Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

The Case of the Unknown Network Traffic

Posted by William Diaz on February 14, 2011

If you enable “Show icon in the notification area when connected” for your LAN or other network device, a small icon will blink on and off in the system tray, which gives you a simple visual indication of network activity.

One day I noticed that this icon was solid … always. I double-clicked on the icon to see the number of packets passing to and from the Local Area Connection.

Activity updates each second and I was seeing 100-120 packets sent and received at each refresh interval (1 sec). This was not a big deal performance-wise, everything proceeded normally. But my interest was sparked and so I set off to find the cause of network traffic. To accomplish this, I opened Microsoft Network Monitor and started a capture on my local area connection. I would only need to capture a few seconds of activity. All connections from and to the monitored system are listed under Network Conversations.

I had already done some basic troubleshooting by closing all applications that had active connections to no avail so I went down the list and focused on Other Traffic > Unknown. The first row caught my attention. There is some UDP traffic between me (X.X.3.24) and another system I didn’t recognize (X.X.15.28). I selected the sub-row in the list and looked at the Frame Summary. There is no associated Process Name so I am assuming the culprit is the remote IP and not my system. Further details show me the Protocol is RTP, real-time transport protocol, which is used for streaming media (especially telephony); the description is also indicates an audio stream:

Perhaps X.X15.28 would reveal its purpose in name. To get the name, I opened the command shell and used –a switch with the ping command; the name came back as xxx-telemc1. So, yes, we were dealing with a system that handled voice communications, and after some inquiring I found that this server was part of some legacy office PBX system. Since it was no longer needed it was shut down and the continuous network traffic ceased. I still would like to have known why this system was trying to stream audio to my workstation in the first place. Oh. well…


2 Responses to “The Case of the Unknown Network Traffic”

  1. Good post. I wish more Windows admins, myself included, understood how to use sniffers this way.

  2. I am glad to find this post very valuable for me, as it contains lot of information. I always prefer to read the quality content and this thing I found in you post. Thanks for sharing.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: