Wireshark-users: Re: [Wireshark-users] correction to previous message

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Zhenyu Zhao <zzhao@xxxxxxxxxxxxxxx>
Date: Fri, 14 Nov 2008 17:38:59 -0500 (EST)
Some strings contained in the datagram seem like CLSID; you can do REGEDIT search for the CLSID to see what they are. But you still need to find out what process is sending UDP datagrams.... 


Zhen

On Fri, 14 Nov 2008, Edsel barrios wrote:


the machine has a lot of udp with the datagram protocol as follow

020  00 ff 19 f6 19 f6 05 30  90 d9 00 00 05 24 00 00   .......0 .....$..
0030  00 02 00 00 00 00 00 00  00 01 00 00 00 18 4d 00   ........ ......M.
0040  63 00 4e 00 41 00 55 00  6e 00 69 00 71 00 75 00   c.N.A.U. n.i.q.u.
0050  65 00 49 00 64 00 0b 00  00 00 24 00 00 00 37 62   e.I.d... ..$...7b
0060  32 38 64 65 34 32 2d 38  33 34 62 2d 34 37 30 38   28de42-8 34b-4708
0070  2d 62 39 63 31 2d 37 37  61 31 36 32 65 37 32 35   -b9c1-77 a162e725
0080  62 62 01 00 00 00 18 4d  00 63 00 4e 00 41 00 55   bb.....M .c.N.A.U
0090  00 6e 00 69 00 71 00 75  00 65 00 49 00 64 00 0b   .n.i.q.u .e.I.d..
00a0  00 00 00 24 00 00 00 64  30 36 62 36 63 61 34 2d   ...$...d 06b6ca4-
00b0  34 61 34 32 2d 34 66 66  31 2d 61 66 65 37 2d 34   4a42-4ff 1-afe7-4
00c0  62 35 61 33 34 35 62 66  61 39 65 01 00 00 00 88   b5a345bf a9e.....
00d0  00 00 00 26 4d 00 63 00  4e 00 41 00 4e 00 6f 00   ...&M.c. N.A.N.o.
00e0  64 00 65 00 56 00 65 00  72 00 73 00 69 00 6f 00   d.e.V.e. r.s.i.o.
00f0  6e 00 4c 00 69 00 73 00  74 00 06 00 00 00 0b 00   n.L.i.s. t.......
0100  00 00 24 00 00 00 36 37  33 33 64 61 30 30 2d 38   ..$...67 33da00-8
0110  31 62 30 2d 34 32 33 31  2d 62 31 34 64 2d 66 30   1b0-4231 -b14d-f0
0120  66 30 35 65 37 35 38 38  66 65 01 02 00 00 00 0b   f05e7588 fe......
0130  00 00 00 24 00 00 00 37  31 65 33 63 61 35 34 2d   ...$...7 1e3ca54-
0140  61 37 39 37 2d 34 66 37  33 2d 38 31 61 35 2d 35   a797-4f7 3-81a5-5
0150  61 34 39 32 33 66 30 30  35 39 62 01 02 00 00 00   a4923f00 59b.....
0160  0b 00 00 00 24 00 00 00  37 31 66 64 33 31 64 64   ....$... 71fd31dd
0170  2d 61 34 62 35 2d 34 39  32 39 2d 38 32 35 31 2d   -a4b5-49 29-8251-
0180  30 62 39 32 31 63 37 35  38 66 65 62 01 04 00 00   0b921c75 8feb....
0190  00 0b 00 00 00 24 00 00  00 37 35 36 33 61 30 39   .....$.. .7563a09
01a0  66 2d 30 63 36 30 2d 34  62 65 36 2d 61 30 38 36   f-0c60-4 be6-a086
01b0  2d 32 62 63 39 39 34 66  38 61 32 64 30 01 06 00   -2bc994f 8a2d0...
01c0  00 00 0b 00 00 00 24 00  00 00 37 63 33 65 31 30   ......$. ..7c3e10
01d0  64 63 2d 36 66 61 65 2d  34 66 30 63 2d 62 30 63   dc-6fae- 4f0c-b0c
01e0  38 2d 38 62 36 39 65 30  63 35 36 63 33 39 01 02   8-8b69e0 c56c39..
01f0  00 00 00 0b 00 00 00 24  00 00 00 64 30 36 62 36   .......$ ...d06b6
0200  63 61 34 2d 34 61 34 32  2d 34 66 66 31 2d 61 66   ca4-4a42 -4ff1-af
0210  65 37 2d 34 62 35 61 33  34 35 62 66 61 39 65 01   e7-4b5a3 45bfa9e.
0220  b0 01 00 00 00 00 02 8a  07 00 00 00 0b 00 00 00   ........ ........
0230  24 00 00 00 36 37 33 33  64 61 30 30 2d 38 31 62   $...6733 da00-81b
0240  30 2d 34 32 33 31 2d 62  31 34 64 2d 66 30 66 30   0-4231-b 14d-f0f0
0250  35 65 37 35 38 38 66 65  01 0b 00 00 00 24 00 00   5e7588fe .....$..
0260  00 64 30 36 62 36 63 61  34 2d 34 61 34 32 2d 34   .d06b6ca 4-4a42-4
0270  66 66 31 2d 61 66 65 37  2d 34 62 35 61 33 34 35   ff1-afe7 -4b5a345
0280  62 66 61 39 65 01 0b 00  00 00 24 00 00 00 37 31   bfa9e... ..$...71
0290  65 33 63 61 35 34 2d 61  37 39 37 2d 34 66 37 33   e3ca54-a 797-4f73
02a0  2d 38 31 61 35 2d 35 61  34 39 32 33 66 30 30 35   -81a5-5a 4923f005
02b0  39 62 01 0b 00 00 00 24  00 00 00 64 30 36 62 36   9b.....$ ...d06b6
02c0  63 61 34 2d 34 61 34 32  2d 34 66 66 31 2d 61 66   ca4-4a42 -4ff1-af
02d0  65 37 2d 34 62 35 61 33  34 35 62 66 61 39 65 01   e7-4b5a3 45bfa9e.
02e0  0b 00 00 00 24 00 00 00  37 31 66 64 33 31 64 64   ....$... 71fd31dd
02f0  2d 61 34 62 35 2d 34 39  32 39 2d 38 32 35 31 2d   -a4b5-49 29-8251-
0300  30 62 39 32 31 63 37 35  38 66 65 62 01 0b 00 00   0b921c75 8feb....
0310  00 24 00 00 00 64 30 36  62 36 63 61 34 2d 34 61   .$...d06 b6ca4-4a
0320  34 32 2d 34 66 66 31 2d  61 66 65 37 2d 34 62 35   42-4ff1- afe7-4b5
0330  61 33 34 35 62 66 61 39  65 01 0b 00 00 00 24 00   a345bfa9 e.....$.
0340  00 00 37 35 36 33 61 30  39 66 2d 30 63 36 30 2d   ..7563a0 9f-0c60-
0350  34 62 65 36 2d 61 30 38  36 2d 32 62 63 39 39 34   4be6-a08 6-2bc994
0360  66 38 61 32 64 30 01 0b  00 00 00 24 00 00 00 64   f8a2d0.. ...$...d
0370  30 36 62 36 63 61 34 2d  34 61 34 32 2d 34 66 66   06b6ca4- 4a42-4ff
0380  31 2d 61 66 65 37 2d 34  62 35 61 33 34 35 62 66   1-afe7-4 b5a345bf
0390  61 39 65 01 0b 00 00 00  24 00 00 00 37 62 32 38   a9e..... $...7b28
03a0  64 65 34 32 2d 38 33 34  62 2d 34 37 30 38 2d 62   de42-834 b-4708-b
03b0  39 63 31 2d 37 37 61 31  36 32 65 37 32 35 62 62   9c1-77a1 62e725bb
03c0  01 0b 00 00 00 24 00 00  00 64 30 36 62 36 63 61   .....$.. .d06b6ca
03d0  34 2d 34 61 34 32 2d 34  66 66 31 2d 61 66 65 37   4-4a42-4 ff1-afe7
03e0  2d 34 62 35 61 33 34 35  62 66 61 39 65 01 0b 00   -4b5a345 bfa9e...
03f0  00 00 24 00 00 00 37 63  33 65 31 30 64 63 2d 36   ..$...7c 3e10dc-6
0400  66 61 65 2d 34 66 30 63  2d 62 30 63 38 2d 38 62   fae-4f0c -b0c8-8b
0410  36 39 65 30 63 35 36 63  33 39 01 0b 00 00 00 24   69e0c56c 39.....$
0420  00 00 00 64 30 36 62 36  63 61 34 2d 34 61 34 32   ...d06b6 ca4-4a42
0430  2d 34 66 66 31 2d 61 66  65 37 2d 34 62 35 61 33   -4ff1-af e7-4b5a3
0440  34 35 62 66 61 39 65 01  0b 00 00 00 24 00 00 00   45bfa9e. ....$...
0450  64 30 36 62 36 63 61 34  2d 34 61 34 32 2d 34 66   d06b6ca4 -4a42-4f
0460  66 31 2d 61 66 65 37 2d  34 62 35 61 33 34 35 62   f1-afe7- 4b5a345b
0470  66 61 39 65 01 0b 00 00  00 24 00 00 00 64 30 36   fa9e.... .$...d06
0480  62 36 63 61 34 2d 34 61  34 32 2d 34 66 66 31 2d   b6ca4-4a 42-4ff1-
0490  61 66 65 37 2d 34 62 35  61 33 34 35 62 66 61 39   afe7-4b5 a345bfa9
04a0  65 01 a8 7b d1 f9 9f 92  3d ff 1a ce 59 90 7c 97   e..{.... =...Y.|.
04b0  dc 54 00 00 00 24 4d 00  63 00 4e 00 41 00 4d 00   .T...$M. c.N.A.M.
04c0  61 00 63 00 41 00 64 00  64 00 72 00 65 00 73 00   a.c.A.d. d.r.e.s.
04d0  73 00 4c 00 69 00 73 00  74 00 01 00 00 00 06 00   s.L.i.s. t.......
04e0  00 00 00 a0 c8 0e 5e 0c  00 00 00 08 3f 92 0c 48   ......^. ....?..H
04f0  00 00 00 00 00 00 00 2c  4d 00 63 00 4e 00 41 00   ......., M.c.N.A.
0500  4e 00 48 00 41 00 70 00  70 00 48 00 65 00 61 00   N.H.A.p. p.H.e.a.
0510  72 00 74 00 62 00 65 00  61 00 74 00 44 00 61 00   r.t.b.e. a.t.D.a.
0520  74 00 61 00 01 00 00 00  06 00 00 00 4e 00 4d 00   t.a..... ....N.M.
0530  43 00 14 00 00 00 0d 00  00 00 01 00 00 00 08 00   C....... ........
0540  00 00 01 00 00 00 f6 7f  00 00 7b de f7 bd 00 00   ........ ..{.....
0550  16 07                                              ..
but also Arp and queries all the pc in the network

Thank you
Edsel