This is our old Q&A Site. Please post any new questions and answers at

I have some strange UDP traffics on one Win 7 machine on local port 60129 with a huge amount of connection to random computers. What I can't figure out from what process it's generated. Have used nestat -a -o -p UDP 1 >log.out for a long time but never seen port 60129 in the log file. I have also used ProcessMonitor and TCPView but have never seen any hits and at the same time captured traffic with Wireshark. I also used Port Explorer but it didn't either see this traffic as well. So it's only Wrireshark what has shown the traffic.

I always get port 60129 even after reboot.

I have tried to kill one process at the time to see if I could stop the traffic haven't been able to find the process in that way either before the computer rebooted. Would like to avoid using this solution if any other can be used.


asked 01 Jan '14, 18:40

Erland's gravatar image

accept rate: 0%

edited 02 Jan '14, 01:03

Jim%20Aragon's gravatar image

Jim Aragon

Apply a display filter of "frame.len > 300" and examine the displayed packets. You will see a lot more ASCII-readable information. It appears to be list of downloadable video files, with heavy emphasis on Asian names. Some of the listings seem to correspond almost exactly in format to listings found at [NSFW], including channel numbers. For example, the listing at [NSFW} corresponds to the data in packet 4274.

It appears that the titles get blasted to multiple addresses almost simultaneously. For example, with that display filter applied, packets 4274, 4275, 4276, 4278, 4279, 4281, 4282, 4284, 4288, 4289, 4291, 4293, 4299, 4300, 4303, 4305, 4307, 4308, and 4310 all seem to be sending the same information to 20 different destinations, all within less than half a second.

The destination IP addresses appear to resolve to dynamic addresses that are probably assigned to home users. For example, " (" in packet 4281, and " (" in packet 4275.

Most of the listings seem to end with ".zip"

I don't know what's going on, but my first guess would be some sort of file sharing. You might try capturing with Microsoft Network Monitor and see if it will identify the process responsible for these packets. I'd also do a complete system scan with an up-to-date anti-malware scanner.

permanent link

answered 01 Jan '14, 20:58

Jim%20Aragon's gravatar image

Jim Aragon
accept rate: 24%

edited 02 Jan '14, 05:41

Bill%20Meier's gravatar image

Bill Meier ♦♦

Thanks for that excellent answer. Hopefully I should be able to find and delete the process now as I have more of an idea what I'm searching for.

(02 Jan '14, 00:38) Erland

P.S.: If possible, please let us know what you find ....

(03 Jan '14, 06:53) Bill Meier ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 01 Jan '14, 18:40

question was seen: 5,676 times

last updated: 03 Jan '14, 06:53

p​o​w​e​r​e​d by O​S​Q​A