Question

Locked

DNS UDP traffic

By Boris Stimac ·
Is it normal to have thousands of UDP lines,
this is copy paste from tcpview log


dns.exe:1720 UDP 0.0.0.0:50006 *:*
dns.exe:1720 UDP 0.0.0.0:50008 *:*
dns.exe:1720 UDP 0.0.0.0:50009 *:*
dns.exe:1720 UDP 0.0.0.0:50015 *:*
dns.exe:1720 UDP 0.0.0.0:50031 *:*
dns.exe:1720 UDP 0.0.0.0:50037 *:*
dns.exe:1720 UDP 0.0.0.0:50038 *:*
dns.exe:1720 UDP 0.0.0.0:50040 *:*
dns.exe:1720 UDP 0.0.0.0:50042 *:*
dns.exe:1720 UDP 0.0.0.0:50044 *:*
dns.exe:1720 UDP 0.0.0.0:50051 *:*
dns.exe:1720 UDP 0.0.0.0:50065 *:*
dns.exe:1720 UDP 0.0.0.0:50070 *:*
dns.exe:1720 UDP 0.0.0.0:50071 *:*
dns.exe:1720 UDP 0.0.0.0:50081 *:*
dns.exe:1720 UDP 0.0.0.0:50092 *:*
dns.exe:1720 UDP 0.0.0.0:50100 *:*
dns.exe:1720 UDP 0.0.0.0:50101 *:*
dns.exe:1720 UDP 0.0.0.0:50102 *:*
dns.exe:1720 UDP 0.0.0.0:50103 *:*
dns.exe:1720 UDP 0.0.0.0:50104 *:*
dns.exe:1720 UDP 0.0.0.0:50107 *:*
dns.exe:1720 UDP 0.0.0.0:50108 *:*
dns.exe:1720 UDP 0.0.0.0:50110 *:*
dns.exe:1720 UDP 0.0.0.0:50111 *:*
dns.exe:1720 UDP 0.0.0.0:50121 *:*
dns.exe:1720 UDP 0.0.0.0:50122 *:*
dns.exe:1720 UDP 0.0.0.0:50261 *:*
dns.exe:1720 UDP 0.0.0.0:50270 *:*
dns.exe:1720 UDP 0.0.0.0:50273 *:*
dns.exe:1720 UDP 0.0.0.0:50277 *:*
dns.exe:1720 UDP 0.0.0.0:50280 *:*
dns.exe:1720 UDP 0.0.0.0:50285 *:*
dns.exe:1720 UDP 0.0.0.0:50295 *:*
dns.exe:1720 UDP 0.0.0.0:50304 *:*
dns.exe:1720 UDP 0.0.0.0:50318 *:*
dns.exe:1720 UDP 0.0.0.0:50322 *:*
dns.exe:1720 UDP 0.0.0.0:50323 *:*
dns.exe:1720 UDP 0.0.0.0:50329 *:*
dns.exe:1720 UDP 0.0.0.0:50330 *:*
dns.exe:1720 UDP 0.0.0.0:50339 *:*
dns.exe:1720 UDP 0.0.0.0:50349 *:*
dns.exe:1720 UDP 0.0.0.0:50361 *:*
dns.exe:1720 UDP 0.0.0.0:50365 *:*
dns.exe:1720 UDP 0.0.0.0:50369 *:*
dns.exe:1720 UDP 0.0.0.0:50375 *:*
dns.exe:1720 UDP 0.0.0.0:50379 *:*
dns.exe:1720 UDP 0.0.0.0:50387 *:*
dns.exe:1720 UDP 0.0.0.0:50517 *:*
dns.exe:1720 UDP 0.0.0.0:50520 *:*
dns.exe:1720 UDP 0.0.0.0:50531 *:*
dns.exe:1720 UDP 0.0.0.0:50533 *:*
dns.exe:1720 UDP 0.0.0.0:50540 *:*
dns.exe:1720 UDP 0.0.0.0:50554 *:*
dns.exe:1720 UDP 0.0.0.0:50566 *:*
dns.exe:1720 UDP 0.0.0.0:50567 *:*
dns.exe:1720 UDP 0.0.0.0:50568 *:*
dns.exe:1720 UDP 0.0.0.0:50574 *:*
dns.exe:1720 UDP 0.0.0.0:50576 *:*

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Normal

by seanferd In reply to DNS UDP traffic

This is caused, I believe, by the update MS released for the MS DNS server due to the "Kaminsky bug". UDP listens on a bunch (2500) of ports.

http://msmvps.com/blogs/alunj/archive/2008/07/19/1641409.aspx

Edit: If this is not MS DNS (check it), then it may be something else (like malware), but it looks like what you are seeing is the normal behavior of MS DNS.

Back to Software Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums