.

Reply to
Sebastian Gottschalk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.