0

So , after some time I re-opened wireshark to update it and I saw something pretty strange, now I'm really not sure what this is and that might just be a basic thing but I can't seem to understand why my computer communicates with the steam api on a DNS protocol even if there are absolutely no instances of steam running right now, here is a screenshot: enter image description here

Thanks in advance.

Alex
  • 103
  • 4

1 Answers1

1

As this is apparently on Windows, here is one way of tracking down which process initiated the DNS lookup (assuming it was done using the normal Windows APIs) using the built-in audit facility:

  • Open Event Viewer (eventvwr.exe)
  • Navigate to Applications and Services Logs -> Microsoft -> Windows -> DNS Client Events -> Operational
  • If the log is empty, you will have to first enable the log by choosing Enable log in the right-hand pane.
  • Browse/search the log until you find what you are looking for (wait/refresh as necessary if the log was disabled)
  • When you have found a recent log event that matches the query that you are looking for, go to Details -> System -> Execution -> ProcessID
  • Now look up this PID in for example Task Manager
    (Obviously this mapping of PID -> process information needs to be done relatively shortly after the log entry was created - the same process needs to be running still)
Håkan Lindqvist
  • 35,011
  • 5
  • 69
  • 94