1

By WireSharking the network traffic, I'm finding out my PC is sending out ICMP echo request to a suspicious ip address while I'm not running ping.exe explicitly. There must be some process doing this. And I want to find it out.

I've looked at the identitier field of the outgoing ICMP packet, but haven't found any clue. (All packet's id field value is 0x200, unlikely under *NIX system, this field is fill with the initiator's pid).

I've also used Process Explorer to locate processes which are using icmp.dll, but nothing found.

The running operating system is Windows XP Service Pack 2.

I'll be appreciated if someone helps me out, thanks.

vivimice
  • 496
  • 8
  • 9
  • Check out the following question on ServerFault. http://serverfault.com/questions/235406/my-computer-is-sending-icmp-packets-to-arbitrary-destinations – BluesRockAddict Apr 01 '12 at 06:30
  • Thanks @BluesRockAddict. But the suspicous ICMP packet is echo request, not unreachable or something else. And I also used wireshark to sniff any other packet related the destination of the packet, nothing found. And While I'm inspecting for further information, the computer reboot unexpectedly. After the reboot, the suspicious-packet-sending-phenomenon has disappeared .... – vivimice Apr 01 '12 at 06:53

0 Answers0