How can I find out what program is sending DNS queries *.in-addr.arpa?

D

dollar2018-09-13 00:39:24

Windows

dollar, 2018-09-13 00:39:24

Thousands of requests per second.
Investigation has led to the following services (highlighted) being involved in sending DNS traffic:

More specifically, it's the svchost.exe process , which is unremarkable.
But these are the main services. They cannot be disabled. Someone else must be using them? How to find out?
Task manager, resource monitor, command line, total commander, various folders, dnscrypt-proxy, services are open.
Regular windows 7.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

dollar, 2018-09-18
@dollar

It was the resource monitor .
The Network tab displays all connections. The resource monitor "sees" only ip and really wants to know the real names of domains in order to display them.

E

Ezhyg, 2018-09-13
@Ezhyg

TCPViewer
CurrPorts
NetworkConnectLog
And anyway, download both packages!
download.sysinternals.com/files/SysinternalsSuite.zip
launcher.nirsoft.net/downloads/index.html + download.nirsoft.net/nirsoft_package_russian.zip
It seems to me that these programs will close all your questions for the next 5 years :D

C

CityCat4, 2018-09-13
@CityCat4

svchost.exe is a service launcher, it does nothing by itself. Any service, if you look at its command line, is launched through svchost, even if it has nothing to do with Microsoft (in the sense, it’s not hacked by them)