General Discussion - Mysterious Packets

Print Page | Close Window

Mysterious Packets

Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: General Discussion
Forum Description: General discussion and chat on any topic.
URL: https://forums.webwiz.net/forum_posts.asp?TID=11074
Printed Date: 31 March 2026 at 6:33pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Mysterious Packets

Posted By: huwnet
Subject: Mysterious Packets
Date Posted: 02 July 2004 at 2:05pm

I have recently been analysing my network traffic. And my PC is sending and recieving packets from baym-td1.msgr.hotmail.com, baym-td1.msgr.hotmail.com. The IP addresses are 64.4.25.80, 64.4.25.81, 64.4.25.84, 64.4.25.85 . It is on ports 3544 and 2193. I have checked my computer for viruses and adaware but I still cannot find the cause of this problem.

Replies:

Posted By: wolfie
Date Posted: 02 July 2004 at 2:21pm

Something to do with MSN Messenger I think. Or maybe connected with the new techpreview of the MSN search engine and it's picking up web files on your server (doubt it though).

-------------
Wolfie--[ http://www.wolfweb.co.uk - WolfWeb.co.uk ]
PHP, .net--[ beginner ] ASP, VB, C, SQL--[ intermediate ] X/D/HTML, CSS, WML, XML--[

Posted By: huwnet
Date Posted: 02 July 2004 at 2:30pm

No. This isn't my server and I haven't run MSN in ages.

Posted By: wolfie
Date Posted: 02 July 2004 at 2:40pm

http://translate.google.com/translate?hl=en&sl=de&u=http://www.derfisch.de/modules.php%3Fop%3Dmodload%26name%3DPNphpBB2%26file%3Dviewtopic%26t%3D985&prev=/search%3Fq%3Dbaym-td1%26hl%3Den%26lr%3D%26ie%3DUTF-8 - http://translate.google.com/translate?hl=en&sl=de&u= http://www.derfisch.de/modules.php%3Fop%3Dmodload%26name%3DP NphpBB2%26file%3Dviewtopic%26t%3D985&prev=/search%3Fq%3D baym-td1%26hl%3Den%26lr%3D%26ie%3DUTF-8

Check that out, found something relating to baym-td1.msgr.hotmail.com. But I can't make head nor tail of it.

But the IP address is defantly hotmail (this is what pinged back)...

OrgName: MS Hotmail
OrgID: MSHOTM
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: 64.4.0.0 - 64.4.63.255
CIDR: 64.4.0.0/18
NetName: HOTMAIL
NetHandle: NET-64-4-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.HOTMAIL.COM
NameServer: NS3.HOTMAIL.COM
NameServer: NS2.HOTMAIL.COM
NameServer: NS4.HOTMAIL.COM
Comment:
RegDate: 1999-11-24
Updated: 2003-06-27

TechHandle: MSFTP-ARIN
TechName: MSFT-POC
TechPhone: +1-425-882-8080
TechEmail: iprrms@microsoft.com

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com

-------------
Wolfie--[ http://www.wolfweb.co.uk - WolfWeb.co.uk ]
PHP, .net--[ beginner ] ASP, VB, C, SQL--[ intermediate ] X/D/HTML, CSS, WML, XML--[

Posted By: huwnet
Date Posted: 02 July 2004 at 3:01pm

Could be a virus not picked up by the scanner that is made to look like scvhost etc.

Posted By: Mart
Date Posted: 02 July 2004 at 3:31pm

I doubt theres a virus that connects to a MS site that is undetected by virus scanners . . . What OS is it? XP Pro etc. have Windows Messenger preinstalled and it runs at startup. Also are these connections incoming or outgoing?

Posted By: huwnet
Date Posted: 02 July 2004 at 3:57pm

XP Pro. Messenger may run at startup but this traffic is continuos. The traffic is ingoing and outgoing. The TRAFFIC IS UDP

Posted By: dpyers
Date Posted: 02 July 2004 at 4:16pm

http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22%2Emsgr%2Ehotmail%2Ecom%22 - http://www.google.com/search?sourceid=navclient&ie=UTF-8 &oe=UTF-8&q=%22%2Emsgr%2Ehotmail%2Ecom%22
turned up a lot of stuff

-------------

Lead me not into temptation... I know the short cut, follow me.

Posted By: huwnet
Date Posted: 03 July 2004 at 12:10pm

OK it looks like MSN is running yet it dosen't show up in the task list.

Posted By: Mart
Date Posted: 03 July 2004 at 12:39pm

This article shows how to uninstall it

http://www.devjunkies.com/?name=viewart&type=1&tid=34 - http://www.devjunkies.com/?name=viewart&type=1&tid=3 4

Posted By: Shimpi06
Date Posted: 04 July 2004 at 7:10am

You know what? I think I saw msn or messenger running as a service or something on my XP-home box. I recall taking it out of startup with ms-config or in the Services List.

Posted By: Mart
Date Posted: 04 July 2004 at 7:48am

There is a service called Messenger but it is not MSN Messenger...

Here is what MS says about it

Messenger�sends and receives messages to or from users and computers, or those transmitted by administrators or by the Alerter service. If disabled, Messenger notifications cannot be sent to or received by the computer or by users currently logged on; NET SEND and NET NAME will no longer function.

Posted By: dpyers
Date Posted: 04 July 2004 at 8:45am

I believe messenger runs if you ask to have critical updates auto installed. It also runs as part of Outlook 2003 mail check.

-------------

Lead me not into temptation... I know the short cut, follow me.

Posted By: huwnet
Date Posted: 04 July 2004 at 1:55pm

ok.