alot snmp traffic snmp not enabled

hi,
  i have windows 2003 server installed it keeps trying to access other ips out of my lan (probably in my main office) i can see blocks every 5 secs on my firewall it tries to access the same 5 ip's over and over again on udp 161 (snmp) i am trying to get to souce of why it is doing this. The snmp service is not installed and there is no snmp service in services,msc

anyone with any ideas  
BarepAssetsSys AdminAsked:
Who is Participating?
 
farazhkhanConnect With a Mentor Commented:
Hi,

Download WireShark and see from where it is originating: http://www.wireshark.org/download.html

Reagrds,
Faraz H. Khan
0
 
rhandelsCommented:
If you look at the machine that's trying to set up this connection and you do a netstat -a -o, do you see any process that is using port 161?? If so, you can get the process id (that;s waht the -o is for) and check and see what process is trying to do this. You do need to make sure to add the process ID in your view of the task manager.
0
 
genie3kCommented:
Hello,

If you are just trying to stop this outbound access .. just enable windows firewall or 3rd party firewall like zone alarm.

You can use NMAP to check the ports.
There is a Windows and a Linux version available at:
http://nmap.org/

 if you type in "netstat -o"
you get not only the ports but also the owning process ID associated with each connection.

To get the list of tags for nestat type in "netstat ?".

Or you could use a program like portqry...I use nmap myself, but that's me.


0
 
BarepAssetsSys AdminAuthor Commented:
i used wireshark and found it snmp was enabled on properties of printers un enabled and traffic sorted
0
All Courses

From novice to tech pro — start learning today.