Ruiz, Mike wrote:
I was hoping someone out there can help me determine what some unusual
traffic I’m seeing from a workstation on my network really is. The
traffic is multicast to destination ip 234.2.3.4 with a varying source
port and a destination port of UDP 7000 always at the next layer it
determines it is reliable UDP (RUDP). It says its Malformed Cisco SM
protocol
That's because the only dissector Ethereal has for UDP traffic on port
7000 is for the Cisco "Reliable UDP" protocol, but that's probably not
what this is.
A Google for
"port 7000" udp
finds some pages that speak about AFS3, but you probably don't have AFS
(Andrew File System) installed. It found a page
http://www.by-users.co.uk/faqs/security/which-port/
which lists what, by the names, sounds like various Trojans, etc. using
various ports.
It also finds pages that mentions EverCrack^H^H^H^H^H^H^H^H^HEverQuest
software - and also finds a page:
http://www.usr.com/support/9105/9105-ug/appendix.html
which says
2. Window's[sic] Media Player uses TCP port 1755 from the player to
connect to the server and uses UDP port 7000-7007 to perform the actual
streaming of data.
As you mention it being multicast, I suspect it's Windows Media Player
traffic.