I was wondering if someone could help me figure something out.
When running TCPView, I'll see svchost establishing connections to places that I don't recognize. And I was wondering if there is a way I could find out ~why~ it's connecting to these places.
For instance today.. I logged on and my firewall alerted me that svchost wanted to connect to download.windowsupdate.com. Okay, fine.. I accepted. It connected and there were no updates. But while watching TCPView.. svchost connected (without alerting me) to a different IP (195.10.34.87 :80). I couldn't find any info on that IP so I checked my Process Explorer and saw that svchost was connected to " rsvd- akamaiint-87.34.10.195.in-addr.arpa:http ".
I sat there and watched as over 10 megs of data was being received by my computer and about 800k was being sent out. I didn't see an automatic update icon appear as it normally does when downloading updates.. so I wasn't sure what kind of data was being exchanged.
So I logged off and reconnected. Now svchost has connected again (without any alert from my firewall) to 72.247.127.51:80.. which is AKAMAITECHNOLOGIES.COM and has begun sending and receiving data once again with no auto-update icon showing.
Is there ~any~ possible way to find out what kind of data is being sent or received by my computer when this happens?
Please help?