Our company has 7 sites. Each site has it's own AD server. Each AD server replicates with our data center. I have a PC that when it logs on it goes to another site and accesses info on it's AD server. It uses source port 445 and destination port of 63102. We have McAfee and I've scanned it looking for virus' (nothing there). This PC doesn't come on that often but when it does it hammers our WAN for about 10-15 minutes then it settles down. The source site has a T1 while the remote site has 10MB connection. Any idea of what it is trying to do?