Hi,
I was trying to nail down which process in one of our server is sending the UDP1035/1036 to some external addresses but to no avail. I can see the traffics are blocked at the firewall and can capture it with wireshark but I can’t tell which process is sending the UDP traffic.
Both TCPView and CurrPort doesn’t show anything at all on UDP.
Server info:
Windows Server 2003 SP2
Domain Controller
Source port: random
Destination port: UDP1035/1036/1045/1046
Any help and suggestion will be much appreciated.